Update helm chart to generate secret for SERVER_PASSPHRASE

jujaga · jujaga · commit 387d8cb14422 · 2022-10-18T16:59:52.000-07:00
This allows runtime encrypt/decrypt operations to and from the database.

Signed-off-by: Jeremy Ho &lt;jujaga@gmail.com&gt;
diff --git a/charts/coms/Chart.yaml b/charts/coms/Chart.yaml
@@ -3,7 +3,7 @@ name: common-object-management-service
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.5
+version: 0.0.6
 kubeVersion: ">= 1.13.0"
 description: A microservice for managing access control to S3 Objects
 # A chart can be either an 'application' or a 'library' chart.
diff --git a/charts/coms/templates/deploymentconfig.yaml b/charts/coms/templates/deploymentconfig.yaml
@@ -151,6 +151,11 @@ spec:
                 secretKeyRef:
                   key: password
                   name: {{ include "coms.configname" . }}-objectstorage
+            - name: SERVER_PASSPHRASE
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: {{ include "coms.fullname" . }}-passphrase
           envFrom:
             - configMapRef:
                 name: {{ include "coms.configname" . }}-config
diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml
@@ -1,19 +1,38 @@
-{{- $password := (randAlphaNum 32) | b64enc }}
-{{- $username := (randAlphaNum 32) | b64enc }}
+{{- $bPassword := (randAlphaNum 32) | b64enc }}
+{{- $bUsername := (randAlphaNum 32) | b64enc }}
+{{- $pPassword := (randAlphaNum 32) | b64enc }}
+{{- $pUsername := (randAlphaNum 32) | b64enc }}
 
-{{- $secretName := printf "%s-%s" (include "coms.fullname" .) "basicauth" }}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName ) }}
-{{- if not $secret }}
+{{- $bSecretName := printf "%s-%s" (include "coms.fullname" .) "basicauth" }}
+{{- $bSecret := (lookup "v1" "Secret" .Release.Namespace $bSecretName ) }}
+{{- $pSecretName := printf "%s-%s" (include "coms.fullname" .) "passphrase" }}
+{{- $pSecret := (lookup "v1" "Secret" .Release.Namespace $pSecretName ) }}
+
+{{- if not $bSecret }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    "helm.sh/resource-policy": keep
+  name: {{ $bSecretName }}
+  labels: {{ include "coms.labels" . | nindent 4 }}
+type: kubernetes.io/basic-auth
+data:
+  password: {{ $bPassword }}
+  username: {{ $bUsername }}
+{{- end }}
+{{- if not $pSecret }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
   annotations:
     "helm.sh/resource-policy": keep
-  name: {{ $secretName }}
+  name: {{ $pSecretName }}
   labels: {{ include "coms.labels" . | nindent 4 }}
 type: kubernetes.io/basic-auth
 data:
-  password: {{ $password }}
-  username: {{ $username }}
+  password: {{ $pPassword }}
+  username: {{ $pUsername }}
 {{- end }}
