bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jenkins: load vault env via env

Browse Source
This commit is contained in:
Brad Stein 2026-01-14 17:57:10 -03:00
parent 4ff2f3e889
commit c98d24e91e
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
services/jenkins/deployment.yaml
View File

@ -23,20 +23,20 @@ spec:
vault.hashicorp.com/agent-inject-secret-jenkins-env: "kv/data/atlas/jenkins/jenkins-oidc" vault.hashicorp.com/agent-inject-secret-jenkins-env: "kv/data/atlas/jenkins/jenkins-oidc"
vault.hashicorp.com/agent-inject-template-jenkins-env: | vault.hashicorp.com/agent-inject-template-jenkins-env: |
{{- with secret "kv/data/atlas/jenkins/jenkins-oidc" -}} {{- with secret "kv/data/atlas/jenkins/jenkins-oidc" -}}
export OIDC_CLIENT_ID='{{ .Data.data.clientId | replace "'" "'\"'\"'" }}' OIDC_CLIENT_ID={{ .Data.data.clientId }}
export OIDC_CLIENT_SECRET='{{ .Data.data.clientSecret | replace "'" "'\"'\"'" }}' OIDC_CLIENT_SECRET={{ .Data.data.clientSecret }}
export OIDC_AUTH_URL='{{ .Data.data.authorizationUrl | replace "'" "'\"'\"'" }}' OIDC_AUTH_URL={{ .Data.data.authorizationUrl }}
export OIDC_TOKEN_URL='{{ .Data.data.tokenUrl | replace "'" "'\"'\"'" }}' OIDC_TOKEN_URL={{ .Data.data.tokenUrl }}
export OIDC_USERINFO_URL='{{ .Data.data.userInfoUrl | replace "'" "'\"'\"'" }}' OIDC_USERINFO_URL={{ .Data.data.userInfoUrl }}
export OIDC_LOGOUT_URL='{{ .Data.data.logoutUrl | replace "'" "'\"'\"'" }}' OIDC_LOGOUT_URL={{ .Data.data.logoutUrl }}
{{- end }} {{- end }}
{{- with secret "kv/data/atlas/jenkins/harbor-robot-creds" -}} {{- with secret "kv/data/atlas/jenkins/harbor-robot-creds" -}}
export HARBOR_ROBOT_USERNAME='{{ .Data.data.username | replace "'" "'\"'\"'" }}' HARBOR_ROBOT_USERNAME={{ .Data.data.username }}
export HARBOR_ROBOT_PASSWORD='{{ .Data.data.password | replace "'" "'\"'\"'" }}' HARBOR_ROBOT_PASSWORD={{ .Data.data.password }}
{{- end }} {{- end }}
{{- with secret "kv/data/atlas/jenkins/gitea-pat" -}} {{- with secret "kv/data/atlas/jenkins/gitea-pat" -}}
export GITEA_PAT_USERNAME='{{ .Data.data.username | replace "'" "'\"'\"'" }}' GITEA_PAT_USERNAME={{ .Data.data.username }}
export GITEA_PAT_TOKEN='{{ .Data.data.token | replace "'" "'\"'\"'" }}' GITEA_PAT_TOKEN={{ .Data.data.token }}
{{- end -}} {{- end -}}
spec: spec:
serviceAccountName: jenkins serviceAccountName: jenkins
@ -88,9 +88,8 @@ spec:
- /bin/sh - /bin/sh
- -c - -c
- | - |
set -eu set -e
. /vault/secrets/jenkins-env exec env $(cat /vault/secrets/jenkins-env) /usr/bin/tini -- /usr/local/bin/jenkins.sh
exec /usr/bin/tini -- /usr/local/bin/jenkins.sh
ports: ports:
- name: http - name: http
containerPort: 8080 containerPort: 8080