From dea7e6fad737af62e081e9947a11c1f6247d8760 Mon Sep 17 00:00:00 2001 From: Ben Zecharia Date: Wed, 23 Aug 2023 18:12:06 +0300 Subject: [PATCH 1/4] Fix merge conflict --- charts/jenkins/CHANGELOG.md | 5 +++++ charts/jenkins/Chart.yaml | 4 ++-- charts/jenkins/README.md | 2 +- charts/jenkins/VALUES_SUMMARY.md | 3 +++ .../jenkins/templates/jenkins-controller-statefulset.yaml | 6 +++--- charts/jenkins/values.yaml | 3 +++ 6 files changed, 17 insertions(+), 6 deletions(-) diff --git a/charts/jenkins/CHANGELOG.md b/charts/jenkins/CHANGELOG.md index f3adffe0d..6ffbd6bd7 100644 --- a/charts/jenkins/CHANGELOG.md +++ b/charts/jenkins/CHANGELOG.md @@ -11,6 +11,11 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The changelog until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 4.6.0 + +Added `.Values.controller.httpsKeyStore.jenkinsHttpsJksSecretKey` to allow overriding the default secret key containing the JKS file. +Added `.Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName` to allow getting the JKS password from a different secret. +Added `.Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey` to allow overriding the default secret key containing the JKS password. ## 4.5.1 diff --git a/charts/jenkins/Chart.yaml b/charts/jenkins/Chart.yaml index c79fe484d..aa9da51d1 100644 --- a/charts/jenkins/Chart.yaml +++ b/charts/jenkins/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: jenkins home: https://jenkins.io/ -version: 4.5.1 +version: 4.6.0 appVersion: 2.414.1 description: Jenkins - Build great things at any scale! The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project. sources: @@ -43,4 +43,4 @@ annotations: - name: backup image: maorfr/kube-tasks:0.2.0 artifacthub.io/category: "integration-delivery" - artifacthub.io/license: "Apache-2.0" + artifacthub.io/license: "Apache-2.0" \ No newline at end of file diff --git a/charts/jenkins/README.md b/charts/jenkins/README.md index ed504e48d..50646e94b 100644 --- a/charts/jenkins/README.md +++ b/charts/jenkins/README.md @@ -943,7 +943,7 @@ Here is the [value file section](https://wiki.jenkins.io/pages/viewpage.action?p Keystore itself should be placed in front of `jenkinsKeyStoreBase64Encoded` key and in base64 encoded format. To achieve that after having `keystore.jks` file simply do this: `cat keystore.jks | base64` and paste the output in front of `jenkinsKeyStoreBase64Encoded`. After enabling `httpsKeyStore.enable` make sure that `httpPort` and `targetPort` are not the same, as `targetPort` will serve https. Do not set `controller.httpsKeyStore.httpPort` to `-1` because it will cause readiness and liveliness prob to fail. -If you already have a kubernetes secret that has keystore and its password you can specify its' name in front of `jenkinsHttpsJksSecretName`, You need to remember that your secret should have proper data key names `jenkins-jks-file` and `https-jks-password`. Example: +If you already have a kubernetes secret that has keystore and its password you can specify its' name in front of `jenkinsHttpsJksSecretName`, You need to remember that your secret should have proper data key names `jenkins-jks-file` (or override the key name using `jenkinsHttpsJksSecretKey`) and `https-jks-password` (or override the key name using `jenkinsHttpsJksPasswordSecretKey`; additionally you can make it get the password from a different secret using `jenkinsHttpsJksPasswordSecretName`). Example: ```yaml controller: diff --git a/charts/jenkins/VALUES_SUMMARY.md b/charts/jenkins/VALUES_SUMMARY.md index f11b13ae8..7ed0a5714 100644 --- a/charts/jenkins/VALUES_SUMMARY.md +++ b/charts/jenkins/VALUES_SUMMARY.md @@ -239,6 +239,9 @@ The following tables list the configurable parameters of the Jenkins chart and t | --------------------------------- | ------------------------------------ | ----------------------------------------- | | `controller.httpsKeyStore.enable` | Enables HTTPS keystore on jenkins controller | `false` | | `controller.httpsKeyStore.jenkinsHttpsJksSecretName` | Name of the secret that already has ssl keystore | `` | +| `controller.httpsKeyStore.jenkinsHttpsJksSecretKey` | Name of the key in the secret that already has ssl keystore | `jenkins-jks-file` | +| `controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName` | Name of the secret that contains the JKS password, if it is not in the same secret as the JKS file | `` | +| `controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey` | Name of the key in the secret that contains the JKS password | `https-jks-password` | | `controller.httpsKeyStore.httpPort` | HTTP Port that Jenkins should listen on along with HTTPS, it also serves liveness and readiness probs port. When HTTPS keystore is enabled servicePort and targetPort will be used as HTTPS port | `8081` | | `controller.httpsKeyStore.path` | Path of HTTPS keystore file | `/var/jenkins_keystore` | | `controller.httpsKeyStore.fileName` | Jenkins keystore filename which will appear under controller.httpsKeyStore.path | `keystore.jks` | diff --git a/charts/jenkins/templates/jenkins-controller-statefulset.yaml b/charts/jenkins/templates/jenkins-controller-statefulset.yaml index 477e083f9..7c8bf8d12 100644 --- a/charts/jenkins/templates/jenkins-controller-statefulset.yaml +++ b/charts/jenkins/templates/jenkins-controller-statefulset.yaml @@ -218,8 +218,8 @@ spec: {{- if not .Values.controller.httpsKeyStore.disableSecretMount }} valueFrom: secretKeyRef: - name: {{ if .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks {{ end }} - key: {{ "https-jks-password" | quote }} + name: {{ if .Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName }} {{ else if .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks {{ end }} + key: "{{ .Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey }}" {{- else }} value: {{ .Values.controller.httpsKeyStore.password }} {{- end }} @@ -434,7 +434,7 @@ spec: secret: secretName: {{ if .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks {{ end }} items: - - key: jenkins-jks-file + - key: {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretKey }} path: {{ .Values.controller.httpsKeyStore.fileName }} {{- end }} diff --git a/charts/jenkins/values.yaml b/charts/jenkins/values.yaml index d1b55ec2f..46e283234 100644 --- a/charts/jenkins/values.yaml +++ b/charts/jenkins/values.yaml @@ -568,6 +568,9 @@ controller: httpsKeyStore: jenkinsHttpsJksSecretName: '' + jenkinsHttpsJksSecretKey: "jenkins-jks-file" + jenkinsHttpsJksPasswordSecretName: "" + jenkinsHttpsJksPasswordSecretKey: "https-jks-password" enable: false disableSecretMount: false httpPort: 8081 From 387b371ca530ff5aa72e860f2e2c143da319508e Mon Sep 17 00:00:00 2001 From: Ben Zecharia Date: Mon, 21 Aug 2023 15:26:22 +0300 Subject: [PATCH 2/4] Fix linter error line too long --- charts/jenkins/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/jenkins/README.md b/charts/jenkins/README.md index 50646e94b..9fb16505f 100644 --- a/charts/jenkins/README.md +++ b/charts/jenkins/README.md @@ -943,7 +943,8 @@ Here is the [value file section](https://wiki.jenkins.io/pages/viewpage.action?p Keystore itself should be placed in front of `jenkinsKeyStoreBase64Encoded` key and in base64 encoded format. To achieve that after having `keystore.jks` file simply do this: `cat keystore.jks | base64` and paste the output in front of `jenkinsKeyStoreBase64Encoded`. After enabling `httpsKeyStore.enable` make sure that `httpPort` and `targetPort` are not the same, as `targetPort` will serve https. Do not set `controller.httpsKeyStore.httpPort` to `-1` because it will cause readiness and liveliness prob to fail. -If you already have a kubernetes secret that has keystore and its password you can specify its' name in front of `jenkinsHttpsJksSecretName`, You need to remember that your secret should have proper data key names `jenkins-jks-file` (or override the key name using `jenkinsHttpsJksSecretKey`) and `https-jks-password` (or override the key name using `jenkinsHttpsJksPasswordSecretKey`; additionally you can make it get the password from a different secret using `jenkinsHttpsJksPasswordSecretName`). Example: +If you already have a kubernetes secret that has keystore and its password you can specify its' name in front of `jenkinsHttpsJksSecretName`, You need to remember that your secret should have proper data key names `jenkins-jks-file` (or override the key name using `jenkinsHttpsJksSecretKey`) +and `https-jks-password` (or override the key name using `jenkinsHttpsJksPasswordSecretKey`; additionally you can make it get the password from a different secret using `jenkinsHttpsJksPasswordSecretName`). Example: ```yaml controller: From 90a0440c3fbe043a53dc94602db7c0015b439e00 Mon Sep 17 00:00:00 2001 From: Ben Zecharia Date: Tue, 22 Aug 2023 15:01:16 +0300 Subject: [PATCH 3/4] Add unit test --- .../jenkins-controller-statefulset-test.yaml | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml b/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml index 087995b4a..9c603a00a 100644 --- a/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml +++ b/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml @@ -734,6 +734,48 @@ tests: items: - key: jenkins-jks-file path: some-file-name + - it: test override with jenkinsHttpsJksPasswordSecretName and jenkinsHttpsJksPasswordSecretKey + template: jenkins-controller-statefulset.yaml + set: + controller: + httpsKeyStore: + enable: true + disableSecretMount: false + jenkinsHttpsJksPasswordSecretName: "some-jks-name" + jenkinsHttpsJksPasswordSecretKey: "some-jks-password" + jenkinsHttpsJksSecretName: some-secret-name + path: /some/path + fileName: some-file-name + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: "JENKINS_HTTPS_KEYSTORE_PASSWORD" + valueFrom: + secretKeyRef: + name: "some-jks-name" + key: "some-jks-password" + - it: test jenkinsHttpsJksSecretKey override + template: jenkins-controller-statefulset.yaml + set: + controller: + httpsKeyStore: + enable: true + disableSecretMount: false + jenkinsHttpsJksSecretName: some-secret-name + path: /some/path + fileName: some-file-name + jenkinsHttpsJksSecretKey: "some.jks" + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: jenkins-https-keystore + secret: + secretName: some-secret-name + items: + - key: "some.jks" + path: some-file-name - it: template: jenkins-controller-statefulset.yaml set: From d536ae35e7bfacc1b6fd6acdceca103605598626 Mon Sep 17 00:00:00 2001 From: Ben Zecharia Date: Wed, 23 Aug 2023 18:34:20 +0300 Subject: [PATCH 4/4] Add new line at the end of Chart.yaml --- charts/jenkins/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/jenkins/Chart.yaml b/charts/jenkins/Chart.yaml index aa9da51d1..fe1012488 100644 --- a/charts/jenkins/Chart.yaml +++ b/charts/jenkins/Chart.yaml @@ -43,4 +43,4 @@ annotations: - name: backup image: maorfr/kube-tasks:0.2.0 artifacthub.io/category: "integration-delivery" - artifacthub.io/license: "Apache-2.0" \ No newline at end of file + artifacthub.io/license: "Apache-2.0"