-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
Jenkins 2.109 with kubernetes-cd-plugin
I would like a way to provide the kubernetesDeploy method with credentials that are stored in Jenkins' credentials store. Right now, I am using the SSH credentials type, which requires that I manually lay down a kubeconfig file somewhere that contains sensitive information.
This is what I'm imagining:
kubernetesCredentials: [
clientCertificateCredentialsId: '<credentials-id-for-client-certificate>',
clientKeyCredentialsId: '<credentials-id-for-client-key>',
serverUrl: '<server-url>',
certificateAuthorityData: '<certificate-authority-data>'
]
Am I missing something? Is there a way to achieve this now, that I'm missing.
[JENKINS-49781] Please provide a means for securely providing credentials for Kubernetes deployments.
Code changed in jenkins
User: Menghua Xiao
Path:
CHANGELOG.md
README.md
img/screenshot.png
pom.xml
src/main/java/com/microsoft/jenkins/kubernetes/KubernetesClientWrapper.java
src/main/java/com/microsoft/jenkins/kubernetes/KubernetesDeployContext.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/ConfigFileCredentials.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/KubernetesCredentialsType.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/SSHCredentials.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/TextCredentials.java
src/main/resources/com/microsoft/jenkins/kubernetes/KubernetesDeployContext/config.jelly
src/main/resources/com/microsoft/jenkins/kubernetes/KubernetesDeployContext/config.properties
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/DirectEntryKubeconfigSource/config.jelly
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/DirectEntryKubeconfigSource/help-content.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnKubernetesMasterKubeconfigSource/config.jelly
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnKubernetesMasterKubeconfigSource/help-file.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnKubernetesMasterKubeconfigSource/help-server.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnKubernetesMasterKubeconfigSource/help-sshCredentialId.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnMasterKubeconfigSource/config.jelly
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnMasterKubeconfigSource/help-kubeconfigFile.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/credentials.jelly
http://jenkins-ci.org/commit/kubernetes-cd-plugin/a883696be1a8952be306ee451a0d477199847e58
Log:
Configure kubeconfig in the Jenkins credentials store instead of the job configuration (JENKINS-49781)
Code changed in jenkins
User: Menghua Xiao
Path:
CHANGELOG.md
README.md
img/screenshot.png
pom.xml
src/main/java/com/microsoft/jenkins/kubernetes/KubernetesClientWrapper.java
src/main/java/com/microsoft/jenkins/kubernetes/KubernetesDeployContext.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/ConfigFileCredentials.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/KubernetesCredentialsType.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/SSHCredentials.java
src/main/java/com/microsoft/jenkins/kubernetes/credentials/TextCredentials.java
src/main/resources/com/microsoft/jenkins/kubernetes/KubernetesDeployContext/config.jelly
src/main/resources/com/microsoft/jenkins/kubernetes/KubernetesDeployContext/config.properties
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/DirectEntryKubeconfigSource/config.jelly
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/DirectEntryKubeconfigSource/help-content.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnKubernetesMasterKubeconfigSource/config.jelly
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnKubernetesMasterKubeconfigSource/help-file.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnKubernetesMasterKubeconfigSource/help-server.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnKubernetesMasterKubeconfigSource/help-sshCredentialId.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnMasterKubeconfigSource/config.jelly
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/FileOnMasterKubeconfigSource/help-kubeconfigFile.html
src/main/resources/com/microsoft/jenkins/kubernetes/credentials/KubeconfigCredentials/credentials.jelly
src/test/java/com/microsoft/jenkins/kubernetes/KubernetesClientWrapperTest.java
src/test/java/com/microsoft/jenkins/kubernetes/credentials/TextCredentialsTest.java
http://jenkins-ci.org/commit/kubernetes-cd-plugin/e36bbedd6a6594199fe1152056613ccaa725e721
Log:
Merge pull request #20 from ArieShout/credentials
Configure kubeconfig in the Jenkins credentials store (JENKINS-49781)
Compare: https://github.com/jenkinsci/kubernetes-cd-plugin/compare/5fe0719364f9...e36bbedd6a65
Menghua Xiao
added a comment - Resolved in release 0.2.0.
Now you can configure "Kubernetes configuration (kubeconfig)" in the Jenkins credentials store, and reference the kubeconfig using the credentials ID in your job configuration.
Menghua Xiao
added a comment - Resolved in release 0.2.0.
Now you can configure "Kubernetes configuration (kubeconfig)" in the Jenkins credentials store, and reference the kubeconfig using the credentials ID in your job configuration. 
I see the point. Currently the credentials are exposed in the kubernetesDeploy call if we are using Pipeline. It would be better the kubeconfig related things are stored in the Jenkins credentials store. They are less likely to be changed from deployments to deployments. The pipeline just reference them through the credentials ID.
I will start implement this.