duynguyen/k8s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: configure External Secrets with Vault backend and enable Jenkins secret synchronization

Browse Source
This commit is contained in:
duynguyen
2026-04-12 22:37:56 +07:00
parent bf97781fbc
commit 7190c2befe
3 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
manifest/jenkins/values.yaml
View File

@@ -97,17 +97,17 @@ controller:
# The default configuration uses this secret to configure an admin user
# If you don't need that user or use a different security realm, then you can disable it
# -- Must stay true so the controller mounts the admin Secret; when existingSecret is set, the chart does not create that Secret (supply it yourself or via externalSecret).
createSecret: true
createSecret: false
# -- If set, chart does not create the admin Secret; you must create it (e.g. kubectl) or use externalSecret (requires ESO CRDs on the cluster).
existingSecret: ""
# -- Emits external-secrets.io/v1beta1 ExternalSecret (needs External Secrets Operator installed). Helm cannot talk to Vault without it or another sync mechanism.
externalSecret:
enabled: false
enabled: true
refreshInterval: 1h
secretStoreRef:
name: vault
name: vault-backend
kind: ClusterSecretStore
remoteRef:
# Vault KV v2 secret name under the store mount (your UI path: Secrets / kv / jenkins-admin-password)