diff --git a/README.md b/README.md index f01d49e..3b72139 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,54 @@ For more information take a look at * Description: A field to tell the helm chart what cni provider your cluster is using. By default we assume cilium. If this is not the case you will need to add a network policy to allow the following * Alfresco to access heartbeat +#### `general.secrets.acs.selfManaged` + +* Required: false +* Default: false +* Description: Whether or not you want to provide secrets for the helm chart yourself. This is useful when working on a prod environment and you want a secure secret solution (for example Bitnami' Sealed secrets) +* Please note that when you enable this you are yourself responsible to provide a secret acs-secret in the namespace that you will install this chart in. +* Secret data expected: +``` + GLOBAL_objectstorage.store.myS3ContentStore.value.accessKey + GLOBAL_objectstorage.store.myS3ContentStore.value.secretKey +``` + +#### `general.secrets.mq.selfManaged` + +* Required: false +* Default: false +* Description: Whether or not you want to provide secrets for the helm chart yourself. This is useful when working on a prod environment and you want a secure secret solution (for example Bitnami' Sealed secrets) +* Please note that when you enable this you are yourself responsible to provide a secret mq-secret in the namespace that you will install this chart in. +* Secret data expected: +``` + ACTIVEMQ_ADMIN_LOGIN + ACTIVEMQ_ADMIN_PASSWORD + GLOBAL_messaging.broker.username + GLOBAL_messaging.broker.password +``` + +#### `general.secrets.db.selfManaged` + +* Required: false +* Default: false +* Description: Whether or not you want to provide secrets for the helm chart yourself. This is useful when working on a prod environment and you want a secure secret solution (for example Bitnami' Sealed secrets) +* Please note that when you enable this you are yourself responsible to provide a secret db-secret in the namespace that you will install this chart in. +* Secret data expected: +``` + DB_USERNAME + DB_PASSWORD + POSTGRES_USER + POSTGRES_PASSWORD +``` + +#### `general.secrets.imageCredentials.selfManaged` + +* Required: false +* Default: false +* Description: Whether or not you want to provide secrets for the helm chart yourself. This is useful when working on a prod environment and you want a secure secret solution (for example Bitnami' Sealed secrets) +* Please note that when you enable this you are yourself responsible to provide a secret privatecred alfrescocred in the namespace that you will install this chart in. +* Secret data expected: Both secrets should be dockerconfigjson secrets + ### Ingress #### `ingress.host` diff --git a/alfresco-0.1.0.tgz b/alfresco-0.1.0.tgz index a9770f9..8f25ae2 100644 Binary files a/alfresco-0.1.0.tgz and b/alfresco-0.1.0.tgz differ diff --git a/index.yaml b/index.yaml index 46eff19..18b64ba 100644 --- a/index.yaml +++ b/index.yaml @@ -3,12 +3,12 @@ entries: alfresco: - apiVersion: v2 appVersion: 0.1.0 - created: "2022-07-13T15:03:06.0721886+02:00" + created: "2022-07-14T10:48:45.8096062+02:00" description: A Helm chart for Alfresco managed by Xenit Solutions - digest: 94e2044e23d58d31753f0fe091c445747e97b66368edc58efe147082647f7d94 + digest: ac9cde6945bbf6430824203f36480ec8355538e2ebb59ee44385a085d7afa636 name: alfresco type: application urls: - https://xenit-eu.github.io/xenit-k8s-alfresco/alfresco-0.1.0.tgz version: 0.1.0 -generated: "2022-07-13T15:03:06.063967+02:00" +generated: "2022-07-14T10:48:45.8005401+02:00" diff --git a/xenit-alfresco/templates/acs/acs-secret.yaml b/xenit-alfresco/templates/acs/acs-secret.yaml index 3b3862e..4b36394 100644 --- a/xenit-alfresco/templates/acs/acs-secret.yaml +++ b/xenit-alfresco/templates/acs/acs-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.general.secrets.acs.selfManaged }} apiVersion: v1 kind: Secret metadata: @@ -17,4 +18,5 @@ data: GLOBAL_objectstorage.store.myS3ContentStore.value.accessKey: {{ required "Since you enabled S3 ContentStore you need to pass an accessKey and secretKey in acs.s3Datastore.accessKey/acs.s3Datastore.secretKey" .Values.acs.s3Datastore.accessKey }} GLOBAL_objectstorage.store.myS3ContentStore.value.secretKey: {{ required "Since you enabled S3 ContentStore you need to pass an accessKey and secretKey in acs.s3Datastore.accessKey/acs.s3Datastore.secretKey" .Values.acs.s3Datastore.secretKey }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} +{{- end }} \ No newline at end of file diff --git a/xenit-alfresco/templates/active-mq/mq-secret.yaml b/xenit-alfresco/templates/active-mq/mq-secret.yaml index 390ce9b..47c5189 100644 --- a/xenit-alfresco/templates/active-mq/mq-secret.yaml +++ b/xenit-alfresco/templates/active-mq/mq-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.general.secrets.mq.selfManaged }} {{- $secret_name := "mq-secret" }} apiVersion: v1 @@ -42,4 +43,5 @@ data: {{- else }} ACTIVEMQ_ADMIN_PASSWORD: {{ .Values.mq.adminPassword | b64enc }} GLOBAL_messaging.broker.password: {{ .Values.mq.adminPassword | b64enc }} - {{- end }} \ No newline at end of file + {{- end }} +{{- end }} \ No newline at end of file diff --git a/xenit-alfresco/templates/db-secret.yaml b/xenit-alfresco/templates/db-secret.yaml index 071d04c..d570a73 100644 --- a/xenit-alfresco/templates/db-secret.yaml +++ b/xenit-alfresco/templates/db-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.general.secrets.db.selfManaged }} {{- $db_secret_name := "db-secret" }} apiVersion: v1 @@ -42,4 +43,5 @@ data: {{- else }} DB_PASSWORD: {{ .Values.general.db.password | b64enc }} POSTGRES_PASSWORD: {{ .Values.general.db.password | b64enc }} - {{- end }} \ No newline at end of file + {{- end }} +{{- end }} \ No newline at end of file diff --git a/xenit-alfresco/templates/docker-registry-secrets.yaml b/xenit-alfresco/templates/docker-registry-secrets.yaml index f3d7add..184ddb6 100644 --- a/xenit-alfresco/templates/docker-registry-secrets.yaml +++ b/xenit-alfresco/templates/docker-registry-secrets.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.general.secrets.imageCredentials.selfManaged }} apiVersion: v1 kind: Secret metadata: @@ -32,4 +33,5 @@ data: .dockerconfigjson: {{ index $old_alfresco_sec.data ".dockerconfigjson" }} {{- else }} .dockerconfigjson: {{ template "alfrescoImagePullSecret" . }} - {{- end }} \ No newline at end of file + {{- end } +{{- end } \ No newline at end of file diff --git a/xenit-alfresco/values.yaml b/xenit-alfresco/values.yaml index 0c59ac0..0a2d0de 100644 --- a/xenit-alfresco/values.yaml +++ b/xenit-alfresco/values.yaml @@ -8,6 +8,15 @@ general: cni: cilium networkPolicies: enabled: true + secrets: + acs: + selfManaged: false + mq: + selfManaged: false + db: + selfManaged: false + imageCredentials: + selfManaged: false ingress: protocol: 'https'