Select Git revision
gitlab-ci-k8s-vault.yml
-
semantic-release-bot authored
# [7.0.0](https://gitlab.com/to-be-continuous/kubernetes/compare/6.5.0...7.0.0) (2025-01-31) ### Features * variables substitution enhancements ([4023f7f8](https://gitlab.com/to-be-continuous/kubernetes/commit/4023f7f862fd89b30067c6d548d4dbf06016f622)) ### BREAKING CHANGES * Now the variables substitution mechanism implements complete YAML string encoding. That might break projects that used to workaround the former implementation flaws.
semantic-release-bot authored# [7.0.0](https://gitlab.com/to-be-continuous/kubernetes/compare/6.5.0...7.0.0) (2025-01-31) ### Features * variables substitution enhancements ([4023f7f8](https://gitlab.com/to-be-continuous/kubernetes/commit/4023f7f862fd89b30067c6d548d4dbf06016f622)) ### BREAKING CHANGES * Now the variables substitution mechanism implements complete YAML string encoding. That might break projects that used to workaround the former implementation flaws.
gitlab-ci-k8s-vault.yml 1.16 KiB
# =====================================================================================================================
# === Vault template variant
# =====================================================================================================================
spec:
inputs:
vault-base-url:
description: The Vault server base API url
default: ''
vault-oidc-aud:
description: The `aud` claim for the JWT
default: $CI_SERVER_URL
---
variables:
# variabilized vault-secrets-provider image
TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest
# variables have to be explicitly declared in the YAML to be exported to the service
VAULT_ROLE_ID: $VAULT_ROLE_ID
VAULT_SECRET_ID: $VAULT_SECRET_ID
VAULT_OIDC_AUD: $[[ inputs.vault-oidc-aud ]]
VAULT_BASE_URL: $[[ inputs.vault-base-url ]]
.k8s-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "--port", "8082", "kubernetes", "7.0.0"]
- name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider"
variables:
VAULT_JWT_TOKEN: "$VAULT_JWT_TOKEN"
id_tokens:
VAULT_JWT_TOKEN:
aud: "$VAULT_OIDC_AUD"