duynguyen
afadbbbf7d
- ExternalSecret manifests sync kv/jenkins/{harbor,gitea}-credentials
from Vault → K8s secrets in jenkins namespace
- Jenkins values: additionalExistingSecrets mounts both secrets
- JCasC configScript creates harbor-credentials + gitea-credentials
pipeline credentials from mounted secret env vars
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
23 lines
486 B
YAML
23 lines
486 B
YAML
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: gitea-credentials
|
|
namespace: jenkins
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: vault-backend
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: gitea-credentials
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: username
|
|
remoteRef:
|
|
key: jenkins/gitea-credentials
|
|
property: username
|
|
- secretKey: password
|
|
remoteRef:
|
|
key: jenkins/gitea-credentials
|
|
property: password
|