feat: add harbor/gitea credentials via Vault ESO + JCasC

- ExternalSecret manifests sync kv/jenkins/{harbor,gitea}-credentials from Vault → K8s secrets in jenkins namespace - Jenkins values: additionalExistingSecrets mounts both secrets - JCasC configScript creates harbor-credentials + gitea-credentials pipeline credentials from mounted secret env vars Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-22 16:01:22 +07:00
parent 9419f7d4a3
commit afadbbbf7d
3 changed files with 71 additions and 10 deletions
--- a/manifest/jenkins/external-secrets/gitea-credentials.yaml
+++ b/manifest/jenkins/external-secrets/gitea-credentials.yaml
@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: gitea-credentials
+  namespace: jenkins
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: gitea-credentials
+    creationPolicy: Owner
+  data:
+  - secretKey: username
+    remoteRef:
+      key: jenkins/gitea-credentials
+      property: username
+  - secretKey: password
+    remoteRef:
+      key: jenkins/gitea-credentials
+      property: password