Charts: Jenkins CredentialsXmlSecret Documentation/Examples
Is this a BUG REPORT or FEATURE REQUEST? (choose one): Feature Request / Request for Help
Version of Helm and Kubernetes: Helm v2.1.0, Kubernetes v1.10.12
Which chart: Jenkins (stable/jenkins) v0.28.9
Feature request: Provide some documentation on the use of the Master.CredentialsXmlSecret, specifically for multiple types of credentials (e.g., examples on how to configure user/pass credentials and how to configure SSH credentials).
My reasoning (and use-case) is as follows: I have SSH credentials (for a BitBucket account), and I want to use these credentials to bootstrap in a Shared Library when the Jenkins Helm chart installs, among other things.
What I did was as follows:
helm install -n my-jenkins {my-jenkins-parent-chart.tgz}- Log in, go into the Credentials Manager, create a new SSH credential, test and confirm that the credentials work
exec -it {my-jenkins-pod} /bin/bash,cd /var/jenkins_home, and then copy the contents ofcredentials.xml.- base64 encode the contents of
credentials.xml, create a new k8s secret and pass toMaster.CredentialsXmlSecret. - Uninstall Jenkins, then re-install with the updated chart containing the secret.
The resulting /var/jenkins_home/credentials.xml is identical to the original (working) file, however, the credentials no longer work. I can then go into the Credentials Manager, paste in my SSH key, save it, and it works ... but the resulting credentials.xml file is, again, identical to the one loaded in by CredentialsXmlSecret that does not work.
out-of-band
All 3 comments
So after a fair amount of tinkering and reading, I managed to get this working, mainly based on this answer on SO: https://stackoverflow.com/a/38474024/1192744
Essentially, because the credentials are encrypted, there is another step necessary.
So what I did was mount a new secret in Master.SecretsFilesSecret, with the base64 encoded contents of /var/jenkins_home/secrets/hudson.util.Secret and /var/jenkins_home/secrets/master.key:
apiVersion: v1
kind: Secret
metadata:
name: jenkins-secrets-secret
data:
master.key: {base64_encoded_contents}
hudson.util.Secret: {base64_encoded_contents}
This, combined with the steps above, worked for me.
out-of-band
on 18 Jan 2019
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 17 Feb 2019
This issue is being automatically closed due to inactivity.
stale[bot]
on 3 Mar 2019
Related issues
harshmehta93
路
3Comments
gajus
路
3Comments
kminehart
路
3Comments
michas2
路
3Comments
rajkumar49
路
3Comments
Most helpful comment
So after a fair amount of tinkering and reading, I managed to get this working, mainly based on this answer on SO: https://stackoverflow.com/a/38474024/1192744
Essentially, because the credentials are encrypted, there is another step necessary.
So what I did was mount a new secret in
Master.SecretsFilesSecret, with the base64 encoded contents of/var/jenkins_home/secrets/hudson.util.Secretand/var/jenkins_home/secrets/master.key:This, combined with the steps above, worked for me.