From acff2a984ea060d7157e853213e4a19333296785 Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Fri, 31 Mar 2023 13:38:43 -0700 Subject: [PATCH 1/7] Added support for secret overrides --- charts/coms/templates/secret.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml index 4050d031..f8a9b3fa 100644 --- a/charts/coms/templates/secret.yaml +++ b/charts/coms/templates/secret.yaml @@ -19,8 +19,8 @@ metadata: labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ $bPassword }} - username: {{ $bUsername }} + password: {{ .Values.basicAuthSecretOverride.password | default $bPassword | quote }} + username: {{ .Values.basicAuthSecretOverride.username | default $bUsername | quote }} {{- end }} {{- if not $pSecret }} --- @@ -33,6 +33,6 @@ metadata: labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ $pPassword }} - username: {{ $pUsername }} + password: {{ .Values.objectStorageSecretOverride.password | default $pPassword | quote }} + username: {{ .Values.objectStorageSecretOverride.username | default $pUsername | quote }} {{- end }} From 08e7ab68c59a0c90c2db2511ceeb5e295753d51b Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Fri, 31 Mar 2023 16:19:20 -0700 Subject: [PATCH 2/7] Added objectstorage user/pass --- charts/coms/templates/secret.yaml | 32 +++++++++++++++++++++++++++---- charts/coms/values.yaml | 16 ++++++++++++---- 2 files changed, 40 insertions(+), 8 deletions(-) diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml index f8a9b3fa..06b45daf 100644 --- a/charts/coms/templates/secret.yaml +++ b/charts/coms/templates/secret.yaml @@ -2,37 +2,61 @@ {{- $bUsername := (randAlphaNum 32) | b64enc }} {{- $pPassword := (randAlphaNum 32) | b64enc }} {{- $pUsername := (randAlphaNum 32) | b64enc }} +{{- $oPassword := (randAlphaNum 32) | b64enc }} +{{- $oUsername := (randAlphaNum 32) | b64enc }} {{- $bSecretName := printf "%s-%s" (include "coms.fullname" .) "basicauth" }} {{- $bSecret := (lookup "v1" "Secret" .Release.Namespace $bSecretName ) }} {{- $pSecretName := printf "%s-%s" (include "coms.fullname" .) "passphrase" }} {{- $pSecret := (lookup "v1" "Secret" .Release.Namespace $pSecretName ) }} +{{- $oSecretName := printf "%s-%s" (include "coms.fullname" .) "objectstorage" }} +{{- $oSecret := (lookup "v1" "Secret" .Release.Namespace $oSecretName ) }} {{- if not $bSecret }} --- apiVersion: v1 kind: Secret metadata: + {{- if not .Values.config.releaseScoped }} annotations: "helm.sh/resource-policy": keep + {{- end }} name: {{ $bSecretName }} labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ .Values.basicAuthSecretOverride.password | default $bPassword | quote }} - username: {{ .Values.basicAuthSecretOverride.username | default $bUsername | quote }} + password: {{ .Values.basicAuthSecretOverride.password | default $bPassword | quote }} + username: {{ .Values.basicAuthSecretOverride.username | default $bUsername | quote }} {{- end }} {{- if not $pSecret }} --- apiVersion: v1 kind: Secret metadata: + {{- if not .Values.config.releaseScoped }} annotations: "helm.sh/resource-policy": keep + {{- end }} name: {{ $pSecretName }} labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ .Values.objectStorageSecretOverride.password | default $pPassword | quote }} - username: {{ .Values.objectStorageSecretOverride.username | default $pUsername | quote }} + password: {{ .Values.dbSecretOverride.password | default $pPassword | quote }} + username: {{ .Values.dbSecretOverride.username | default $pUsername | quote }} +{{- end }} +{{- if not $oSecret }} +--- +apiVersion: v1 +kind: Secret +metadata: + {{- if not .Values.config.releaseScoped }} + annotations: + "helm.sh/resource-policy": keep + {{- end }} + name: {{ $oSecretName }} + labels: {{ include "coms.labels" . | nindent 4 }} +type: kubernetes.io/basic-auth +data: + password: {{ .Values.objectStorageSecretOverride.password | default $oPassword | quote }} + username: {{ .Values.objectStorageSecretOverride.username | default $oUsername | quote }} {{- end }} diff --git a/charts/coms/values.yaml b/charts/coms/values.yaml index cc9f6e44..d3fc8990 100644 --- a/charts/coms/values.yaml +++ b/charts/coms/values.yaml @@ -148,10 +148,18 @@ config: # SERVER_PRIVACY_MASK: "true" # Modify the following variables if you need to acquire secret values from a custom-named resource -basicAuthSecretOverride: ~ -dbSecretOverride: ~ -keycloakSecretOverride: ~ -objectStorageSecretOverride: ~ +basicAuthSecretOverride: + username: ~ + password: ~ +dbSecretOverride: + username: ~ + password: ~ +keycloakSecretOverride: + username: ~ + password: ~ +objectStorageSecretOverride: + username: ~ + password: ~ # Patroni subchart configuration overrides patroni: From 51c9ebb9db87af4317adb0f0df367436681fb270 Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Fri, 31 Mar 2023 17:07:04 -0700 Subject: [PATCH 3/7] - Added Secret for keycloak and objectStorage - Configured Secrets to use scoped releases --- charts/coms/templates/secret.yaml | 28 ++++++++++++++++++++++++---- charts/coms/values.yaml | 2 +- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml index 06b45daf..6fa1f944 100644 --- a/charts/coms/templates/secret.yaml +++ b/charts/coms/templates/secret.yaml @@ -1,16 +1,20 @@ {{- $bPassword := (randAlphaNum 32) | b64enc }} {{- $bUsername := (randAlphaNum 32) | b64enc }} -{{- $pPassword := (randAlphaNum 32) | b64enc }} -{{- $pUsername := (randAlphaNum 32) | b64enc }} +{{- $kPassword := (randAlphaNum 32) | b64enc }} +{{- $kUsername := (randAlphaNum 32) | b64enc }} {{- $oPassword := (randAlphaNum 32) | b64enc }} {{- $oUsername := (randAlphaNum 32) | b64enc }} +{{- $pPassword := (randAlphaNum 32) | b64enc }} +{{- $pUsername := (randAlphaNum 32) | b64enc }} {{- $bSecretName := printf "%s-%s" (include "coms.fullname" .) "basicauth" }} {{- $bSecret := (lookup "v1" "Secret" .Release.Namespace $bSecretName ) }} -{{- $pSecretName := printf "%s-%s" (include "coms.fullname" .) "passphrase" }} -{{- $pSecret := (lookup "v1" "Secret" .Release.Namespace $pSecretName ) }} +{{- $kSecretName := printf "%s-%s" (include "coms.fullname" .) "keycloak" }} +{{- $kSecret := (lookup "v1" "Secret" .Release.Namespace $kSecretName ) }} {{- $oSecretName := printf "%s-%s" (include "coms.fullname" .) "objectstorage" }} {{- $oSecret := (lookup "v1" "Secret" .Release.Namespace $oSecretName ) }} +{{- $pSecretName := printf "%s-%s" (include "coms.fullname" .) "passphrase" }} +{{- $pSecret := (lookup "v1" "Secret" .Release.Namespace $pSecretName ) }} {{- if not $bSecret }} --- @@ -60,3 +64,19 @@ data: password: {{ .Values.objectStorageSecretOverride.password | default $oPassword | quote }} username: {{ .Values.objectStorageSecretOverride.username | default $oUsername | quote }} {{- end }} +{{- if not $kSecret }} +--- +apiVersion: v1 +kind: Secret +metadata: + {{- if not .Values.config.releaseScoped }} + annotations: + "helm.sh/resource-policy": keep + {{- end }} + name: {{ $kSecretName }} + labels: {{ include "coms.labels" . | nindent 4 }} +type: kubernetes.io/basic-auth +data: + password: {{ .Values.keycloakSecretOverride.password | default $kPassword | quote }} + username: {{ .Values.keycloakSecretOverride.username | default $kUsername | quote }} +{{- end }} diff --git a/charts/coms/values.yaml b/charts/coms/values.yaml index d3fc8990..013a254a 100644 --- a/charts/coms/values.yaml +++ b/charts/coms/values.yaml @@ -148,7 +148,7 @@ config: # SERVER_PRIVACY_MASK: "true" # Modify the following variables if you need to acquire secret values from a custom-named resource -basicAuthSecretOverride: +basicAuthSecretOverride: username: ~ password: ~ dbSecretOverride: From 6d2f508dec15abf0756eb0aaf05a64e550e104ec Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Tue, 4 Apr 2023 09:50:54 -0700 Subject: [PATCH 4/7] removed whitespace error --- charts/coms/templates/secret.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml index 6fa1f944..d3b4057c 100644 --- a/charts/coms/templates/secret.yaml +++ b/charts/coms/templates/secret.yaml @@ -29,8 +29,8 @@ metadata: labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ .Values.basicAuthSecretOverride.password | default $bPassword | quote }} - username: {{ .Values.basicAuthSecretOverride.username | default $bUsername | quote }} + password: {{ .Values.basicAuthSecretOverride.password | default $bPassword | quote }} + username: {{ .Values.basicAuthSecretOverride.username | default $bUsername | quote }} {{- end }} {{- if not $pSecret }} --- @@ -45,8 +45,8 @@ metadata: labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ .Values.dbSecretOverride.password | default $pPassword | quote }} - username: {{ .Values.dbSecretOverride.username | default $pUsername | quote }} + password: {{ .Values.dbSecretOverride.password | default $pPassword | quote }} + username: {{ .Values.dbSecretOverride.username | default $pUsername | quote }} {{- end }} {{- if not $oSecret }} --- @@ -61,8 +61,8 @@ metadata: labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ .Values.objectStorageSecretOverride.password | default $oPassword | quote }} - username: {{ .Values.objectStorageSecretOverride.username | default $oUsername | quote }} + password: {{ .Values.objectStorageSecretOverride.password | default $oPassword | quote }} + username: {{ .Values.objectStorageSecretOverride.username | default $oUsername | quote }} {{- end }} {{- if not $kSecret }} --- @@ -77,6 +77,6 @@ metadata: labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ .Values.keycloakSecretOverride.password | default $kPassword | quote }} - username: {{ .Values.keycloakSecretOverride.username | default $kUsername | quote }} + password: {{ .Values.keycloakSecretOverride.password | default $kPassword | quote }} + username: {{ .Values.keycloakSecretOverride.username | default $kUsername | quote }} {{- end }} From 75a51f20f1bdeb34b8be5c5d85345c5fd131778a Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Tue, 4 Apr 2023 16:02:18 -0700 Subject: [PATCH 5/7] Added logic to only template yaml if values are defined --- charts/coms/templates/secret.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml index d3b4057c..e3c12282 100644 --- a/charts/coms/templates/secret.yaml +++ b/charts/coms/templates/secret.yaml @@ -48,7 +48,7 @@ data: password: {{ .Values.dbSecretOverride.password | default $pPassword | quote }} username: {{ .Values.dbSecretOverride.username | default $pUsername | quote }} {{- end }} -{{- if not $oSecret }} +{{- if and (not $oSecret) (and .Values.objectStorageSecretOverride.password .Values.objectStorageSecretOverride.username) }} --- apiVersion: v1 kind: Secret @@ -64,7 +64,7 @@ data: password: {{ .Values.objectStorageSecretOverride.password | default $oPassword | quote }} username: {{ .Values.objectStorageSecretOverride.username | default $oUsername | quote }} {{- end }} -{{- if not $kSecret }} +{{- if and (not $kSecret) (and .Values.keycloakSecretOverride.password .Values.keycloakSecretOverride.username) }} --- apiVersion: v1 kind: Secret From 7abb4290f753047efa71999a738c45f7df47c63f Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Tue, 4 Apr 2023 16:33:18 -0700 Subject: [PATCH 6/7] Removed autogeneration for keycloak&objectstorage --- charts/coms/templates/secret.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml index e3c12282..beb7e228 100644 --- a/charts/coms/templates/secret.yaml +++ b/charts/coms/templates/secret.yaml @@ -1,9 +1,5 @@ {{- $bPassword := (randAlphaNum 32) | b64enc }} {{- $bUsername := (randAlphaNum 32) | b64enc }} -{{- $kPassword := (randAlphaNum 32) | b64enc }} -{{- $kUsername := (randAlphaNum 32) | b64enc }} -{{- $oPassword := (randAlphaNum 32) | b64enc }} -{{- $oUsername := (randAlphaNum 32) | b64enc }} {{- $pPassword := (randAlphaNum 32) | b64enc }} {{- $pUsername := (randAlphaNum 32) | b64enc }} @@ -61,8 +57,8 @@ metadata: labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ .Values.objectStorageSecretOverride.password | default $oPassword | quote }} - username: {{ .Values.objectStorageSecretOverride.username | default $oUsername | quote }} + password: {{ .Values.objectStorageSecretOverride.password | quote }} + username: {{ .Values.objectStorageSecretOverride.username | quote }} {{- end }} {{- if and (not $kSecret) (and .Values.keycloakSecretOverride.password .Values.keycloakSecretOverride.username) }} --- @@ -77,6 +73,6 @@ metadata: labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth data: - password: {{ .Values.keycloakSecretOverride.password | default $kPassword | quote }} - username: {{ .Values.keycloakSecretOverride.username | default $kUsername | quote }} + password: {{ .Values.keycloakSecretOverride.password | quote }} + username: {{ .Values.keycloakSecretOverride.username | quote }} {{- end }} From 24b987e13f9d1fe2b861cfbea387e1780672d6d1 Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Tue, 11 Apr 2023 16:08:32 -0700 Subject: [PATCH 7/7] Refactored to use stringData to avoid recasting vars as base64 --- charts/coms/templates/secret.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml index beb7e228..8e13e76c 100644 --- a/charts/coms/templates/secret.yaml +++ b/charts/coms/templates/secret.yaml @@ -24,7 +24,7 @@ metadata: name: {{ $bSecretName }} labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth -data: +stringData: password: {{ .Values.basicAuthSecretOverride.password | default $bPassword | quote }} username: {{ .Values.basicAuthSecretOverride.username | default $bUsername | quote }} {{- end }} @@ -40,7 +40,7 @@ metadata: name: {{ $pSecretName }} labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth -data: +stringData: password: {{ .Values.dbSecretOverride.password | default $pPassword | quote }} username: {{ .Values.dbSecretOverride.username | default $pUsername | quote }} {{- end }} @@ -56,7 +56,7 @@ metadata: name: {{ $oSecretName }} labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth -data: +stringData: password: {{ .Values.objectStorageSecretOverride.password | quote }} username: {{ .Values.objectStorageSecretOverride.username | quote }} {{- end }} @@ -72,7 +72,7 @@ metadata: name: {{ $kSecretName }} labels: {{ include "coms.labels" . | nindent 4 }} type: kubernetes.io/basic-auth -data: +stringData: password: {{ .Values.keycloakSecretOverride.password | quote }} username: {{ .Values.keycloakSecretOverride.username | quote }} {{- end }}