From 92d69d9b049024142b68121b187125f21755a005 Mon Sep 17 00:00:00 2001 From: Nicolas Takashi Date: Fri, 24 Dec 2021 12:26:24 +0000 Subject: [PATCH 1/2] [REFACTORY] auth secret structure. --- charts/gitana/Chart.yaml | 2 +- charts/gitana/README.md | 72 +++++++++++++------------ charts/gitana/templates/_helpers.tpl | 4 +- charts/gitana/templates/authsecret.yaml | 11 ++-- charts/gitana/templates/deployment.yaml | 6 +-- charts/gitana/values.yaml | 25 ++++----- 6 files changed, 61 insertions(+), 59 deletions(-) diff --git a/charts/gitana/Chart.yaml b/charts/gitana/Chart.yaml index cf185a7..6de6001 100644 --- a/charts/gitana/Chart.yaml +++ b/charts/gitana/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.0 +version: 1.2.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/gitana/README.md b/charts/gitana/README.md index 3df2e19..d1c1fb8 100644 --- a/charts/gitana/README.md +++ b/charts/gitana/README.md @@ -31,36 +31,42 @@ The command removes all the Kubernetes components associated with the chart and ## Values -| Key | Type | Default | Description | -|----------------------------------------|--------|------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------| -| affinity | object | `{}` | | -| flags.dashboard.folderAnnotation | string | `"dashboard-folder"` | ref: https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration sidecar.dashboards.folderAnnotation | -| flags.dashboard.labels | list | `[{"name":"grafana-dashboard","value":"nil"}]` | ref: https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration sidecar.dashboards.label sidecar.dashboards.labelValue | -| flags.kubeconfig | string | `""` | | -| flags.log.level | string | `"info"` | | -| flags.namespace | string | `"gitana"` | | -| flags.repository.auth | object | `{}` | | -| flags.repository.branch | string | `"main"` | | -| flags.repository.url | string | `"https://github.com/nicolastakashi/poc"` | | -| flags.syncTimer | string | `"5m"` | | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"ntakashi/gitana"` | | -| image.tag | string | `"0.1.0"` | | -| imagePullSecrets | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podSecurityContext | object | `{}` | | -| resources | object | `{}` | | -| securityContext.readOnlyRootFilesystem | bool | `true` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | -| serviceMonitor.enabled | bool | `false` | | -| serviceMonitor.interval | string | `""` | ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint | -| serviceMonitor.scrapeTimeout | string | `""` | ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint | -| tolerations | list | `[]` | | - +| Key | Type | Default | Description | +|------------------------------------------|--------|------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------| +| affinity | object | `{}` | | +| flags.dashboard.folderAnnotation | string | `"dashboard-folder"` | ref: https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration sidecar.dashboards.folderAnnotation | +| flags.dashboard.labels | list | `[{"name":"grafana-dashboard","value":"nil"}]` | ref: https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration sidecar.dashboards.label sidecar.dashboards.labelValue | +| flags.kubeconfig | string | `""` | | +| flags.log.level | string | `"info"` | | +| flags.namespace | string | `"gitana"` | | +| flags.repository.auth.enabled | bool | `false` | | +| flags.repository.auth.password | string | `""` | | +| flags.repository.auth.secret.annotations | object | `{}` | | +| flags.repository.auth.secret.create | bool | `true` | | +| flags.repository.auth.secret.labels | object | `{}` | | +| flags.repository.auth.secret.name | string | `""` | | +| flags.repository.auth.username | string | `""` | | +| flags.repository.branch | string | `"main"` | | +| flags.repository.dashboardPath | string | `""` | | +| flags.repository.url | string | `""` | | +| flags.syncTimer | string | `"5m"` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"ntakashi/gitana"` | | +| image.tag | string | `"1.2.0"` | | +| imagePullSecrets | list | `[]` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | | +| resources | object | `{}` | | +| securityContext.readOnlyRootFilesystem | bool | `true` | | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | +| serviceMonitor.enabled | bool | `false` | | +| serviceMonitor.interval | string | `""` | ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint | +| serviceMonitor.scrapeTimeout | string | `""` | ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint | +| tolerations | list | `[]` | | diff --git a/charts/gitana/templates/_helpers.tpl b/charts/gitana/templates/_helpers.tpl index 2f364c0..82f7d56 100644 --- a/charts/gitana/templates/_helpers.tpl +++ b/charts/gitana/templates/_helpers.tpl @@ -68,8 +68,8 @@ Create the name of the service account to use {{- end }} {{- define "gitana.authSecretName" -}} -{{- if .Values.authSecret.secretname }} -{{- .Values.authSecret.secretname }} +{{- if .Values.flags.repository.auth.secret.name }} +{{- .Values.flags.repository.auth.secret.name }} {{- else }} {{- printf "%s-auth-secret" (include "gitana.fullname" .) }} {{- end }} diff --git a/charts/gitana/templates/authsecret.yaml b/charts/gitana/templates/authsecret.yaml index d9856d6..18a9523 100644 --- a/charts/gitana/templates/authsecret.yaml +++ b/charts/gitana/templates/authsecret.yaml @@ -1,17 +1,20 @@ -{{- if and .Values.authSecret.enabled .Values.authSecret.create }} +{{- if and .Values.flags.repository.auth.enabled .Values.flags.repository.auth.secret.create }} apiVersion: v1 kind: Secret metadata: name: {{ include "gitana.authSecretName" . }} labels: {{- include "gitana.labels" . | nindent 4 }} - {{- with .Values.authSecret.annotations }} + {{- with .Values.flags.repository.auth.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.flags.repository.auth.secret.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} stringData: auth.yaml: |- - username: {{ .Values.authSecret.username | quote }} - password: {{ .Values.authSecret.password | quote }} + username: {{ .Values.flags.repository.auth.username | quote }} + password: {{ .Values.flags.repository.auth.password | quote }} type: Opaque {{- end }} diff --git a/charts/gitana/templates/deployment.yaml b/charts/gitana/templates/deployment.yaml index 769474b..77103d6 100644 --- a/charts/gitana/templates/deployment.yaml +++ b/charts/gitana/templates/deployment.yaml @@ -39,11 +39,7 @@ spec: {{- end }} - --dashboard.labels={{- include "dashboard.labels" . | trimSuffix "," }} - --namespace={{ .Values.flags.namespace }} - {{- if .Values.flags.repository.auth }} - - --repository.auth.user={{ .Values.flags.repository.auth }} - - --repository.auth.user={{ .Values.flags.repository.password }} - {{- end }} - {{- if .Values.authSecret.enabled }} + {{- if .Values.flags.repository.auth.enabled }} - --repository.auth.secretname={{ include "gitana.authSecretName" . }} {{- end }} {{- if .Values.flags.repository.dashboardPath }} diff --git a/charts/gitana/values.yaml b/charts/gitana/values.yaml index cc5905a..57c9bbf 100644 --- a/charts/gitana/values.yaml +++ b/charts/gitana/values.yaml @@ -2,7 +2,7 @@ image: repository: ntakashi/gitana pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: 0.1.0 + tag: 1.2.0 imagePullSecrets: [] nameOverride: "" @@ -61,14 +61,6 @@ serviceMonitor: # ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint scrapeTimeout: "" -authSecret: - enabled: true - create: true - secretname: "" - annotations: {} - username: "cenas" - password: "123" - flags: # (optional) absolute path to the kubeconfig file kubeconfig: "" @@ -107,8 +99,13 @@ flags: # repository url url: "" - auth: {} - # username to perform authentication - # user: "" - # password to perform authentication - # password: + # auth secret configuration + auth: + enabled: false + username: "" + password: "" + secret: + create: true + name: "" + annotations: {} + labels: {} From e33fac77bf2f4ff7830301b79114f078129eb896 Mon Sep 17 00:00:00 2001 From: Nicolas Takashi Date: Sun, 26 Dec 2021 15:28:04 +0000 Subject: [PATCH 2/2] [FEAT] adding secret to gitana role --- charts/gitana/templates/role.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/gitana/templates/role.yaml b/charts/gitana/templates/role.yaml index 135e042..cfdb2ff 100644 --- a/charts/gitana/templates/role.yaml +++ b/charts/gitana/templates/role.yaml @@ -12,3 +12,8 @@ rules: - get - list - update + - apiGroups: [""] + resources: + - secrets + verbs: + - get \ No newline at end of file