duynguyen
738688ab2c
Secrets must exist before Jenkins pod mounts them. Sync wave -1 ensures ESO creates secrets before Jenkins Helm resources. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 lines
544 B
YAML
25 lines
544 B
YAML
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: harbor-credentials
|
|
namespace: jenkins
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "-1"
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: vault-backend
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: harbor-credentials
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: username
|
|
remoteRef:
|
|
key: jenkins/harbor-credentials
|
|
property: username
|
|
- secretKey: password
|
|
remoteRef:
|
|
key: jenkins/harbor-credentials
|
|
property: password
|