feat: add sonarqube-token ExternalSecret and Jenkins credential

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-02 14:51:58 +07:00
parent 1e6b9190f9
commit 36112376cd
1 changed files with 27 additions and 0 deletions
--- a/manifest/jenkins/values.yaml
+++ b/manifest/jenkins/values.yaml
@@ -82,6 +82,26 @@ extraObjects:
        remoteRef:
          key: jenkins/gitea-credentials
          property: password
+  - apiVersion: external-secrets.io/v1
+    kind: ExternalSecret
+    metadata:
+      name: sonarqube-token
+      namespace: jenkins
+      annotations:
+        argocd.argoproj.io/sync-wave: "-1"
+    spec:
+      refreshInterval: 1h
+      secretStoreRef:
+        name: vault-backend
+        kind: ClusterSecretStore
+      target:
+        name: sonarqube-token
+        creationPolicy: Owner
+      data:
+      - secretKey: token
+        remoteRef:
+          key: jenkins/sonarqube-token
+          property: token

 controller:
  # -- Used for label app.kubernetes.io/component
@@ -554,6 +574,8 @@ controller:
      keyName: username
    - name: gitea-credentials
      keyName: password
+    - name: sonarqube-token
+      keyName: token
  # ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets

  # -- List of additional secrets to create and mount
@@ -628,6 +650,11 @@ controller:
                  username: "${gitea-credentials-username}"
                  password: "${gitea-credentials-password}"
                  scope: GLOBAL
+              - string:
+                  description: "SonarQube token"
+                  id: "sonarqube-token"
+                  secret: "${sonarqube-token-token}"
+                  scope: GLOBAL

    # Allows adding to the top-level security JCasC section. For legacy purposes, by default, the chart includes apiToken configurations
    # -- Jenkins Config as Code security-section