Skip to content
Snippets Groups Projects
Select Git revision
  • e29f9778efcbef2e05427b49e87d70292c7faed4
  • master default protected
  • 7
  • 7.3
  • 7.3.1
  • 7.3.0
  • 7.2
  • 7.2.1
  • 7.2.0
  • 7.1
  • 7.1.1
  • 7.1.0
  • 7.0
  • 7.0.0
  • 6
  • 6.5
  • 6.5.0
  • 6.4
  • 6.4.0
  • 6.3
  • 6.3.0
  • 6.2
22 results

gitlab-ci-k8s-vault.yml

Blame
  • gitlab-ci-k8s-vault.yml 1.16 KiB
    # =====================================================================================================================
    # === Vault template variant
    # =====================================================================================================================
    spec:
      inputs:
        vault-base-url:
          description: The Vault server base API url
          default: ''
        vault-oidc-aud:
          description: The `aud` claim for the JWT
          default: $CI_SERVER_URL
    ---
    variables:
      # variabilized vault-secrets-provider image
      TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest
      # variables have to be explicitly declared in the YAML to be exported to the service
      VAULT_ROLE_ID: $VAULT_ROLE_ID
      VAULT_SECRET_ID: $VAULT_SECRET_ID
      VAULT_OIDC_AUD: $[[ inputs.vault-oidc-aud ]]
      VAULT_BASE_URL: $[[ inputs.vault-base-url ]]
      
    .k8s-base:
      services:
        - name: "$TBC_TRACKING_IMAGE"
          command: ["--service", "--port", "8082", "kubernetes", "7.0.0"]
        - name: "$TBC_VAULT_IMAGE"
          alias: "vault-secrets-provider"
      variables:
        VAULT_JWT_TOKEN: "$VAULT_JWT_TOKEN"
      id_tokens:
        VAULT_JWT_TOKEN:
          aud: "$VAULT_OIDC_AUD"