Merge pull request #16 from xenit-eu/SelfmanagedSecrets

Enable the option to self manage secrets

README.md

@@ -123,6 +123,54 @@ For more information take a look at
 * Description: A field to tell the helm chart what cni provider your cluster is using. By default we assume cilium. If this is not the case you will need to add a network policy to allow the following
 * Alfresco to access heartbeat
 
+#### `general.secrets.acs.selfManaged`
+
+* Required: false
+* Default: false
+* Description: Whether or not you want to provide secrets for the helm chart yourself. This is useful when working on a prod environment and you want a secure secret solution (for example Bitnami' Sealed secrets)
+* Please note that when you enable this you are yourself responsible to provide a secret acs-secret in the namespace that you will install this chart in.
+* Secret data expected:
+```
+  GLOBAL_objectstorage.store.myS3ContentStore.value.accessKey
+  GLOBAL_objectstorage.store.myS3ContentStore.value.secretKey
+```
+
+#### `general.secrets.mq.selfManaged`
+
+* Required: false
+* Default: false
+* Description: Whether or not you want to provide secrets for the helm chart yourself. This is useful when working on a prod environment and you want a secure secret solution (for example Bitnami' Sealed secrets)
+* Please note that when you enable this you are yourself responsible to provide a secret mq-secret in the namespace that you will install this chart in.
+* Secret data expected:
+```
+  ACTIVEMQ_ADMIN_LOGIN
+  ACTIVEMQ_ADMIN_PASSWORD
+  GLOBAL_messaging.broker.username
+  GLOBAL_messaging.broker.password
+```
+
+#### `general.secrets.db.selfManaged`
+
+* Required: false
+* Default: false
+* Description: Whether or not you want to provide secrets for the helm chart yourself. This is useful when working on a prod environment and you want a secure secret solution (for example Bitnami' Sealed secrets)
+* Please note that when you enable this you are yourself responsible to provide a secret db-secret in the namespace that you will install this chart in.
+* Secret data expected:
+```
+  DB_USERNAME
+  DB_PASSWORD  
+  POSTGRES_USER
+  POSTGRES_PASSWORD
+```
+
+#### `general.secrets.imageCredentials.selfManaged`
+
+* Required: false
+* Default: false
+* Description: Whether or not you want to provide secrets for the helm chart yourself. This is useful when working on a prod environment and you want a secure secret solution (for example Bitnami' Sealed secrets)
+* Please note that when you enable this you are yourself responsible to provide a secret privatecred alfrescocred in the namespace that you will install this chart in.
+* Secret data expected: Both secrets should be dockerconfigjson secrets
+
 ### Ingress
 
 #### `ingress.host`

index.yaml

@@ -3,12 +3,12 @@ entries:
   alfresco:
   - apiVersion: v2
     appVersion: 0.1.0
-    created: "2022-07-13T15:03:06.0721886+02:00"
+    created: "2022-07-14T10:48:45.8096062+02:00"
     description: A Helm chart for Alfresco managed by Xenit Solutions
-    digest: 94e2044e23d58d31753f0fe091c445747e97b66368edc58efe147082647f7d94
+    digest: ac9cde6945bbf6430824203f36480ec8355538e2ebb59ee44385a085d7afa636
     name: alfresco
     type: application
     urls:
     - https://xenit-eu.github.io/xenit-k8s-alfresco/alfresco-0.1.0.tgz
     version: 0.1.0
-generated: "2022-07-13T15:03:06.063967+02:00"
+generated: "2022-07-14T10:48:45.8005401+02:00"

xenit-alfresco/templates/acs/acs-secret.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.general.secrets.acs.selfManaged }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -17,4 +18,5 @@ data:
   GLOBAL_objectstorage.store.myS3ContentStore.value.accessKey: {{ required "Since you enabled S3 ContentStore you need to pass an accessKey and secretKey in acs.s3Datastore.accessKey/acs.s3Datastore.secretKey" .Values.acs.s3Datastore.accessKey }}
   GLOBAL_objectstorage.store.myS3ContentStore.value.secretKey: {{ required "Since you enabled S3 ContentStore you need to pass an accessKey and secretKey in acs.s3Datastore.accessKey/acs.s3Datastore.secretKey" .Values.acs.s3Datastore.secretKey }}
   {{- end }}
-  {{- end }}
+  {{- end }}
+{{- end }}

xenit-alfresco/templates/active-mq/mq-secret.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.general.secrets.mq.selfManaged }}
 {{- $secret_name := "mq-secret" }}
 
 apiVersion: v1
@@ -42,4 +43,5 @@ data:
   {{- else }}
   ACTIVEMQ_ADMIN_PASSWORD: {{ .Values.mq.adminPassword | b64enc }}
   GLOBAL_messaging.broker.password: {{ .Values.mq.adminPassword | b64enc }}
-  {{- end }}
+  {{- end }}
+{{- end }}

xenit-alfresco/templates/db-secret.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.general.secrets.db.selfManaged }}
 {{- $db_secret_name := "db-secret" }}
 
 apiVersion: v1
@@ -42,4 +43,5 @@ data:
   {{- else }}
   DB_PASSWORD: {{ .Values.general.db.password | b64enc }}
   POSTGRES_PASSWORD: {{ .Values.general.db.password | b64enc }}
-  {{- end }}
+  {{- end }}
+{{- end }}

xenit-alfresco/templates/docker-registry-secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.general.secrets.imageCredentials.selfManaged }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -32,4 +33,5 @@ data:
   .dockerconfigjson: {{ index $old_alfresco_sec.data ".dockerconfigjson" }}
   {{- else }}
   .dockerconfigjson: {{ template "alfrescoImagePullSecret" . }}
-  {{- end }}
+  {{- end }
+{{- end }

xenit-alfresco/values.yaml

@@ -8,6 +8,15 @@ general:
   cni: cilium
   networkPolicies:
     enabled: true
+  secrets:
+    acs:
+      selfManaged: false
+    mq:
+      selfManaged: false
+    db:
+      selfManaged: false
+    imageCredentials:
+      selfManaged: false
 
 ingress:
   protocol: 'https'