K
Q

How to use Helm Jenkins Values 'CredentialsXmlSecret'

12/20/2018

I'm trying to deploy a Jenkins using helm. I saw that some values are set with an XML. However, I can't do it the same way with the Master.CredentialsXmlSecret field. I have tried:

CredentialsXmlSecret: jenkins-credentials

SecretsFilesSecret:
jenkins-credentials: |-
xml from credentials.xml here

But it doesn't work.

-- pcampana
jenkins
kubernetes-helm

Similar Questions

How to read a value from json through Helm charts
What is istio-proxy access log mean?
Kubernetes on AWS: Preserving Client IP with nginx-ingress + cert-manager
By default in OpenEBS NDM (Node Disk Manager) runs in privileged one. Can we run it in non-privileged mode in OpenEBS.

2 Answers

1/18/2019

The easiest thing to do is start up a Jenkins instance, configure it the way I want, exec into it (e.g., kubectl exec -it {my-jenkins-pod} /bin/bash), cd into /var/jenkins_home, and just grab the appropriate files and base64 encode them.

In this case the appropriate files are:

/var/jenkins_home/credentials.xml
/var/jenkins_home/secrets/master.key
/var/jenkins_home/secrets/hudson.util.Secret

You can just base64 -w 0 credentials.xml for instance to get the base64 encoded contents of any of those files. Then just copy it and paste it into the appropriate k8s secret.

The first k8s secrete you need to create is:

apiVersion: v1
kind: Secret
metadata:
  name: jenkins-credentials
data:
  credentials.xml: AAAGHckcdhie==

Where the value given to credentials.xml is a base64 encoded string of the contents of the credentials.xml file.

The other k8s secret you need to create is:

apiVersion: v1
kind: Secret
metadata:
  name: jenkins-secrets-secret
data:
  master.key: AAAdjkdfjicki+
  hudson.util.Secret: AAAidjciud=

Then in your values.yaml:

CredentialsXmlSecret: jenkins-credentials
SecretsFilesSecret: jenkins-secrets-secret

Edit: Since Apr 22, 2019, version 1.00, the name convention has changed

Thanks to ythdelmar, who pointed out in the comments, it is now

credentialsXmlSecret: jenkins-credentials
secretsFilesSecret: jenkins-secrets-secret

without the first capital.

-- LiquidPony
Source: StackOverflow
12/21/2018

Try the groovy init scripts, you can add in the helm values like this:

  InitScripts:
    01-passwords: |- 
    import com.cloudbees.plugins.credentials.impl.*;
    import com.cloudbees.plugins.credentials.*;
    import com.cloudbees.plugins.credentials.domains.*;

    String keyfile = "/tmp/key"

    Credentials c = (Credentials) new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL,java.util.UUID.randomUUID().toString(), "description", "user", "password")


    def ksm1 = new CertificateCredentialsImpl.FileOnMasterKeyStoreSource(keyfile)
    Credentials ck1 = new CertificateCredentialsImpl(CredentialsScope.GLOBAL,java.util.UUID.randomUUID().toString(), "description", "password", ksm1)

    def ksm2 = new CertificateCredentialsImpl.UploadedKeyStoreSource(keyfile)
    Credentials ck2 = new CertificateCredentialsImpl(CredentialsScope.GLOBAL,java.util.UUID.randomUUID().toString(), "description", "password", ksm2)

    SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), c)
    SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), ck1)
    SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), ck2)

This script in the configuration, create the credentials and setup in your jenkins.

-- Alberto Crego
Source: StackOverflow