diff --git a/.gitignore b/.gitignore index 9f11b75..6dabe55 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,5 @@ .idea/ +# Build artifacts +cli/cli +ui/ui +service/service diff --git a/charts/feature/templates/cli-configmap.yaml b/charts/feature/templates/cli-configmap.yaml index 96485fc..a8dbd20 100644 --- a/charts/feature/templates/cli-configmap.yaml +++ b/charts/feature/templates/cli-configmap.yaml @@ -10,7 +10,4 @@ data: ENDPOINT: {{ default (printf "%s:%v" (include "feature.fullname" .) .Values.service.service.port) .Values.cli.endpoint | quote }} OPENTELEMETRY_ENABLED: {{ ternary "true" "false" .Values.cli.opentelemetry.enabled | quote }} OPENTELEMETRY_ENDPOINT: {{ .Values.cli.opentelemetry.endpoint | quote }} - {{- if .Values.service.authentication.enabled }} - USERNAME: {{ .Values.service.authentication.username | quote }} - {{- end }} {{- end }} diff --git a/charts/feature/templates/cli-deployment.yaml b/charts/feature/templates/cli-deployment.yaml index 93bb195..bfbee8b 100644 --- a/charts/feature/templates/cli-deployment.yaml +++ b/charts/feature/templates/cli-deployment.yaml @@ -44,7 +44,7 @@ spec: name: {{ include "feature.cli.fullname" . }} {{- if .Values.service.authentication.enabled }} - secretRef: - name: {{ printf "%s-auth" (include "feature.fullname" .) }} + name: {{ printf "%s-cli-auth" (include "feature.fullname" .) }} {{- end }} {{- with .Values.cli.resources }} resources: diff --git a/charts/feature/templates/cli-secret.yaml b/charts/feature/templates/cli-secret.yaml new file mode 100644 index 0000000..9f40d31 --- /dev/null +++ b/charts/feature/templates/cli-secret.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.cli.enabled .Values.service.authentication.enabled }} +{{- $secretName := printf "%s-cli-auth" (include "feature.fullname" .) }} +{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace $secretName }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + labels: + {{- include "feature.labels" . | nindent 4 }} + app.kubernetes.io/component: cli +type: Opaque +data: + {{- $password := .Values.service.authentication.password }} + {{- if and $existingSecret $existingSecret.data (index $existingSecret.data "PASSWORD") }} + {{- /* Preserve existing password on upgrades */ -}} + PASSWORD: {{ index $existingSecret.data "PASSWORD" | quote }} + {{- else }} + {{- /* Generate new password only on first install or when explicitly set */ -}} + {{- if eq $password "" }} + {{- $password = randAlphaNum 24 }} + {{- end }} + PASSWORD: {{ $password | b64enc | quote }} + {{- end }} + USERNAME: {{ .Values.service.authentication.username | b64enc | quote }} +{{- end }} diff --git a/charts/feature/templates/service-secret.yaml b/charts/feature/templates/service-secret.yaml index b1e052c..f25ef78 100644 --- a/charts/feature/templates/service-secret.yaml +++ b/charts/feature/templates/service-secret.yaml @@ -11,7 +11,7 @@ metadata: type: Opaque data: {{- $password := .Values.service.authentication.password }} - {{- if and $existingSecret $existingSecret.data }} + {{- if and $existingSecret $existingSecret.data (index $existingSecret.data "AUTHENTICATION_PASSWORD") }} {{- /* Preserve existing password on upgrades */ -}} AUTHENTICATION_PASSWORD: {{ index $existingSecret.data "AUTHENTICATION_PASSWORD" | quote }} {{- else }} @@ -21,4 +21,5 @@ data: {{- end }} AUTHENTICATION_PASSWORD: {{ $password | b64enc | quote }} {{- end }} + AUTHENTICATION_USERNAME: {{ .Values.service.authentication.username | b64enc | quote }} {{- end }} diff --git a/charts/feature/templates/ui-configmap.yaml b/charts/feature/templates/ui-configmap.yaml index 1f0f9c8..214987b 100644 --- a/charts/feature/templates/ui-configmap.yaml +++ b/charts/feature/templates/ui-configmap.yaml @@ -12,4 +12,7 @@ data: SUBPATH: {{ .Values.ui.subpath | quote }} OPENTELEMETRY_ENABLED: {{ ternary "true" "false" .Values.cli.opentelemetry.enabled | quote }} OPENTELEMETRY_ENDPOINT: {{ .Values.cli.opentelemetry.endpoint | quote }} + {{- if .Values.service.authentication.enabled }} + AUTHENTICATION_ENABLED: "true" + {{- end }} {{- end }}