jenkinsci · timja · Aug 23, 2023 · Aug 23, 2023 · Aug 21, 2023 · Aug 22, 2023
@@ -11,6 +11,11 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0.
 
 The changelog until v1.5.7 was auto-generated based on git commits.
 Those entries include a reference to the git commit to be able to get more details.
+## 4.6.0
+
+Added `.Values.controller.httpsKeyStore.jenkinsHttpsJksSecretKey` to allow overriding the default secret key containing the JKS file.
+Added `.Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName` to allow getting the JKS password from a different secret.
+Added `.Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey` to allow overriding the default secret key containing the JKS password.
 
 ## 4.5.1
 

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: jenkins
 home: https://jenkins.io/
-version: 4.5.1
+version: 4.6.0
 appVersion: 2.414.1
 description: Jenkins - Build great things at any scale! The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project.
 sources:

@@ -943,7 +943,8 @@ Here is the [value file section](https://wiki.jenkins.io/pages/viewpage.action?p
 Keystore itself should be placed in front of `jenkinsKeyStoreBase64Encoded` key and in base64 encoded format. To achieve that after having `keystore.jks` file simply do this: `cat keystore.jks | base64` and paste the output in front of `jenkinsKeyStoreBase64Encoded`.
 After enabling `httpsKeyStore.enable` make sure that `httpPort` and `targetPort` are not the same, as `targetPort` will serve https.
 Do not set `controller.httpsKeyStore.httpPort` to `-1` because it will cause readiness and liveliness prob to fail.
-If you already have a kubernetes secret that has keystore and its password you can specify its' name in front of `jenkinsHttpsJksSecretName`, You need to remember that your secret should have proper data key names `jenkins-jks-file` and `https-jks-password`. Example:
+If you already have a kubernetes secret that has keystore and its password you can specify its' name in front of `jenkinsHttpsJksSecretName`, You need to remember that your secret should have proper data key names `jenkins-jks-file` (or override the key name using `jenkinsHttpsJksSecretKey`)
+and `https-jks-password` (or override the key name using `jenkinsHttpsJksPasswordSecretKey`; additionally you can make it get the password from a different secret using `jenkinsHttpsJksPasswordSecretName`). Example:
 
 ```yaml
 controller:

@@ -239,6 +239,9 @@ The following tables list the configurable parameters of the Jenkins chart and t
 | --------------------------------- | ------------------------------------ | ----------------------------------------- |
 | `controller.httpsKeyStore.enable`     | Enables HTTPS keystore on jenkins controller      | `false`      |
 | `controller.httpsKeyStore.jenkinsHttpsJksSecretName`     | Name of the secret that already has ssl keystore      | ``      |
+| `controller.httpsKeyStore.jenkinsHttpsJksSecretKey`     | Name of the key in the secret that already has ssl keystore | `jenkins-jks-file`      |
+| `controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName`     | Name of the secret that contains the JKS password, if it is not in the same secret as the JKS file | ``      |
+| `controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey`     | Name of the key in the secret that contains the JKS password | `https-jks-password`      |
 | `controller.httpsKeyStore.httpPort`   | HTTP Port that Jenkins should listen on along with HTTPS, it also serves liveness and readiness probs port. When HTTPS keystore is enabled servicePort and targetPort will be used as HTTPS port  | `8081`   |
 | `controller.httpsKeyStore.path`       | Path of HTTPS keystore file                  |     `/var/jenkins_keystore`     |
 | `controller.httpsKeyStore.fileName`  | Jenkins keystore filename which will appear under controller.httpsKeyStore.path      | `keystore.jks` |

@@ -218,8 +218,8 @@ spec:
             {{- if not .Values.controller.httpsKeyStore.disableSecretMount }}
               valueFrom:
                 secretKeyRef:
-                  name: {{ if .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks  {{ end }}
-                  key: {{ "https-jks-password" | quote }}
+                  name: {{ if .Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName }} {{ else if .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks  {{ end }}
+                  key: "{{ .Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey }}"
             {{- else }}
               value: {{ .Values.controller.httpsKeyStore.password }}
             {{- end }}
@@ -434,7 +434,7 @@ spec:
         secret:
           secretName: {{ if .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretName }} {{ else }} {{ template "jenkins.fullname" . }}-https-jks  {{ end }}
           items:
-          - key: jenkins-jks-file
+          - key: {{ .Values.controller.httpsKeyStore.jenkinsHttpsJksSecretKey }}
             path: {{ .Values.controller.httpsKeyStore.fileName }}
       {{- end }}
 

@@ -734,6 +734,48 @@ tests:
               items:
                 - key: jenkins-jks-file
                   path: some-file-name
+  - it: test override with jenkinsHttpsJksPasswordSecretName and jenkinsHttpsJksPasswordSecretKey
+    template: jenkins-controller-statefulset.yaml
+    set:
+      controller:
+        httpsKeyStore:
+          enable: true
+          disableSecretMount: false
+          jenkinsHttpsJksPasswordSecretName: "some-jks-name"
+          jenkinsHttpsJksPasswordSecretKey: "some-jks-password"
+          jenkinsHttpsJksSecretName: some-secret-name
+          path: /some/path
+          fileName: some-file-name
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: "JENKINS_HTTPS_KEYSTORE_PASSWORD"
+            valueFrom:
+              secretKeyRef:
+                name: "some-jks-name"
+                key: "some-jks-password"
+  - it: test jenkinsHttpsJksSecretKey override
+    template: jenkins-controller-statefulset.yaml
+    set:
+      controller:
+        httpsKeyStore:
+          enable: true
+          disableSecretMount: false
+          jenkinsHttpsJksSecretName: some-secret-name
+          path: /some/path
+          fileName: some-file-name
+          jenkinsHttpsJksSecretKey: "some.jks"
+    asserts:
+      - contains:
+          path: spec.template.spec.volumes
+          content:
+            name: jenkins-https-keystore
+            secret:
+              secretName: some-secret-name
+              items:
+                - key: "some.jks"
+                  path: some-file-name
   - it:
     template: jenkins-controller-statefulset.yaml
     set:

@@ -568,6 +568,9 @@ controller:
 
   httpsKeyStore:
     jenkinsHttpsJksSecretName: ''
+    jenkinsHttpsJksSecretKey: "jenkins-jks-file"
+    jenkinsHttpsJksPasswordSecretName: ""
+    jenkinsHttpsJksPasswordSecretKey: "https-jks-password"
     enable: false
     disableSecretMount: false
     httpPort: 8081