How to set up SSH keys for Jenkins Blue Ocean using Kubernetes and Helm










0















I have a CI system set up using the stable Jenkins Helm chart with the BlueOcean plugin.



In my SCM system (BitBucket Server), I have a Jenkins build user created with SSH keys configured.



What I'd like to do is bootstrap the Jenkins install with the SSH key so that when configuring a BlueOcean pipeline, authentication is handled seamlessly. As it is, I have to go in to the repository I want to build and add access for the SSH key generated by BlueOcean. This is obviously not ideal as it adds an additional manual step for each build pipeline to be configured.



The Jenkins Helm chart documentation specifies an Agent.volumes value in values.yaml that can be used to mount, for instance, a Kubernetes secret containing the SSH keys. However, this is agent configuration, so presumably would allow for SCM authentication from a build agent (e.g., from a Jenkinsfile). What I want to do is bootstrap the keys into Jenkins master.



I see that there is a Master.CredentialsXmlSecret which allows for a Kubernetes secret containing a Credentials XML file, but the documentation on this is sparse (or non-existent).



Has anyone set up Jenkins on Kubernetes/Helm with this kind of SSH configuration?



*Edit: So I have managed to produce a correct credentials.xml file by logging in to Jenkins and manually setting up the SSH keys, then copying the produced credentials.xml file, running it through base64 encoding, adding it as a Kubernetes secret and then binding it to Master.CredentialsXmlSecret in the Jenkins Helm chart's values.yaml. After doing that, my Jenkins instance loads up with the credentials.xml file in place (/var/jenkins_home/credentials.xml). The Credentials don't appear to be loading into the Jenkins UI correctly but I think I'm on the right track.










share|improve this question
























  • The path I'm going down (still in progress) is starting up the Jenkins instance, manually configuring SSH credentials in the UI, then copying the /var/jenkins_home/credentials.xml file, running it through base64 encoding, storing it as a Kubernetes secret, and then mounting that secret to the Master.CredentialsXmlSecret property in values.yaml.

    – LiquidPony
    Nov 15 '18 at 16:37















0















I have a CI system set up using the stable Jenkins Helm chart with the BlueOcean plugin.



In my SCM system (BitBucket Server), I have a Jenkins build user created with SSH keys configured.



What I'd like to do is bootstrap the Jenkins install with the SSH key so that when configuring a BlueOcean pipeline, authentication is handled seamlessly. As it is, I have to go in to the repository I want to build and add access for the SSH key generated by BlueOcean. This is obviously not ideal as it adds an additional manual step for each build pipeline to be configured.



The Jenkins Helm chart documentation specifies an Agent.volumes value in values.yaml that can be used to mount, for instance, a Kubernetes secret containing the SSH keys. However, this is agent configuration, so presumably would allow for SCM authentication from a build agent (e.g., from a Jenkinsfile). What I want to do is bootstrap the keys into Jenkins master.



I see that there is a Master.CredentialsXmlSecret which allows for a Kubernetes secret containing a Credentials XML file, but the documentation on this is sparse (or non-existent).



Has anyone set up Jenkins on Kubernetes/Helm with this kind of SSH configuration?



*Edit: So I have managed to produce a correct credentials.xml file by logging in to Jenkins and manually setting up the SSH keys, then copying the produced credentials.xml file, running it through base64 encoding, adding it as a Kubernetes secret and then binding it to Master.CredentialsXmlSecret in the Jenkins Helm chart's values.yaml. After doing that, my Jenkins instance loads up with the credentials.xml file in place (/var/jenkins_home/credentials.xml). The Credentials don't appear to be loading into the Jenkins UI correctly but I think I'm on the right track.










share|improve this question
























  • The path I'm going down (still in progress) is starting up the Jenkins instance, manually configuring SSH credentials in the UI, then copying the /var/jenkins_home/credentials.xml file, running it through base64 encoding, storing it as a Kubernetes secret, and then mounting that secret to the Master.CredentialsXmlSecret property in values.yaml.

    – LiquidPony
    Nov 15 '18 at 16:37













0












0








0








I have a CI system set up using the stable Jenkins Helm chart with the BlueOcean plugin.



In my SCM system (BitBucket Server), I have a Jenkins build user created with SSH keys configured.



What I'd like to do is bootstrap the Jenkins install with the SSH key so that when configuring a BlueOcean pipeline, authentication is handled seamlessly. As it is, I have to go in to the repository I want to build and add access for the SSH key generated by BlueOcean. This is obviously not ideal as it adds an additional manual step for each build pipeline to be configured.



The Jenkins Helm chart documentation specifies an Agent.volumes value in values.yaml that can be used to mount, for instance, a Kubernetes secret containing the SSH keys. However, this is agent configuration, so presumably would allow for SCM authentication from a build agent (e.g., from a Jenkinsfile). What I want to do is bootstrap the keys into Jenkins master.



I see that there is a Master.CredentialsXmlSecret which allows for a Kubernetes secret containing a Credentials XML file, but the documentation on this is sparse (or non-existent).



Has anyone set up Jenkins on Kubernetes/Helm with this kind of SSH configuration?



*Edit: So I have managed to produce a correct credentials.xml file by logging in to Jenkins and manually setting up the SSH keys, then copying the produced credentials.xml file, running it through base64 encoding, adding it as a Kubernetes secret and then binding it to Master.CredentialsXmlSecret in the Jenkins Helm chart's values.yaml. After doing that, my Jenkins instance loads up with the credentials.xml file in place (/var/jenkins_home/credentials.xml). The Credentials don't appear to be loading into the Jenkins UI correctly but I think I'm on the right track.










share|improve this question
















I have a CI system set up using the stable Jenkins Helm chart with the BlueOcean plugin.



In my SCM system (BitBucket Server), I have a Jenkins build user created with SSH keys configured.



What I'd like to do is bootstrap the Jenkins install with the SSH key so that when configuring a BlueOcean pipeline, authentication is handled seamlessly. As it is, I have to go in to the repository I want to build and add access for the SSH key generated by BlueOcean. This is obviously not ideal as it adds an additional manual step for each build pipeline to be configured.



The Jenkins Helm chart documentation specifies an Agent.volumes value in values.yaml that can be used to mount, for instance, a Kubernetes secret containing the SSH keys. However, this is agent configuration, so presumably would allow for SCM authentication from a build agent (e.g., from a Jenkinsfile). What I want to do is bootstrap the keys into Jenkins master.



I see that there is a Master.CredentialsXmlSecret which allows for a Kubernetes secret containing a Credentials XML file, but the documentation on this is sparse (or non-existent).



Has anyone set up Jenkins on Kubernetes/Helm with this kind of SSH configuration?



*Edit: So I have managed to produce a correct credentials.xml file by logging in to Jenkins and manually setting up the SSH keys, then copying the produced credentials.xml file, running it through base64 encoding, adding it as a Kubernetes secret and then binding it to Master.CredentialsXmlSecret in the Jenkins Helm chart's values.yaml. After doing that, my Jenkins instance loads up with the credentials.xml file in place (/var/jenkins_home/credentials.xml). The Credentials don't appear to be loading into the Jenkins UI correctly but I think I'm on the right track.







git jenkins kubernetes kubernetes-helm jenkins-blueocean






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 15 '18 at 16:40







LiquidPony

















asked Nov 13 '18 at 20:00









LiquidPonyLiquidPony

1,702915




1,702915












  • The path I'm going down (still in progress) is starting up the Jenkins instance, manually configuring SSH credentials in the UI, then copying the /var/jenkins_home/credentials.xml file, running it through base64 encoding, storing it as a Kubernetes secret, and then mounting that secret to the Master.CredentialsXmlSecret property in values.yaml.

    – LiquidPony
    Nov 15 '18 at 16:37

















  • The path I'm going down (still in progress) is starting up the Jenkins instance, manually configuring SSH credentials in the UI, then copying the /var/jenkins_home/credentials.xml file, running it through base64 encoding, storing it as a Kubernetes secret, and then mounting that secret to the Master.CredentialsXmlSecret property in values.yaml.

    – LiquidPony
    Nov 15 '18 at 16:37
















The path I'm going down (still in progress) is starting up the Jenkins instance, manually configuring SSH credentials in the UI, then copying the /var/jenkins_home/credentials.xml file, running it through base64 encoding, storing it as a Kubernetes secret, and then mounting that secret to the Master.CredentialsXmlSecret property in values.yaml.

– LiquidPony
Nov 15 '18 at 16:37





The path I'm going down (still in progress) is starting up the Jenkins instance, manually configuring SSH credentials in the UI, then copying the /var/jenkins_home/credentials.xml file, running it through base64 encoding, storing it as a Kubernetes secret, and then mounting that secret to the Master.CredentialsXmlSecret property in values.yaml.

– LiquidPony
Nov 15 '18 at 16:37












1 Answer
1






active

oldest

votes


















1














You can probably set it up with an API call to bitbucket to set up the SSH key. Something like this with API 1.0



$ curl --user <USER>:<PASSWORD> -X POST 
https://bitbucket.org/api/1.0/users/<USER>/ssh-keys
--data-urlencode "key=<PUBLIC_KEY>"
--data-urlencode "label=<LABEL>"


Documented here, or API 2.0:



 $ curl -X POST -H "Content-Type: application/json" 
-d '"key": "ssh-ed25519 ...."'
https://api.bitbucket.org/2.0/users/<USER</ssh-keys


Documented here



Not sure what type of permissions you are looking for but you may want a repo SSH key pair for Jenkins Blue Ocean pipelines.



In either case, you will have to build your custom docker image with an entrypoint script that picks up the ssh key generated and posts it wherever you want to post it.






share|improve this answer






















    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53288619%2fhow-to-set-up-ssh-keys-for-jenkins-blue-ocean-using-kubernetes-and-helm%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    You can probably set it up with an API call to bitbucket to set up the SSH key. Something like this with API 1.0



    $ curl --user <USER>:<PASSWORD> -X POST 
    https://bitbucket.org/api/1.0/users/<USER>/ssh-keys
    --data-urlencode "key=<PUBLIC_KEY>"
    --data-urlencode "label=<LABEL>"


    Documented here, or API 2.0:



     $ curl -X POST -H "Content-Type: application/json" 
    -d '"key": "ssh-ed25519 ...."'
    https://api.bitbucket.org/2.0/users/<USER</ssh-keys


    Documented here



    Not sure what type of permissions you are looking for but you may want a repo SSH key pair for Jenkins Blue Ocean pipelines.



    In either case, you will have to build your custom docker image with an entrypoint script that picks up the ssh key generated and posts it wherever you want to post it.






    share|improve this answer



























      1














      You can probably set it up with an API call to bitbucket to set up the SSH key. Something like this with API 1.0



      $ curl --user <USER>:<PASSWORD> -X POST 
      https://bitbucket.org/api/1.0/users/<USER>/ssh-keys
      --data-urlencode "key=<PUBLIC_KEY>"
      --data-urlencode "label=<LABEL>"


      Documented here, or API 2.0:



       $ curl -X POST -H "Content-Type: application/json" 
      -d '"key": "ssh-ed25519 ...."'
      https://api.bitbucket.org/2.0/users/<USER</ssh-keys


      Documented here



      Not sure what type of permissions you are looking for but you may want a repo SSH key pair for Jenkins Blue Ocean pipelines.



      In either case, you will have to build your custom docker image with an entrypoint script that picks up the ssh key generated and posts it wherever you want to post it.






      share|improve this answer

























        1












        1








        1







        You can probably set it up with an API call to bitbucket to set up the SSH key. Something like this with API 1.0



        $ curl --user <USER>:<PASSWORD> -X POST 
        https://bitbucket.org/api/1.0/users/<USER>/ssh-keys
        --data-urlencode "key=<PUBLIC_KEY>"
        --data-urlencode "label=<LABEL>"


        Documented here, or API 2.0:



         $ curl -X POST -H "Content-Type: application/json" 
        -d '"key": "ssh-ed25519 ...."'
        https://api.bitbucket.org/2.0/users/<USER</ssh-keys


        Documented here



        Not sure what type of permissions you are looking for but you may want a repo SSH key pair for Jenkins Blue Ocean pipelines.



        In either case, you will have to build your custom docker image with an entrypoint script that picks up the ssh key generated and posts it wherever you want to post it.






        share|improve this answer













        You can probably set it up with an API call to bitbucket to set up the SSH key. Something like this with API 1.0



        $ curl --user <USER>:<PASSWORD> -X POST 
        https://bitbucket.org/api/1.0/users/<USER>/ssh-keys
        --data-urlencode "key=<PUBLIC_KEY>"
        --data-urlencode "label=<LABEL>"


        Documented here, or API 2.0:



         $ curl -X POST -H "Content-Type: application/json" 
        -d '"key": "ssh-ed25519 ...."'
        https://api.bitbucket.org/2.0/users/<USER</ssh-keys


        Documented here



        Not sure what type of permissions you are looking for but you may want a repo SSH key pair for Jenkins Blue Ocean pipelines.



        In either case, you will have to build your custom docker image with an entrypoint script that picks up the ssh key generated and posts it wherever you want to post it.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 13 '18 at 23:08









        RicoRico

        28.1k94966




        28.1k94966





























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53288619%2fhow-to-set-up-ssh-keys-for-jenkins-blue-ocean-using-kubernetes-and-helm%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Use pre created SQLite database for Android project in kotlin

            Darth Vader #20

            Ondo