Links

Agent Service Credentials

For most service types, credentials can be provided. The types of credentials allowed depend on the service type, but generally several are available.

No authentication

Credential type "none" indicates that the service endpoint does not require any authentication.

HTTP Basic Authentication

A credential type of "basic" requires a username and a password to be provided in the configmap or in a Kubernetes secret. These are passed to the target via HTTP Basic authentication.
If secrets are provided in the configmap (not recommended) they must be base64 encoded.
Example (with literal contents, not recommended):
services:
- name: dev jenkins
type: jenkins
enabled: true
config:
url: https://dev.jenkins.example.com:8080
credentials:
type: basic
username: bm90LWEtZ29vZC11c2VybmFtZQ==
password: YWxzby1ub3QtZ29vZC1wYXNzd29yZA==
Example (with Kubernetes secret of type 'kubernetes.io/basic-auth'):
services:
- name: dev jenkins
type: jenkins
enabled: true
config:
url: https://dev.jenkins.example.com:8080
credentials:
type: basic
secretName: dev-jenkins-secret
The secret must be created, and have keys for "username" and "password".

HTTP Bearer Authentication

A credential type of "bearer" requires a token to be provided in the configmap or in a Kubernetes secret. These are passed to the target via HTTP Bearer authentication.
If secrets are provided in the configmap (not recommended) they must be base64 encoded.
Example (with literal contents, not recommended):
services:
- name: dev jenkins
type: jenkins
enabled: true
config:
url: https://dev.jenkins.example.com:8080
credentials:
type: bearer
token: YWxzby1ub3QtZ29vZC1wYXNzd29yZA==
Example (with Kubernetes secret of type Opaque):
services:
- name: dev jenkins
type: jenkins
enabled: true
config:
url: https://dev.jenkins.example.com:8080
credentials:
type: bearer
secretName: dev-jenkins-secret
The secret must be created, and have a key for "token".

HTTP "Token" Authentication

While "bearer" should generally be used, some services require a small change, and require the authentication type to be called "token" in the HTTP headers sent to authenticate. Other than that change, "token" and "bearer" are identical in configuration methods.