Remove ArgoCD certificate and key files; add External Secrets Helm chart with Bitwarden SDK server integration, including configuration files, templates, and monitoring dashboard.

2026-04-12 21:11:11 +07:00
parent 9545b79b7a
commit 26f8dd6b11
64 changed files with 36725 additions and 52 deletions
--- a/manifest/jenkins/values.yaml
+++ b/manifest/jenkins/values.yaml
@@ -99,12 +99,12 @@ controller:
    # -- Must stay true so the controller mounts the admin Secret; when existingSecret is set, the chart does not create that Secret (supply it yourself or via externalSecret).
    createSecret: true

-    # -- Must match ExternalSecret spec.target.name (default in templates/jenkins-admin-externalsecret.yaml is jenkins-admin). If empty, the chart mounts the release fullname Secret instead — not the Vault-backed one.
-    existingSecret: jenkins-admin
+    # -- If set, chart does not create the admin Secret; you must create it (e.g. kubectl) or use externalSecret (requires ESO CRDs on the cluster).
+    existingSecret: ""

-    # -- HashiCorp Vault → ExternalSecret → target Secret (requires External Secrets Operator + ClusterSecretStore). Helm does not read Vault.
+    # -- Emits external-secrets.io/v1beta1 ExternalSecret (needs External Secrets Operator installed). Helm cannot talk to Vault without it or another sync mechanism.
    externalSecret:
-      enabled: true
+      enabled: false
      refreshInterval: 1h
      secretStoreRef:
        name: vault