• Type: Improvement
• Resolution: Fixed
• Priority: Minor
• Component/s: kubernetes-cd-plugin
• Labels:

  None
• Environment:

  Jenkins 2.109 with kubernetes-cd-plugin

[JENKINS-49781] Please provide a means for securely providing credentials for Kubernetes deployments.

Tony Flint created issue - 2018-02-27 23:55

Tony Flint made changes - 2018-02-27 23:56

Description

Original: I would like a way to provide the kubernetesDeploy method with credentials that are stored in Jenkins' credentials store. Right now, I am using the SSH credentials type, which requires that I manually lay down a kubeconfig file somewhere that contains sensitive information. This is what I'm imagining: ``` kubernetesDeploy( credentialsType: 'Text', textCredentials: [ serverUrl: '<server-url>', certificateAuthorityData: '<certificate-authority-data>', clientCertificateData: '<client-certificate-data>', clientKeyData: '<client-key-data>', ], kubernetesCredentials: [     clientCertificateCredentialsId: '<credentials-id-for-client-certificate>',     clientKeyCredentialsId: '<credentials-id-for-client-key>',     serverUrl: '<server-url>',     certificateAuthorityData: '<certificate-authority-data>' ] ``` Am I missing something? Is there a way to achieve this now, that I'm missing.

New: I would like a way to provide the kubernetesDeploy method with credentials that are stored in Jenkins' credentials store. Right now, I am using the SSH credentials type, which requires that I manually lay down a kubeconfig file somewhere that contains sensitive information. This is what I'm imagining: {{ kubernetesDeploy( credentialsType: 'Text', textCredentials: [ serverUrl: '<server-url>', certificateAuthorityData: '<certificate-authority-data>', clientCertificateData: '<client-certificate-data>', clientKeyData: '<client-key-data>', ],}}{{kubernetesCredentials: [ }} {{     clientCertificateCredentialsId: '<credentials-id-for-client-certificate>',}} {{     clientKeyCredentialsId: '<credentials-id-for-client-key>',}} {{     serverUrl: '<server-url>',}} {{     certificateAuthorityData: '<certificate-authority-data>'}} {{ ]}} Am I missing something? Is there a way to achieve this now, that I'm missing.

Tony Flint made changes - 2018-02-27 23:57

Description

Original: I would like a way to provide the kubernetesDeploy method with credentials that are stored in Jenkins' credentials store. Right now, I am using the SSH credentials type, which requires that I manually lay down a kubeconfig file somewhere that contains sensitive information. This is what I'm imagining: {{ kubernetesDeploy( credentialsType: 'Text', textCredentials: [ serverUrl: '<server-url>', certificateAuthorityData: '<certificate-authority-data>', clientCertificateData: '<client-certificate-data>', clientKeyData: '<client-key-data>', ],}}{{kubernetesCredentials: [ }} {{     clientCertificateCredentialsId: '<credentials-id-for-client-certificate>',}} {{     clientKeyCredentialsId: '<credentials-id-for-client-key>',}} {{     serverUrl: '<server-url>',}} {{     certificateAuthorityData: '<certificate-authority-data>'}} {{ ]}} Am I missing something? Is there a way to achieve this now, that I'm missing.

New: I would like a way to provide the kubernetesDeploy method with credentials that are stored in Jenkins' credentials store. Right now, I am using the SSH credentials type, which requires that I manually lay down a kubeconfig file somewhere that contains sensitive information. This is what I'm imagining: {quote}\{\{ kubernetesDeploy( credentialsType: 'Text', textCredentials: [ serverUrl: '<server-url>', certificateAuthorityData: '<certificate-authority-data>', clientCertificateData: '<client-certificate-data>', clientKeyData: '<client-key-data>', ],}}\{\{kubernetesCredentials: [ }}  \{\{     clientCertificateCredentialsId: '<credentials-id-for-client-certificate>',}}  \{\{     clientKeyCredentialsId: '<credentials-id-for-client-key>',}}  \{\{     serverUrl: '<server-url>',}}  \{\{     certificateAuthorityData: '<certificate-authority-data>'}}  \{\{ ]}} {quote} Am I missing something? Is there a way to achieve this now, that I'm missing.

Tony Flint made changes - 2018-02-27 23:58

Description

Original: I would like a way to provide the kubernetesDeploy method with credentials that are stored in Jenkins' credentials store. Right now, I am using the SSH credentials type, which requires that I manually lay down a kubeconfig file somewhere that contains sensitive information. This is what I'm imagining: {quote}\{\{ kubernetesDeploy( credentialsType: 'Text', textCredentials: [ serverUrl: '<server-url>', certificateAuthorityData: '<certificate-authority-data>', clientCertificateData: '<client-certificate-data>', clientKeyData: '<client-key-data>', ],}}\{\{kubernetesCredentials: [ }}  \{\{     clientCertificateCredentialsId: '<credentials-id-for-client-certificate>',}}  \{\{     clientKeyCredentialsId: '<credentials-id-for-client-key>',}}  \{\{     serverUrl: '<server-url>',}}  \{\{     certificateAuthorityData: '<certificate-authority-data>'}}  \{\{ ]}} {quote} Am I missing something? Is there a way to achieve this now, that I'm missing.

New: I would like a way to provide the kubernetesDeploy method with credentials that are stored in Jenkins' credentials store. Right now, I am using the SSH credentials type, which requires that I manually lay down a kubeconfig file somewhere that contains sensitive information. {{This is what I'm imagining:}} {{kubernetesDeploy( credentialsType: 'Text', textCredentials: [ serverUrl: '<server-url>', certificateAuthorityData: '<certificate-authority-data>', clientCertificateData: '<client-certificate-data>', clientKeyData: '<client-key-data>', ], }} {{kubernetesCredentials: [ }} {{    clientCertificateCredentialsId: '<credentials-id-for-client-certificate>', }} {{    clientKeyCredentialsId: '<credentials-id-for-client-key>', }} {{    serverUrl: '<server-url>', }} {{    certificateAuthorityData: '<certificate-authority-data>' }} {{]  }} Am I missing something? Is there a way to achieve this now, that I'm missing.

Tony Flint made changes - 2018-02-27 23:58

Description

Original: I would like a way to provide the kubernetesDeploy method with credentials that are stored in Jenkins' credentials store. Right now, I am using the SSH credentials type, which requires that I manually lay down a kubeconfig file somewhere that contains sensitive information. {{This is what I'm imagining:}} {{kubernetesDeploy( credentialsType: 'Text', textCredentials: [ serverUrl: '<server-url>', certificateAuthorityData: '<certificate-authority-data>', clientCertificateData: '<client-certificate-data>', clientKeyData: '<client-key-data>', ], }} {{kubernetesCredentials: [ }} {{    clientCertificateCredentialsId: '<credentials-id-for-client-certificate>', }} {{    clientKeyCredentialsId: '<credentials-id-for-client-key>', }} {{    serverUrl: '<server-url>', }} {{    certificateAuthorityData: '<certificate-authority-data>' }} {{]  }} Am I missing something? Is there a way to achieve this now, that I'm missing.

New: I would like a way to provide the kubernetesDeploy method with credentials that are stored in Jenkins' credentials store. Right now, I am using the SSH credentials type, which requires that I manually lay down a kubeconfig file somewhere that contains sensitive information. {{This is what I'm imagining:}} {{kubernetesCredentials: [ }}  {{    clientCertificateCredentialsId: '<credentials-id-for-client-certificate>', }}  {{    clientKeyCredentialsId: '<credentials-id-for-client-key>', }}  {{    serverUrl: '<server-url>', }}  {{    certificateAuthorityData: '<certificate-authority-data>' }}  {{]  }} Am I missing something? Is there a way to achieve this now, that I'm missing.

Azure DevOps made changes - 2018-03-19 03:49

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Menghua Xiao made changes - 2018-04-08 05:53

Resolution		New: Fixed [ 1 ]
Status	Original: In Progress [ 3 ]	New: Resolved [ 5 ]