Use kubernetes secrets as jenkins credentials without a respin

gphillips101 · April 11, 2024, 7:59pm

Jenkins setup:
Jenkins: 2.440.2
OS: Linux - 4.18.0-513.18.1.el8_9.x86_64
Java: 17.0.10 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
(I didn’t include the plugins as the list is exhaustive)

I’m looking for a way to use kubernetes secrets in my jenkins helm release and be able to update/add credentials without having to respin the instance. Currently it works when using plain text and can be updated while jenkins is running. But once using secrets it causes the instance to respin which is undesirable. There are plugins like hashicorp vault which could be used or just using basic plain text, but having the credentials hidden within the pod and within git is important.

Any ideas are welcomed, thanks.

Please note this is not related to how I can use them in my Jenkins pipeline, but how I can have them setup as credentials on my instance.

Currently I use the credentials: option in the helm release as well as this additionalExistingSecrets:, this seems to be the only way I can get the secret in as a credential working.

doofus_canadensis · April 11, 2024, 8:48pm

I believe the Jenkins helm chart sets things up correctly… you just need the correct formatting of the secret itself.

apiVersion: v1
kind: Secret
metadata:
# this is the jenkins id.
  name: "jenkins-mail"
  namespace: "jenkins"
  labels:
# so we know what type it is.
    "jenkins.io/credentials-type": "usernamePassword"
  annotations:
# description - can not be a label as spaces are not allowed
    "jenkins.io/credentials-description" : "Jenkins account for mail"
type: Opaque
stringData:
  username: 'jenkins@example.com'
  password: 'sekkrit'

I’ll see if I can find where the types labels were listed.

gphillips101 · April 12, 2024, 1:42pm

Hey,

I do have my secrets set up like this, the problem is then once you put them in the helm-release they don’t work unless both of these are included:

#1
credentials: |
credentials:
system:
domainCredentials:
- credentials:
- usernamePassword:
password: “${base-credentials-example}”
id: “example”
scope: “GLOBAL”
description: “example cred”
usernameSecret: “true”
username: “example”

as well as:
#2
additionalExistingSecrets:
- name: base-credentials
keyName: example

Using this setup it requires a respin once you add in #2, but the creds dont show up in jenkins with #2, im looking for a way to get around that issue.

Thanks

Topic		Replies	Views
Kubernetes Credentials Provider Issues Using Jenkins	1	663	November 22, 2022
Kubernetes credential Ask a question plugin-site , kubernetes	3	382	January 29, 2023
Configure SSH private key from kubernetes secret in JCASC plugin? Using Jenkins	2	2512	October 4, 2021
Credentials from Kubernetes Secrets will not be available Ask a question	3	3002	December 22, 2022
Missing Credentials Menu Using Jenkins	6	2301	April 18, 2022

Use kubernetes secrets as jenkins credentials without a respin

Related Topics