Correctly override "settings.xml" in Jenkinsfile Maven build on kubernetes?

If you want to override a file inside pod you can use ConfigMap to store the changed file and mount it instead of previous one.

You can create the ConfigMap from a file using

kubectl create configmap settings-xml --from-file=settings.xml

Your pod definition might look like this:

apiVersion: v1kind: Podmetadata:  name: kanikospec:  containers:    - name: maven      image: maven:3-jdk-11-slim      command:      - cat      tty: true      volumeMounts:      - name: config-settings        mountPath: /usr/share/maven/ref/settings.xml  volumes:    - name: config-settings      configMap:        # Provide the name of the ConfigMap containing the files you want        # to add to the container        name: settings-xml...

Summary: you can mount your settings.xml file on the pod at some specific path and use that file with command mvn -s /my/path/to/settings.xml.

Crou's ConfigMap approach is one way to do it. However, since the settings.xml file usually contains credentials, I would treat it as Secrets.

You can create a Secret in Kubernetes with command:

$ kubectl create secret generic mvn-settings --from-file=settings.xml=./settings.xml

The pod definition will be something like this:

apiVersion: v1kind: Podmetadata:  name: kanikospec:  containers:    - name: maven      image: maven:3-jdk-11-slim      command:      - cat      tty: true      volumeMounts:      - name: mvn-settings-vol        mountPath: /my/path/to  volumes:    - name: mvn-settings-vol      secret:        secretName: mvn-settings

Advanced/Optional: If you practice "Infrastructure as Code", you might want to save the manifest file for that secret for recovery. This can be achieved by this command after secret already created:

$ kubectl get secrets mvn-settings -o yaml

You can keep secrets.yml file but do not check into any VCS/Github repo since this version of secrets.yml contains unencrypted data.

Some k8s administrators may have kubeseal installed. In that case, I'd recommend using kubeseal to get encrypted version of secrets.yml.

$ kubectl create secret generic mvn-settings --from-file=settings.xml=./settings.xml --dry-run -o json | kubeseal --controller-name=controller --controller-namespace=k8s-sealed-secrets --format=yaml >secrets.yml# Actually create secrets$ kubectl apply -f secrets.yml

The controller-name and controller-namespace should be obtained from k8s administrators. This secrets.yml contains encrypted data of your settings.xml and can be safely checked into VCS/Github repo.

This worked for me:

• Install Config File Provider Plugin
• Go to Manage Jenkins > Config File Management > Add a new config and insert here your settings.xml
• In your jenkinsfile just put your rtMavenRun inside a configFileProvider block, and put the same fileId of the jenkins config file you created before

    stage('Build Maven') {                steps {                    configFileProvider([configFile(fileId: 'MavenArtifactorySettingId', variable: 'MAVEN_SETTINGS_XML')]) {                        retry(count: 3) {                            rtMavenRun(                                tool: "Maven 3.6.2", //id specified in Global Tool Configuration                                pom: 'pom.xml',                                goals: '-U -s $MAVEN_SETTINGS_XML clean install',                            )                        }                    }                }            }

this is exactly the pipeline that I used if you want to see more: https://gist.github.com/robertobatts/42da9069e13b61a238f51c36754de97b