Skip to content

Commit

Permalink
[helm] allow sourcing env vars from secret or config maps
Browse files Browse the repository at this point in the history
  • Loading branch information
@mattlqx
mattlqx committed Sep 9, 2024
1 parent ab4fd94 commit b7ae010
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 36 deletions.
10 changes: 6 additions & 4 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Added

- Add `envFrom` key to Helm values

### Fixed

### Changed
Expand Down Expand Up @@ -98,7 +100,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- Generation of the Helm Charts
- Issue where some missing details in telemetry would crash

### Changed

- Added better readme documentation
Expand Down Expand Up @@ -142,7 +144,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
overloading the database
- Moved all the old commands to the new exec with context to enable timeouts
- Added a 30 seconds timeout when checking the status of the local vms

## [0.7.1] - 2024-05-29

### Added
Expand Down Expand Up @@ -175,7 +177,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed

- Fixed a issue with the orchestrator where it didn't start the auto refresh

## [0.6.6] - 2024-05-16

### Fixed
Expand Down Expand Up @@ -243,7 +245,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Improved documentation on GitHub Actions and Orchestrator use cases
- Added Start/Stop endpoints to the orchestrator
- Added Amplitude Key to the docker images

### Fixed

- Fixed several issues with the orchestrator
Expand Down
66 changes: 35 additions & 31 deletions helm/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,162 +46,166 @@ spec:
value: {{ .Values.service.targetPort | quote }}
{{- if .Values.apiPrefix }}
- name: API_PREFIX
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: API_PREFIX
{{- end }}
{{- if .Values.logLevel }}
- name: LOG_LEVEL
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: LOG_LEVEL
{{- end }}
{{- if .Values.security.key }}
- name: ENCRYPTION_PRIVATE_KEY
valueFrom:
- name: ENCRYPTION_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: {{ include "helm.fullname" . }}
key: ENCRYPTION_PRIVATE_KEY
{{- end }}
{{- if .Values.security.jwt.hmac_secret }}
- name: JWT_HMACS_SECRET
valueFrom:
- name: JWT_HMACS_SECRET
valueFrom:
secretKeyRef:
name: {{ include "helm.fullname" . }}
key: JWT_HMACS_SECRET
{{- end }}
{{- if .Values.security.jwt.rsa_private_key }}
- name: JWT_PRIVATE_KEY
valueFrom:
- name: JWT_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: {{ include "helm.fullname" . }}
key: JWT_PRIVATE_KEY
{{- end }}
{{- if .Values.security.jwt.duration }}
- name: JWT_DURATION
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: JWT_DURATION
{{- end }}
{{- if .Values.security.jwt.signing_method }}
- name: JWT_SIGN_ALGORITHM
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: JWT_SIGN_ALGORITHM
{{- end }}
{{- if .Values.security.password.min_password_length }}
- name: SECURITY_PASSWORD_MIN_PASSWORD_LENGTH
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: SECURITY_PASSWORD_MIN_PASSWORD_LENGTH
{{- end }}
{{- if .Values.security.password.max_password_length }}
- name: SECURITY_PASSWORD_MAX_PASSWORD_LENGTH
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: SECURITY_PASSWORD_MAX_PASSWORD_LENGTH
{{- end }}
{{- if .Values.security.password.require_lowercase }}
- name: SECURITY_PASSWORD_REQUIRE_LOWERCASE
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: SECURITY_PASSWORD_REQUIRE_LOWERCASE
{{- end }}
{{- if .Values.security.password.require_uppercase }}
- name: SECURITY_PASSWORD_REQUIRE_UPPERCASE
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: SECURITY_PASSWORD_REQUIRE_UPPERCASE
{{- end }}
{{- if .Values.security.password.require_number }}
- name: SECURITY_PASSWORD_REQUIRE_NUMBER
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: SECURITY_PASSWORD_REQUIRE_NUMBER
{{- end }}
{{- if .Values.security.password.require_special_characters }}
- name: SECURITY_PASSWORD_REQUIRE_SPECIAL_CHAR
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: SECURITY_PASSWORD_REQUIRE_SPECIAL_CHAR
{{- end }}
{{- if .Values.security.password.salt_password }}
- name: SECURITY_PASSWORD_SALT_PASSWORD
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: SECURITY_PASSWORD_SALT_PASSWORD
{{- end }}
{{- if .Values.security.brute_force.max_login_attempts }}
- name: BRUTE_FORCE_MAX_LOGIN_ATTEMPTS
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: BRUTE_FORCE_MAX_LOGIN_ATTEMPTS
{{- end }}
{{- if .Values.security.brute_force.lockout_duration }}
- name: BRUTE_FORCE_LOCKOUT_DURATION
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: BRUTE_FORCE_LOCKOUT_DURATION
{{- end }}
{{- if .Values.security.brute_force.increment_lockout_duration }}
- name: BRUTE_FORCE_INCREMENTAL_WAIT
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: BRUTE_FORCE_INCREMENTAL_WAIT
{{- end }}
{{- if .Values.security.root_password }}
- name: ROOT_PASSWORD
valueFrom:
- name: ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "helm.fullname" . }}
key: SECURITY_ROOT_PASSWORD
{{- end }}
{{- if .Values.security.enable_tls }}
- name: TLS_ENABLED
- name: TLS_ENABLED
value: "true"
- name: TLS_CERTIFICATE
valueFrom:
- name: TLS_CERTIFICATE
valueFrom:
secretKeyRef:
name: {{ include "helm.fullname" . }}
key: TLS_CERTIFICATE
- name: TLS_PRIVATE_KEY
valueFrom:
- name: TLS_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: {{ include "helm.fullname" . }}
key: TLS_PRIVATE_KEY
{{- end }}
{{- if .Values.config.disableCatalogCaching }}
- name: DISABLE_CATALOG_CACHING
- name: DISABLE_CATALOG_CACHING
value: "true"
{{- end }}
{{- if .Values.config.mode }}
- name: MODE
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: MODE
{{- end }}
{{- if .Values.storage.databasePath }}
- name: DATABASE_FOLDER
valueFrom:
valueFrom:
configMapKeyRef:
name: {{ include "helm.fullname" . }}
key: DATABASE_FOLDER
{{- end }}
{{- with .Values.envFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.targetPort }}
Expand Down Expand Up @@ -242,4 +246,4 @@ spec:
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
5 changes: 4 additions & 1 deletion helm/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ securityContext: {}
# runAsNonRoot: true
# runAsUser: 1000

envFrom: []
# - secretRef:
# name: mySecret

storage:
node_name: ''
storage_class: 'manual'
Expand Down Expand Up @@ -114,4 +118,3 @@ nodeSelector: {}
tolerations: []

affinity: {}

0 comments on commit b7ae010

Please sign in to comment.