New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade usability of secrets #96

Open

purisev opened this issue May 1, 2024 · 1 comment

purisev commented May 1, 2024

Dependent services will broke if you change default passwords in values.yaml
It can be improved by using the secret created in chart.

Also you need to allow using existed secret for pulling image.

Author

purisev commented May 1, 2024 •

edited

Loading

I suggest to:

add in values.yaml:

registry:
  # Use already existing secret for pulling image
  useExistedSecret: false

defaultSecret:
  name: "allure-testops-secret"
  
redis:
  auth:
    # Use existing Secret
    existingSecret: "allure-testops-secret"
    
rabbitmq:
  auth:
    existingPasswordSecret: "allure-testops-secret"

change in templates_helpers.tpl define of imagePullSecret to:

{{- define "imagePullSecret" }}
  {{- if not .Values.registry.useExistedSecret }}
  {{- with .Values.registry }}
    {{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .repo .auth.username .auth.password (printf "%s:%s" .auth.username .auth.password | b64enc) | b64enc }}
  {{- end }}
  {{- end }}
{{- end }}

change in templates\infra\secret.yaml:

metadata:
  name: {{ .Values.defaultSecret.name }}

and in templates\infra\secret.yaml:

  rabbitmq-erlang-cookie: {{ .Values.rabbitmq.auth.erlangCookie | b64enc | quote }}
  rabbitmq-password: {{ .Values.rabbitmq.auth.password | b64enc | quote }}
  redis-password: {{ .Values.redis.auth.password | b64enc | quote }}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment