Closed jlebon closed 2 years ago
jlebon
commented
2 years ago I tried to migrate the few credentials we use here to use kubernetes-credentials-provider, but sadly the GitHub OAuth plugin doesn't use the Jenkins credentials API at all but directly wants the secret in a text field. I think we can work around that though. This would allow us to directly also use jenkins.yaml from the pipeline instead of duplicating it here. It's not high priority though.
dustymabe
commented
2 years ago GitHub OAuth plugin doesn't use the Jenkins credentials API at all but directly wants the secret in a text field
Does that mean it accesses the Kubernetes secret directly somehow?
jlebon
commented
2 years ago GitHub OAuth plugin doesn't use the Jenkins credentials API at all but directly wants the secret in a text field
Does that mean it accesses the Kubernetes secret directly somehow?
That would've been too easy, heh. We use it here: https://github.com/coreos/coreos-ci/blob/1aef511907d5cc3f7b00fa7057e6576ab98bfc66/jenkins/config/github-oauth.yaml#L7. As you see, it's not a credentials ID, but the literal secret.
I'm thinking we can hack around this by just adding the secret to the configmap itself but don't want to block on that for now.
This matches what we did in the FCOS pipeline: https://github.com/coreos/fedora-coreos-pipeline/pull/671
The bits from that PR to actually set up the imagestream, we will already inherit here.