DEV Community: Dinesh Reddy The latest articles on DEV Community by Dinesh Reddy (@jettidi). https://dev.to/jettidi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2689534%2F5489f9d2-a717-4760-b6cc-2607ed9f751b.jpg DEV Community: Dinesh Reddy https://dev.to/jettidi en Automating Kubernetes Sealed Secrets Management with Jenkins in a Multi-Cloud Environment -Part1 Dinesh Reddy Wed, 05 Feb 2025 02:00:11 +0000 https://dev.to/jettidi/automating-kubernetes-sealed-secrets-management-with-jenkins-in-a-multi-cloud-environment-1ifb https://dev.to/jettidi/automating-kubernetes-sealed-secrets-management-with-jenkins-in-a-multi-cloud-environment-1ifb <h1> 🚀 Automating Kubernetes Sealed Secrets Management with Jenkins in a Multi-Cloud Environment </h1> <h2> 🗒️ <strong>Introduction</strong> </h2> <p>Managing sensitive data like API keys, passwords, and certificates securely in Kubernetes can be challenging—especially in enterprise environments with multiple clusters. In this guide, we'll explore how to <strong>automate Kubernetes Sealed Secrets management using Jenkins</strong>, ensuring <strong>security, scalability, and efficiency</strong> across multi-cloud environments such as <strong>AKS</strong>, <strong>GKE</strong>, and <strong>EKS</strong>.</p> <h2> 🛡️ <strong>Background</strong> </h2> <p>In enterprise environments, sensitive information like API keys, passwords, and certificates must be managed securely. Kubernetes, widely used for container orchestration, stores such data as secrets. However, plain-text Kubernetes secrets are not safe for version control systems or manual handling.</p> <p>To address this, <strong>Sealed Secrets</strong> encrypt sensitive data so it can be safely stored and shared. Deploying and managing these Sealed Secrets efficiently in Amazon AKS requires automation to ensure security, scalability, and ease of use.</p> <h2> ⚠️ <strong>The Challenge</strong> </h2> <p>Enterprises often face several challenges:</p> <ul> <li> <strong>Security Risks:</strong> Storing secrets in plain text makes them vulnerable to unauthorized access.</li> <li> <strong>Manual Errors:</strong> Manual handling increases the risk of mistakes.</li> <li> <strong>Complex Management:</strong> Managing secrets across environments (dev, staging, prod) is time-consuming.</li> <li> <strong>Lack of Automation:</strong> Kubernetes lacks built-in automation for secret encryption and deployment.</li> </ul> <h2> 💡 <strong>The Solution: Jenkins + Docker-in-Docker (DIND)</strong> </h2> <p>A <strong>Jenkins pipeline</strong>, combined with a <strong>Docker-in-Docker (DIND)</strong> container, automates the secure management of Sealed Secrets in AKS clusters. Key features include:</p> <ul> <li> <strong>🔐 Strong Encryption:</strong> Uses the Sealed Secrets Controller, ensuring only the AKS cluster can decrypt data.</li> <li> <strong>📦 Centralized Management:</strong> Jenkins standardizes secret generation and deployment across environments.</li> <li> <strong>🛡️ Security Compliance:</strong> Secrets are encrypted before storage to meet strict security standards.</li> <li> <strong>🔑 RBAC Integration:</strong> Kubernetes Role-Based Access Control (RBAC) adds an extra layer of security.</li> </ul> <p><a href="https://github.com/regspweek41/jenkins-sealed-secrets.git" rel="noopener noreferrer">🔗 Check the GitHub Repository for Reference</a></p> <h2> ⚙️ <strong>Jenkins Pipeline Workflow</strong> </h2> <h3> 1️⃣ <strong>Prepare the Workspace</strong> </h3> <p>Set up the environment for processing secrets and generating artifacts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> /tmp/jenkins-k8s-apply <span class="nb">mkdir</span> <span class="nt">-p</span> <span class="k">${</span><span class="nv">WORKSPACE</span><span class="k">}</span>/sealed-secrets-artifacts <span class="nb">rm</span> <span class="nt">-f</span> /tmp/jenkins-k8s-apply/<span class="k">*</span> <span class="o">||</span> <span class="nb">true ls</span> <span class="nt">-la</span> /tmp/jenkins-k8s-apply <span class="o">||</span> <span class="nb">echo</span> <span class="s2">"Directory is empty"</span> </code></pre> </div> <p><strong>Why?</strong> A clean workspace ensures no residual sensitive data remains. ✅</p> <h3> 2️⃣ <strong>Process Base64 Encoded Secrets</strong> </h3> <p>Decode the provided <code>secrets.yaml</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="k">${</span><span class="nv">SECRETS_YAML</span><span class="k">}</span> <span class="o">&gt;</span> /tmp/jenkins-k8s-apply/secrets.yaml.b64 <span class="nb">base64</span> <span class="nt">--decode</span> &lt; /tmp/jenkins-k8s-apply/secrets.yaml.b64 <span class="o">&gt;</span> /tmp/jenkins-k8s-apply/secrets.yaml <span class="nb">ls</span> <span class="nt">-l</span> /tmp/jenkins-k8s-apply/secrets.yaml <span class="nb">head</span> <span class="nt">-n</span> 5 /tmp/jenkins-k8s-apply/secrets.yaml | <span class="nb">grep</span> <span class="nt">-v</span> <span class="s1">'data:'</span> <span class="o">||</span> <span class="nb">echo</span> <span class="s2">"File appears to be empty"</span> </code></pre> </div> <h3> 3️⃣ <strong>Apply Kubernetes Config &amp; Fetch Public Certificate</strong> </h3> <p>Fetch the Sealed Secrets Controller’s public certificate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">ls</span> <span class="nt">-l</span> <span class="k">${</span><span class="nv">KUBECONFIG</span><span class="k">}</span> <span class="c"># Validate kubeconfig</span> docker run <span class="nt">--rm</span> <span class="se">\</span> <span class="nt">-v</span> <span class="k">${</span><span class="nv">KUBECONFIG</span><span class="k">}</span>:/tmp/kubeconfig <span class="se">\</span> <span class="nt">-v</span> /tmp/jenkins-k8s-apply/secrets.yaml:/tmp/secrets.yaml <span class="se">\</span> docker-dind-kube-secret kubeseal <span class="se">\</span> <span class="nt">--controller-name</span><span class="o">=</span>sealed-secrets <span class="se">\</span> <span class="nt">--controller-namespace</span><span class="o">=</span>kube-system <span class="se">\</span> <span class="nt">--kubeconfig</span><span class="o">=</span>/tmp/kubeconfig <span class="se">\</span> <span class="nt">--fetch-cert</span> <span class="o">&gt;</span> /tmp/jenkins-k8s-apply/sealed-secrets-cert.pem <span class="nb">ls</span> <span class="nt">-l</span> /tmp/jenkins-k8s-apply/sealed-secrets-cert.pem <span class="c"># Validate certificate</span> </code></pre> </div> <h3> 4️⃣ <strong>Create Sealed Secrets</strong> </h3> <p>Encrypt the secrets using the public certificate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--rm</span> <span class="se">\</span> <span class="nt">-v</span> <span class="k">${</span><span class="nv">KUBECONFIG</span><span class="k">}</span>:/tmp/kubeconfig <span class="se">\</span> <span class="nt">-v</span> /tmp/jenkins-k8s-apply/secrets.yaml:/tmp/secrets.yaml <span class="se">\</span> <span class="nt">-v</span> /tmp/jenkins-k8s-apply/sealed-secrets-cert.pem:/tmp/sealed-secrets-cert.pem <span class="se">\</span> docker-dind-kube-secret sh <span class="nt">-c</span> <span class="s2">"kubeseal </span><span class="se">\</span><span class="s2"> --controller-name=sealed-secrets </span><span class="se">\</span><span class="s2"> --controller-namespace=kube-system </span><span class="se">\</span><span class="s2"> --format yaml </span><span class="se">\</span><span class="s2"> --cert /tmp/sealed-secrets-cert.pem </span><span class="se">\</span><span class="s2"> --namespace=</span><span class="k">${</span><span class="nv">NAMESPACE</span><span class="k">}</span><span class="s2"> </span><span class="se">\</span><span class="s2"> &lt; /tmp/secrets.yaml"</span> <span class="o">&gt;</span> <span class="k">${</span><span class="nv">WORKSPACE</span><span class="k">}</span>/sealed-secrets-artifacts/sealed-secrets.yaml </code></pre> </div> <h3> 5️⃣ <strong>Generate Documentation</strong> </h3> <p>Create metadata to track secret deployments:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="s2">"Generated on: </span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2">"</span> <span class="o">&gt;</span> <span class="k">${</span><span class="nv">WORKSPACE</span><span class="k">}</span>/sealed-secrets-artifacts/README.txt <span class="nb">echo</span> <span class="s2">"Namespace: </span><span class="k">${</span><span class="nv">NAMESPACE</span><span class="k">}</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="k">${</span><span class="nv">WORKSPACE</span><span class="k">}</span>/sealed-secrets-artifacts/README.txt <span class="nb">echo</span> <span class="s2">"Controller: sealed-secrets"</span> <span class="o">&gt;&gt;</span> <span class="k">${</span><span class="nv">WORKSPACE</span><span class="k">}</span>/sealed-secrets-artifacts/README.txt <span class="nb">echo</span> <span class="s2">"Controller Namespace: kube-system"</span> <span class="o">&gt;&gt;</span> <span class="k">${</span><span class="nv">WORKSPACE</span><span class="k">}</span>/sealed-secrets-artifacts/README.txt </code></pre> </div> <h2> 🎯 <strong>Key Benefits</strong> </h2> <ul> <li> <strong>🔒 Enhanced Security:</strong> Encryption before storage mitigates the risk of data leaks.</li> <li> <strong>⚡ Automation:</strong> Reduces manual effort, ensuring consistent workflows.</li> <li> <strong>🌍 Scalability:</strong> Easily handles multiple environments and clusters.</li> <li> <strong>✅ Compliance:</strong> Simplifies regulatory audits with secure secret management.</li> </ul> <p>Seamlessly integrates with existing CI/CD workflows and AWS services—perfect for scaling across clusters. 🚀</p> <h1> 📦 <strong>Part 2: Automating Kubernetes Sealed Secrets in Multi-Cloud Environments</strong> </h1> <p>In <strong>Part 2</strong>, we’ll expand this approach to <strong>multi-cloud environments</strong>, covering:</p> <ul> <li> <strong>AKS (Non-Production)</strong> ✅ </li> <li> <strong>GKE (Production Cluster 1)</strong> ☁️ </li> <li> <strong>EKS (Production Cluster 2)</strong> 🛡️ </li> </ul> <p>Stay tuned for advanced multi-cloud secret management techniques! 💼</p> jenkins kubernetes cicd secret Automating Kubernetes Sealed Secrets Management with Jenkins in a Multi-Cloud Environment-Part2 Dinesh Reddy Wed, 05 Feb 2025 01:17:56 +0000 https://dev.to/jettidi/automating-kubernetes-sealed-secrets-management-with-jenkins-in-a-multi-cloud-environment-455g https://dev.to/jettidi/automating-kubernetes-sealed-secrets-management-with-jenkins-in-a-multi-cloud-environment-455g <h1> Automating Secure Kubernetes Sealed Secrets with Jenkins Pipeline in a Multi-Cloud Environment </h1> <p>Managing Kubernetes secrets securely across multiple environments and clusters can be challenging. This Jenkins pipeline simplifies and automates the secure management of Kubernetes sealed secrets across Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Amazon Elastic Kubernetes Service (EKS). It ensures secure handling of sensitive information while optimizing efficiency through dynamic environment setups and parallel processing.</p> <h2> 🚀 Key Features </h2> <h3> 1. <strong>Dynamic Cluster Selection</strong> </h3> <p>The pipeline dynamically determines target clusters based on the <code>ENVIRONMENT</code> parameter:</p> <ul> <li> <strong>Non-Production:</strong> Targets the AKS cluster using the <code>Stage</code> credential.</li> <li> <strong>Production:</strong> Targets both GKE (Production Cluster 1) and EKS (Production Cluster 2) using <code>Production_1</code> and <code>Production_2</code> credentials, respectively.</li> </ul> <h3> 2. <strong>Parallel Processing for Efficiency</strong> </h3> <p>To speed up multi-cluster operations, the <code>Process Clusters</code> stage runs workflows in parallel:</p> <ul> <li> <strong>Production:</strong> Processes GKE and EKS clusters simultaneously.</li> <li> <strong>Non-Production:</strong> Processes only the AKS cluster.</li> </ul> <h3> 3. <strong>Secure Sealed Secrets Workflow</strong> </h3> <ul> <li> <strong>Decodes</strong> the Base64-encoded <code>Secrets.yaml</code> file.</li> <li> <strong>Fetches</strong> the public certificate from the Sealed Secrets controller.</li> <li> <strong>Encrypts</strong> the secrets for the respective cluster and namespace.</li> <li> <strong>Generates</strong> <code>sealed-secrets.yaml</code> artifacts for secure deployment.</li> </ul> <h3> 4. <strong>Dynamic and Reusable Pipeline</strong> </h3> <p>The cluster list and credentials are dynamically configured, making the pipeline adaptable for additional clusters or environments with minimal changes.</p> <h3> 5. <strong>Post-Build Artifact Management</strong> </h3> <ul> <li>Archives artifacts (sealed-secrets.yaml, README.txt) per cluster.</li> <li>Makes them accessible through the Jenkins UI for easy retrieval.</li> </ul> <h2> 🔄 Jenkins Pipeline Script Explained </h2> <h3> Parameters </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">parameters</span> <span class="o">{</span> <span class="n">string</span><span class="o">(</span><span class="nl">name:</span> <span class="s1">'NAMESPACE'</span><span class="o">,</span> <span class="nl">defaultValue:</span> <span class="s1">'default'</span><span class="o">,</span> <span class="nl">description:</span> <span class="s2">"'Kubernetes namespace for the sealed secret')"</span> <span class="n">choice</span><span class="o">(</span><span class="nl">name:</span> <span class="s1">'ENVIRONMENT'</span><span class="o">,</span> <span class="nl">choices:</span> <span class="o">[</span><span class="s1">'Non-Production'</span><span class="o">,</span> <span class="s1">'Production'</span><span class="o">],</span> <span class="nl">description:</span> <span class="s2">"'Select the target environment')"</span> <span class="n">base64File</span><span class="o">(</span><span class="nl">name:</span> <span class="s1">'SECRETS_YAML'</span><span class="o">,</span> <span class="nl">description:</span> <span class="s2">"'Upload Base64-encoded Secrets.yaml file')"</span> <span class="n">booleanParam</span><span class="o">(</span><span class="nl">name:</span> <span class="s1">'STORE_CERT'</span><span class="o">,</span> <span class="nl">defaultValue:</span> <span class="kc">true</span><span class="o">,</span> <span class="nl">description:</span> <span class="s2">"'Store the public certificate for future use')"</span> <span class="o">}</span> </code></pre> </div> <ul> <li> <strong><code>NAMESPACE</code></strong>: Target namespace in Kubernetes.</li> <li> <strong><code>ENVIRONMENT</code></strong>: Determines the operational environment.</li> <li> <strong><code>SECRETS_YAML</code></strong>: Base64-encoded YAML file with sensitive data.</li> <li> <strong><code>STORE_CERT</code></strong>: Option to archive the public certificate for future use.</li> </ul> <h3> Environment Variables </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">environment</span> <span class="o">{</span> <span class="n">WORK_DIR</span> <span class="o">=</span> <span class="s1">'/tmp/jenkins-k8s-apply'</span> <span class="n">CONTROLLER_NAMESPACE</span> <span class="o">=</span> <span class="s1">'kube-system'</span> <span class="n">CONTROLLER_NAME</span> <span class="o">=</span> <span class="s1">'sealed-secrets'</span> <span class="n">CERT_FILE</span> <span class="o">=</span> <span class="s1">'sealed-secrets-cert.pem'</span> <span class="n">DOCKER_IMAGE</span> <span class="o">=</span> <span class="s1">'docker-dind-kube-secret'</span> <span class="n">ARTIFACTS_DIR</span> <span class="o">=</span> <span class="s1">'sealed-secrets-artifacts'</span> <span class="o">}</span> </code></pre> </div> <p>Defines key directories and configurations, including the workspace, Sealed Secrets controller details, and Docker image.</p> <h3> Environment Setup </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'Environment Setup'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="kt">def</span> <span class="n">clusters</span> <span class="o">=</span> <span class="n">params</span><span class="o">.</span><span class="na">ENVIRONMENT</span> <span class="o">==</span> <span class="s1">'Production'</span> <span class="o">?</span> <span class="o">[</span> <span class="o">[</span><span class="nl">id:</span> <span class="s1">'prod-cluster-1'</span><span class="o">,</span> <span class="nl">name:</span> <span class="s1">'Production Cluster 1'</span><span class="o">,</span> <span class="nl">credentialId:</span> <span class="s1">'Production_1'</span><span class="o">],</span> <span class="o">[</span><span class="nl">id:</span> <span class="s1">'prod-cluster-2'</span><span class="o">,</span> <span class="nl">name:</span> <span class="s1">'Production Cluster 2'</span><span class="o">,</span> <span class="nl">credentialId:</span> <span class="s1">'Production_2'</span><span class="o">]</span> <span class="o">]</span> <span class="o">:</span> <span class="o">[</span> <span class="o">[</span><span class="nl">id:</span> <span class="s1">'non-prod-cluster'</span><span class="o">,</span> <span class="nl">name:</span> <span class="s1">'Non-Production Cluster'</span><span class="o">,</span> <span class="nl">credentialId:</span> <span class="s1">'Stage'</span><span class="o">]</span> <span class="o">];</span> <span class="n">env</span><span class="o">.</span><span class="na">CLUSTER_IDS</span> <span class="o">=</span> <span class="n">clusters</span><span class="o">.</span><span class="na">collect</span> <span class="o">{</span> <span class="n">it</span><span class="o">.</span><span class="na">id</span> <span class="o">}.</span><span class="na">join</span><span class="o">(</span><span class="s1">','</span><span class="o">);</span> <span class="n">clusters</span><span class="o">.</span><span class="na">each</span> <span class="o">{</span> <span class="n">cluster</span> <span class="o">-&gt;</span> <span class="n">env</span><span class="o">[</span><span class="s2">"CLUSTER_${cluster.id}_NAME"</span><span class="o">]</span> <span class="o">=</span> <span class="n">cluster</span><span class="o">.</span><span class="na">name</span><span class="o">;</span> <span class="n">env</span><span class="o">[</span><span class="s2">"CLUSTER_${cluster.id}_CRED"</span><span class="o">]</span> <span class="o">=</span> <span class="n">cluster</span><span class="o">.</span><span class="na">credentialId</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Dynamically sets up clusters and credentials based on the environment.</p> <h3> Preparing the Workspace </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'Prepare Workspace'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">""" mkdir -p ${WORK_DIR} mkdir -p ${WORKSPACE}/${ARTIFACTS_DIR} rm -f ${WORK_DIR}/* || true rm -rf ${WORKSPACE}/${ARTIFACTS_DIR}/* || true """</span> <span class="n">writeFile</span> <span class="nl">file:</span> <span class="s2">"${WORK_DIR}/secrets.yaml.b64"</span><span class="o">,</span> <span class="nl">text:</span> <span class="n">params</span><span class="o">.</span><span class="na">SECRETS_YAML</span><span class="o">;</span> <span class="n">sh</span> <span class="s2">"base64 --decode &lt; ${WORK_DIR}/secrets.yaml.b64 &gt; ${WORK_DIR}/secrets.yaml"</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Prepares directories, cleans up old artifacts, and decodes the Base64 secrets file.</p> <h3> Processing Clusters in Parallel </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'Process Clusters'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="kt">def</span> <span class="n">parallelStages</span> <span class="o">=</span> <span class="o">[:];</span> <span class="n">env</span><span class="o">.</span><span class="na">CLUSTER_IDS</span><span class="o">.</span><span class="na">split</span><span class="o">(</span><span class="s1">','</span><span class="o">).</span><span class="na">each</span> <span class="o">{</span> <span class="n">clusterId</span> <span class="o">-&gt;</span> <span class="kt">def</span> <span class="n">clusterName</span> <span class="o">=</span> <span class="n">env</span><span class="o">[</span><span class="s2">"CLUSTER_${clusterId}_NAME"</span><span class="o">];</span> <span class="kt">def</span> <span class="n">credentialId</span> <span class="o">=</span> <span class="n">env</span><span class="o">[</span><span class="s2">"CLUSTER_${clusterId}_CRED"</span><span class="o">];</span> <span class="n">parallelStages</span><span class="o">[</span><span class="n">clusterName</span><span class="o">]</span> <span class="o">=</span> <span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"Process ${clusterName}"</span><span class="o">)</span> <span class="o">{</span> <span class="n">withCredentials</span><span class="o">([</span><span class="n">file</span><span class="o">(</span><span class="nl">credentialsId:</span> <span class="n">credentialId</span><span class="o">,</span> <span class="nl">variable:</span> <span class="s1">'KUBECONFIG'</span><span class="o">)])</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">"docker run --rm -v \${KUBECONFIG}:/tmp/kubeconfig -v ${WORK_DIR}/secrets.yaml:/tmp/secrets.yaml ${DOCKER_IMAGE} kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NAMESPACE} --cert /tmp/sealed-secrets-cert.pem --namespace=${params.NAMESPACE} &lt; /tmp/secrets.yaml &gt; ${WORKSPACE}/${ARTIFACTS_DIR}/${clusterId}/sealed-secrets.yaml"</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">parallel</span> <span class="n">parallelStages</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Processes each cluster in parallel to optimize execution time.</p> <h3> Post-Build Actions </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">post</span> <span class="o">{</span> <span class="n">always</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">"rm -rf ${WORK_DIR}"</span><span class="o">;</span> <span class="n">archiveArtifacts</span> <span class="nl">artifacts:</span> <span class="s2">"${ARTIFACTS_DIR}/*/**"</span><span class="o">,</span> <span class="nl">fingerprint:</span> <span class="kc">true</span><span class="o">;</span> <span class="o">}</span> <span class="n">success</span> <span class="o">{</span> <span class="n">echo</span> <span class="s2">"Pipeline completed successfully!"</span><span class="o">;</span> <span class="o">}</span> <span class="n">failure</span> <span class="o">{</span> <span class="n">echo</span> <span class="s2">"Pipeline failed. Check logs for details."</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <ul> <li>Cleans up the workspace.</li> <li>Archives artifacts for easy retrieval.</li> </ul> <h2> 🌟 Key Benefits </h2> <ul> <li> <strong>Dynamic Configuration:</strong> Easy to add new clusters without major code changes.</li> <li> <strong>Parallel Processing:</strong> Optimized runtime for multi-cluster environments.</li> <li> <strong>Secure Operations:</strong> End-to-end encryption with Kubernetes Sealed Secrets.</li> <li> <strong>Multi-Cloud Ready:</strong> Works seamlessly with AKS, GKE, and EKS.</li> </ul> <p>This Jenkins pipeline provides a robust, secure, and efficient way to manage Kubernetes secrets across multiple clouds. Feel free to adapt it to your organization's needs! 🚀</p> kubernetes jenkins security secret