Add external secret configuration for Jenkins admin credentials in values.yaml and create ExternalSecret template for Vault integration.

manifest/jenkins/templates/jenkins-admin-externalsecret.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.controller.admin.externalSecret.enabled }}
+{{- $es := .Values.controller.admin.externalSecret }}
+{{- $rr := $es.remoteRef | default dict }}
+{{- $sk := $rr.secretKey | default "password" }}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ include "jenkins.fullname" . }}-admin-vault
+  namespace: {{ template "jenkins.namespace" . }}
+  labels:
+    {{- include "jenkins.labels" . | nindent 4 }}
+spec:
+  refreshInterval: {{ $es.refreshInterval | default "1h" | quote }}
+  secretStoreRef:
+    name: {{ $es.secretStoreRef.name }}
+    kind: {{ $es.secretStoreRef.kind | default "ClusterSecretStore" }}
+  target:
+    name: {{ .Values.controller.admin.existingSecret | default "jenkins-admin" | quote }}
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      mergePolicy: Replace
+      data:
+        {{ .Values.controller.admin.userKey | default "jenkins-admin-user" | quote }}: {{ .Values.controller.admin.username | default "admin" | quote }}
+        {{ .Values.controller.admin.passwordKey | default "jenkins-admin-password" | quote }}: {{ printf "{{ .%s }}" $sk | quote }}
+  data:
+    - secretKey: {{ $sk | quote }}
+      remoteRef:
+        key: {{ $rr.key | quote }}
+        property: {{ $rr.property | quote }}
+{{- end }}