Update Jenkins values.yaml to enable external secret integration and adjust existingSecret configuration for Vault compatibility.
This commit is contained in:
@@ -5,7 +5,7 @@
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: {{ include "jenkins.fullname" . }}-admin-vault
|
||||
name: {{ include "jenkins.fullname" . }}-admin
|
||||
namespace: {{ template "jenkins.namespace" . }}
|
||||
labels:
|
||||
{{- include "jenkins.labels" . | nindent 4 }}
|
||||
|
||||
@@ -99,12 +99,12 @@ controller:
|
||||
# -- Must stay true so the controller mounts the admin Secret; when existingSecret is set, the chart does not create that Secret (supply it yourself or via externalSecret).
|
||||
createSecret: true
|
||||
|
||||
# -- Kubernetes Secret name with keys userKey / passwordKey (created manually, by External Secrets, etc.). Example for Vault: jenkins-admin.
|
||||
existingSecret: ""
|
||||
# -- Must match ExternalSecret spec.target.name (default in templates/jenkins-admin-externalsecret.yaml is jenkins-admin). If empty, the chart mounts the release fullname Secret instead — not the Vault-backed one.
|
||||
existingSecret: jenkins-admin
|
||||
|
||||
# -- HashiCorp Vault → ExternalSecret → target Secret (requires External Secrets Operator + ClusterSecretStore). Helm does not read Vault.
|
||||
externalSecret:
|
||||
enabled: false
|
||||
enabled: true
|
||||
refreshInterval: 1h
|
||||
secretStoreRef:
|
||||
name: vault
|
||||
|
||||
Reference in New Issue
Block a user