From 36112376cd7a45d6408214a6cd4047c80da6f847 Mon Sep 17 00:00:00 2001 From: duynguyen Date: Sat, 2 May 2026 14:51:58 +0700 Subject: [PATCH] feat: add sonarqube-token ExternalSecret and Jenkins credential Co-Authored-By: Claude Sonnet 4.6 --- manifest/jenkins/values.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/manifest/jenkins/values.yaml b/manifest/jenkins/values.yaml index ac82a0b..708eade 100644 --- a/manifest/jenkins/values.yaml +++ b/manifest/jenkins/values.yaml @@ -82,6 +82,26 @@ extraObjects: remoteRef: key: jenkins/gitea-credentials property: password + - apiVersion: external-secrets.io/v1 + kind: ExternalSecret + metadata: + name: sonarqube-token + namespace: jenkins + annotations: + argocd.argoproj.io/sync-wave: "-1" + spec: + refreshInterval: 1h + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: sonarqube-token + creationPolicy: Owner + data: + - secretKey: token + remoteRef: + key: jenkins/sonarqube-token + property: token controller: # -- Used for label app.kubernetes.io/component @@ -554,6 +574,8 @@ controller: keyName: username - name: gitea-credentials keyName: password + - name: sonarqube-token + keyName: token # ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets # -- List of additional secrets to create and mount @@ -628,6 +650,11 @@ controller: username: "${gitea-credentials-username}" password: "${gitea-credentials-password}" scope: GLOBAL + - string: + description: "SonarQube token" + id: "sonarqube-token" + secret: "${sonarqube-token-token}" + scope: GLOBAL # Allows adding to the top-level security JCasC section. For legacy purposes, by default, the chart includes apiToken configurations # -- Jenkins Config as Code security-section