Skip to content

Commit

Permalink
feat: Allow to give admin password via secret
Browse files Browse the repository at this point in the history 
Instead of setting the admin password via a parameter in the helm chart,
provide the ability to give it via an existing secret.

Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
  • Loading branch information
@sylvainOL
sylvainOL committed Oct 10, 2022
1 parent 28c3324 commit 18399c7
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 6 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,8 @@ The following table lists the configurable parameters of the Harbor chart and th
| `updateStrategy.type` | The update strategy for deployments with persistent volumes(jobservice, registry and chartmuseum): `RollingUpdate` or `Recreate`. Set it as `Recreate` when `RWM` for volumes isn't supported | `RollingUpdate` |
| `logLevel` | The log level: `debug`, `info`, `warning`, `error` or `fatal` | `info` |
| `harborAdminPassword` | The initial password of Harbor admin. Change it from portal after launching Harbor | `Harbor12345` |
| `existingSecretAdminPassword` | The name of secret where admin password can be found. | |
| `existingSecretAdminPasswordKey` | The name of the key in the secret where to find harbor admin password Harbor | `HARBOR_ADMIN_PASSWORD` |
| `caSecretName` | The name of the secret which contains key named `ca.crt`. Setting this enables the download link on portal to download the CA certificate when the certificate isn't generated automatically | |
| `secretKey` | The key used for encryption. Must be a string of 16 chars | `not-a-secure-key` |
| `existingSecretSecretKey` | An existing secret containing the encoding secretKey | `""` |
Expand Down
19 changes: 13 additions & 6 deletions templates/core/core-dpl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,14 @@ spec:
secretKeyRef:
name: "{{ template "harbor.jobservice" . }}"
key: JOBSERVICE_SECRET
{{- if .Values.internalTLS.enabled }}
{{- if .Values.existingSecretAdminPassword }}
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.existingSecretAdminPassword }}
key: {{ .Values.existingSecretAdminPasswordKey }}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: INTERNAL_TLS_ENABLED
value: "true"
- name: INTERNAL_TLS_KEY_PATH
Expand All @@ -95,21 +102,21 @@ spec:
value: /etc/harbor/ssl/core/tls.crt
- name: INTERNAL_TLS_TRUST_CA_PATH
value: /etc/harbor/ssl/core/ca.crt
{{- end }}
{{- if .Values.database.external.existingSecret }}
{{- end }}
{{- if .Values.database.external.existingSecret }}
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.external.existingSecret }}
key: password
{{- end }}
{{- if .Values.registry.credentials.existingSecret }}
{{- end }}
{{- if .Values.registry.credentials.existingSecret }}
- name: REGISTRY_CREDENTIAL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.registry.credentials.existingSecret }}
key: REGISTRY_PASSWD
{{- end }}
{{- end }}
ports:
- containerPort: {{ template "harbor.core.containerPort" . }}
volumeMounts:
Expand Down
2 changes: 2 additions & 0 deletions templates/core/core-secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,9 @@ data:
tls.crt: {{ .Files.Get "cert/tls.crt" | b64enc }}
tls.key: {{ .Files.Get "cert/tls.key" | b64enc }}
{{- end }}
{{- if not .Values.existingSecretAdminPassword }}
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
{{- end }}
{{- if not .Values.database.external.existingSecret }}
POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{- end }}
Expand Down
7 changes: 7 additions & 0 deletions templates/exporter/exporter-dpl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,13 @@ spec:
name: {{ .Values.database.external.existingSecret }}
key: password
{{- end }}
{{- if .Values.existingSecretAdminPassword }}
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.existingSecretAdminPassword }}
key: {{ .Values.existingSecretAdminPasswordKey }}
{{- end }}
{{- if .Values.exporter.resources }}
resources:
{{ toYaml .Values.exporter.resources | indent 10 }}
Expand Down
2 changes: 2 additions & 0 deletions templates/exporter/exporter-secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ data:
tls.crt: {{ .Files.Get "cert/tls.crt" | b64enc }}
tls.key: {{ .Files.Get "cert/tls.key" | b64enc }}
{{- end }}
{{- if not .Values.existingSecretAdminPassword }}
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
{{- end }}
{{- if not .Values.database.external.existingSecret }}
HARBOR_DATABASE_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{- end }}
Expand Down
4 changes: 4 additions & 0 deletions values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,10 @@ updateStrategy:
logLevel: info

# The initial password of Harbor admin. Change it from portal after launching Harbor
# or give an existing secret for it
# key in secret is given via (default to HARBOR_ADMIN_PASSWORD)
# existingSecretAdminPassword:
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
harborAdminPassword: "Harbor12345"

# The name of the secret which contains key named "ca.crt". Setting this enables the
Expand Down

0 comments on commit 18399c7

Please sign in to comment.