Use kubernetes secrets as jenkins credentials without a respin

Jenkins setup:
Jenkins: 2.440.2
OS: Linux - 4.18.0-513.18.1.el8_9.x86_64
Java: 17.0.10 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
(I didn’t include the plugins as the list is exhaustive)

I’m looking for a way to use kubernetes secrets in my jenkins helm release and be able to update/add credentials without having to respin the instance. Currently it works when using plain text and can be updated while jenkins is running. But once using secrets it causes the instance to respin which is undesirable. There are plugins like hashicorp vault which could be used or just using basic plain text, but having the credentials hidden within the pod and within git is important.

Any ideas are welcomed, thanks.

Please note this is not related to how I can use them in my Jenkins pipeline, but how I can have them setup as credentials on my instance.

Currently I use the credentials: option in the helm release as well as this additionalExistingSecrets:, this seems to be the only way I can get the secret in as a credential working.

I believe the Jenkins helm chart sets things up correctly… you just need the correct formatting of the secret itself.

apiVersion: v1
kind: Secret
metadata:
# this is the jenkins id.
  name: "jenkins-mail"
  namespace: "jenkins"
  labels:
# so we know what type it is.
    "jenkins.io/credentials-type": "usernamePassword"
  annotations:
# description - can not be a label as spaces are not allowed
    "jenkins.io/credentials-description" : "Jenkins account for mail"
type: Opaque
stringData:
  username: 'jenkins@example.com'
  password: 'sekkrit'

I’ll see if I can find where the types labels were listed.

Hey,

I do have my secrets set up like this, the problem is then once you put them in the helm-release they don’t work unless both of these are included:

#1
credentials: |
credentials:
system:
domainCredentials:
- credentials:
- usernamePassword:
password: “${base-credentials-example}”
id: “example”
scope: “GLOBAL”
description: “example cred”
usernameSecret: “true”
username: “example”

as well as:
#2
additionalExistingSecrets:
- name: base-credentials
keyName: example

Using this setup it requires a respin once you add in #2, but the creds dont show up in jenkins with #2, im looking for a way to get around that issue.

Thanks