我正在尝试使用头盔部署Jenkins。我看到一些值是用XML设置的。但是,我无法通过Master.CredentialsXmlSecret字段来完成此操作。我尝试过:
CredentialsXmlSecret: jenkins-credentials
SecretsFilesSecret:
jenkins-credentials: |-
xml from credentials.xml here
但这不起作用。
答案 0 :(得分:2)
最简单的方法是启动一个Jenkins实例,按照我想要的方式进行配置,exec放入其中(例如kubectl exec -it {my-jenkins-pod} /bin/bash),cd放入/var/jenkins_home ,然后获取适当的文件并对其进行base64编码。
在这种情况下,适当的文件是:
/var/jenkins_home/credentials.xml
/var/jenkins_home/secrets/master.key
/var/jenkins_home/secrets/hudson.util.Secret
例如,您可以base64 -w 0 credentials.xml来获取任何这些文件的base64编码内容。然后只需将其复制并粘贴到适当的k8s机密中即可。
您需要创建的第一个k8s分泌物是:
apiVersion: v1
kind: Secret
metadata:
name: jenkins-credentials
data:
credentials.xml: AAAGHckcdhie==
给credentials.xml的值是一个凭据{.1}}编码的字符串,即凭据.xml文件的内容。
您需要创建的其他k8s机密是:
base64然后在您的apiVersion: v1
kind: Secret
metadata:
name: jenkins-secrets-secret
data:
master.key: AAAdjkdfjicki+
hudson.util.Secret: AAAidjciud=
中:
values.yaml答案 1 :(得分:1)
尝试使用groovy初始化脚本,您可以添加如下的掌舵值:
InitScripts:
01-passwords: |-
import com.cloudbees.plugins.credentials.impl.*;
import com.cloudbees.plugins.credentials.*;
import com.cloudbees.plugins.credentials.domains.*;
String keyfile = "/tmp/key"
Credentials c = (Credentials) new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL,java.util.UUID.randomUUID().toString(), "description", "user", "password")
def ksm1 = new CertificateCredentialsImpl.FileOnMasterKeyStoreSource(keyfile)
Credentials ck1 = new CertificateCredentialsImpl(CredentialsScope.GLOBAL,java.util.UUID.randomUUID().toString(), "description", "password", ksm1)
def ksm2 = new CertificateCredentialsImpl.UploadedKeyStoreSource(keyfile)
Credentials ck2 = new CertificateCredentialsImpl(CredentialsScope.GLOBAL,java.util.UUID.randomUUID().toString(), "description", "password", ksm2)
SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), c)
SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), ck1)
SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), ck2)
此脚本在配置中,在jenkins中创建凭据并进行设置。