Update Jenkins values.yaml to enable external secret integration and adjust existingSecret configuration for Vault compatibility.

2026-04-12 20:32:23 +07:00
parent e036624a64
commit 9545b79b7a
2 changed files with 4 additions and 4 deletions
--- a/manifest/jenkins/templates/jenkins-admin-externalsecret.yaml
+++ b/manifest/jenkins/templates/jenkins-admin-externalsecret.yaml
@@ -5,7 +5,7 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: {{ include "jenkins.fullname" . }}-admin-vault
+  name: {{ include "jenkins.fullname" . }}-admin
  namespace: {{ template "jenkins.namespace" . }}
  labels:
    {{- include "jenkins.labels" . | nindent 4 }}
--- a/manifest/jenkins/values.yaml
+++ b/manifest/jenkins/values.yaml
@@ -99,12 +99,12 @@ controller:
    # -- Must stay true so the controller mounts the admin Secret; when existingSecret is set, the chart does not create that Secret (supply it yourself or via externalSecret).
    createSecret: true
-    # -- Kubernetes Secret name with keys userKey / passwordKey (created manually, by External Secrets, etc.). Example for Vault: jenkins-admin.
+    # -- Must match ExternalSecret spec.target.name (default in templates/jenkins-admin-externalsecret.yaml is jenkins-admin). If empty, the chart mounts the release fullname Secret instead — not the Vault-backed one.
-    existingSecret: ""
+    existingSecret: jenkins-admin
    # -- HashiCorp Vault → ExternalSecret → target Secret (requires External Secrets Operator + ClusterSecretStore). Helm does not read Vault.
    externalSecret:
-      enabled: false
+      enabled: true
      refreshInterval: 1h
      secretStoreRef:
        name: vault