-
Task
-
Resolution: Fixed
-
Minor
-
None
The documentation has examples on how to place credentials into kubernetes as a secret but there doesn't seem to be any information available on how to use those credentials from within a jenkins pipeline. For a non-jenkins plugin developer, it may be difficult to understand what the intent of the plugin is if the examples are only showing examples of how to place a secret into kubernetes.
[JENKINS-50602] Add documentation on how to access credentials from within Jenkins pipelines
Christopher Webb
added a comment - Sorry, perhaps I am misunderstanding the intention of this plugin.
If I have the following secret (the one from your examples) in kubernetes: -
How do I access the username and password to use in my jobs?
withCredentials([usernamePassword(credentialsId: 'another-test-usernamepass', passwordVariable: 'foo', usernameVariable: 'bar')]) {
// foo should be Pa$$word
// bar should be myUsername
}
Christopher Webb
added a comment - Sorry, perhaps I am misunderstanding the intention of this plugin.
If I have the following secret (the one from your examples) in kubernetes: -
https://github.com/jenkinsci/kubernetes-credentials-provider-plugin/blob/master/docs/examples/username-pass.yaml
How do I access the username and password to use in my jobs?
withCredentials( [usernamePassword(credentialsId: 'another-test-usernamepass', passwordVariable: 'foo', usernameVariable: 'bar')] ) {
// foo should be Pa$$word
// bar should be myUsername
}
Yup that's how to do it.
So it is not working then my guess is the kubernetes service user that runs jenkins does not have read list and watch on secrets.
There should be some info in the jenkins logs, from the plugin
Christopher Webb
added a comment - Good to know the syntax was correct. I'll look at making a pull request to your readme tomorrow to include the details on how to use this plugin.
This ticket is not a bug raised because of the inability to access the credentials but an improvement for people using it.
Christopher Webb
added a comment - Good to know the syntax was correct. I'll look at making a pull request to your readme tomorrow to include the details on how to use this plugin.
This ticket is not a bug raised because of the inability to access the credentials but an improvement for people using it. https://kubernetes.io/docs/concepts/configuration/secret/#clients-that-use-the-secrets-api
Take head the warning about list and watch secrets , you should run jenkins in an isolated namespace.
Ahh gotcha.
I'm planning on extending the docs when we know the Jenkins-x use cases are covered.
Christopher Webb
added a comment - I personally do run jenkins in an isolated namespace, it's probably worth including this information in the documentation too.
Christopher Webb
added a comment - I personally do run jenkins in an isolated namespace, it's probably worth including this information in the documentation too. Christopher Webb
added a comment - I've added the permissions and made a pull request to your github repository to update the readme.MD to include some usage information.
Thanks!
Christopher Webb
added a comment - I've added the permissions and made a pull request to your github repository to update the readme.MD to include some usage information.
Thanks! 
Not sure I follow, this has nothing to do with plugin development, you use the credentials just like you would from any other credential provider in jenkins.
IE in the UI when say configuring github select the credential you wish to use in the drop down.