From e0a14c28f27772791af49a7a8b8aec884f201231 Mon Sep 17 00:00:00 2001 From: Sagar2366 Date: Sun, 11 Sep 2022 11:06:33 +0530 Subject: [PATCH 1/5] Use existing betydb password secret --- templates/_helpers.tpl | 31 +++++++++++++++++++++++++----- templates/add-data.yaml | 10 ++++++++++ templates/executor/deployment.yaml | 10 ++++++++++ templates/monitor/deployment.yaml | 10 ++++++++++ templates/rstudio/statefulset.yaml | 10 ++++++++++ templates/web/deployment.yaml | 10 ++++++++++ values.yaml | 6 ++++++ 7 files changed, 82 insertions(+), 5 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 765b396..4c08563 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -71,6 +71,32 @@ RabbitMQ URI environment value: "amqp://{{ .Values.rabbitmq.rabbitmq.username }}:$(RABBITMQ_PASSWORD)@{{ .Release.Name }}-rabbitmq/%2F" {{- end -}} +{{/* +Get the betydb secret. +*/}} +{{- define "pecan.betydb.secretName" -}} +{{- if .Values.betydb.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.betydb.auth.existingSecret $) -}} +{{- else -}} + {{ .Release.Name }}-betydb +{{- end -}} +{{- end -}} + +{{/* +Get the betyPassword key. +*/}} +{{- define "pecan.betydb.betydbPasswordKey" -}} +{{- if .Values.betydb.auth.existingSecret }} + {{- if .Values.betydb.auth.secretKeys.betydbPasswordKey }} + {{- printf "%s" (tpl .Values.betydb.auth.secretKeys.betydbPasswordKey $) -}} + {{- else -}} + {{- "betyPassword" }} + {{- end -}} +{{- else -}} + {{- "betyPassword" }} +{{- end -}} +{{- end -}} + {{/* Postgresql Environment for postgres */}} @@ -92,11 +118,6 @@ Postgresql Environment for postgres key: postgresql-password - name: BETYUSER value: {{ .Values.betydb.betyUser | quote }} -- name: BETYPASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-betydb - key: betyPassword - name: BETYDATABASE value: {{ .Values.betydb.betyDatabase | quote }} {{- end -}} diff --git a/templates/add-data.yaml b/templates/add-data.yaml index 76d9982..5d7e7e7 100644 --- a/templates/add-data.yaml +++ b/templates/add-data.yaml @@ -29,6 +29,11 @@ spec: value: {{ .Values.betydb.betyDatabase | quote }} - name: PG_TABLE value: "yields" + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} containers: - name: add-data image: "{{ .Values.image.project }}/data:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -41,6 +46,11 @@ spec: {{- include "pecan.env.cluster" . | nindent 12 }} - name: PSQL value: "psql -d {{ .Values.betydb.betyDatabase }} -q -t -c" + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} volumes: - name: data persistentVolumeClaim: diff --git a/templates/executor/deployment.yaml b/templates/executor/deployment.yaml index 4aae9f1..4626909 100644 --- a/templates/executor/deployment.yaml +++ b/templates/executor/deployment.yaml @@ -35,6 +35,11 @@ spec: value: {{ .Values.betydb.betyDatabase | quote }} - name: PG_TABLE value: "yields" + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.project }}/executor:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -51,6 +56,11 @@ spec: secretKeyRef: name: {{ .Release.Name }}-betydb key: secretKey + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} resources: {{- toYaml .Values.executor.resources | nindent 12 }} volumes: diff --git a/templates/monitor/deployment.yaml b/templates/monitor/deployment.yaml index c3d5676..c2c1eec 100644 --- a/templates/monitor/deployment.yaml +++ b/templates/monitor/deployment.yaml @@ -35,6 +35,11 @@ spec: value: {{ .Values.betydb.betyDatabase | quote }} - name: PG_TABLE value: "yields" + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.project }}/monitor:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -45,6 +50,11 @@ spec: {{- include "pecan.env.cluster" . | nindent 12 }} - name: RABBITMQ_MGMT_PATH value: {{ .Values.rabbitmq.ingress.path | default "/" | quote }} + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} ports: - name: pecan-monitor containerPort: 9999 diff --git a/templates/rstudio/statefulset.yaml b/templates/rstudio/statefulset.yaml index 4a8be54..f1795e7 100644 --- a/templates/rstudio/statefulset.yaml +++ b/templates/rstudio/statefulset.yaml @@ -45,6 +45,11 @@ spec: value: {{ $betydb }} - name: PG_TABLE value: "yields" + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} containers: - name: rstudio image: "{{ $.Values.image.project }}/base:{{ $.Values.image.tag | default $.Chart.AppVersion }}" @@ -63,6 +68,11 @@ spec: value: {{ .password | quote }} - name: KEEP_ENV value: "RABBITMQ_URI RABBITMQ_PREFIX RABBITMQ_PORT FQDN NAME" + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} ports: - name: rstudio containerPort: 8787 diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index 026c162..6678f10 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -35,6 +35,11 @@ spec: value: {{ .Values.betydb.betyDatabase | quote }} - name: PG_TABLE value: "yields" + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} - name: check-betydb image: "{{ $.Values.image.checks }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -60,6 +65,11 @@ spec: secretKeyRef: name: {{ .Release.Name }}-betydb key: secretKey + - name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.betydb.secretName" . }} + key: {{ include "pecan.betydb.betydbPasswordKey" . }} livenessProbe: tcpSocket: port: pecan-web diff --git a/values.yaml b/values.yaml index 1ca2494..ec7a405 100644 --- a/values.yaml +++ b/values.yaml @@ -91,6 +91,12 @@ betydb: ## path prefix for all applications (betydb is set below) path: /bety/ + ## Use existing bety password as secret + ## Create secret pecan-betydb-old with key betyPassword + auth: + existingSecret: "" + secretKeys: + betydbPasswordKey: "" ## ------------------------------------------------------------------------------- ## RABBITMQ APPLICATION ## ------------------------------------------------------------------------------- From d0a1a169e4087752d75d5a8f6b483898f7b20161 Mon Sep 17 00:00:00 2001 From: Sagar2366 Date: Mon, 19 Sep 2022 21:49:03 +0530 Subject: [PATCH 2/5] Adding changes to use existing encryption key --- templates/_helpers.tpl | 16 ++++++++++++++++ templates/executor/deployment.yaml | 4 ++-- templates/web/deployment.yaml | 4 ++-- values.yaml | 1 + 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 4c08563..fd984c3 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -97,6 +97,22 @@ Get the betyPassword key. {{- end -}} {{- end -}} + +{{/* +Get the betydb encryption secret key. +*/}} +{{- define "pecan.betydb.betydbEncryptionSecretKey" -}} +{{- if .Values.betydb.auth.existingSecret }} + {{- if .Values.betydb.auth.secretKeys.betydbEncryptionKey }} + {{- printf "%s" (tpl .Values.betydb.auth.secretKeys.betydbEncryptionKey $) -}} + {{- else -}} + {{- "secretKey" }} + {{- end -}} +{{- else -}} + {{- "secretKey" }} +{{- end -}} +{{- end -}} + {{/* Postgresql Environment for postgres */}} diff --git a/templates/executor/deployment.yaml b/templates/executor/deployment.yaml index 4626909..98fa464 100644 --- a/templates/executor/deployment.yaml +++ b/templates/executor/deployment.yaml @@ -54,8 +54,8 @@ spec: - name: SECRET_KEY_BASE valueFrom: secretKeyRef: - name: {{ .Release.Name }}-betydb - key: secretKey + name: {{ include "betydbb.secretName" . }} + key: {{ include "pecan.betydb.betydbEncryptionSecretKey" . }} - name: BETYPASSWORD valueFrom: secretKeyRef: diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index 6678f10..8bcb8d6 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -63,8 +63,8 @@ spec: - name: SECRET_KEY_BASE valueFrom: secretKeyRef: - name: {{ .Release.Name }}-betydb - key: secretKey + name: {{ include "betydbb.secretName" . }} + key: {{ include "pecan.betydb.betydbEncryptionSecretKey" . }} - name: BETYPASSWORD valueFrom: secretKeyRef: diff --git a/values.yaml b/values.yaml index ec7a405..4822d39 100644 --- a/values.yaml +++ b/values.yaml @@ -97,6 +97,7 @@ betydb: existingSecret: "" secretKeys: betydbPasswordKey: "" + betydbEncryptionKey: "" ## ------------------------------------------------------------------------------- ## RABBITMQ APPLICATION ## ------------------------------------------------------------------------------- From e4d615aeb08e55940ce05442d9028c4c00424814 Mon Sep 17 00:00:00 2001 From: Sagar2366 Date: Mon, 19 Sep 2022 21:56:32 +0530 Subject: [PATCH 3/5] Adding changes to use existing encryption key --- templates/_helpers.tpl | 1 - templates/executor/deployment.yaml | 2 +- templates/web/deployment.yaml | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index fd984c3..d33fe4a 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -97,7 +97,6 @@ Get the betyPassword key. {{- end -}} {{- end -}} - {{/* Get the betydb encryption secret key. */}} diff --git a/templates/executor/deployment.yaml b/templates/executor/deployment.yaml index 98fa464..2d0b336 100644 --- a/templates/executor/deployment.yaml +++ b/templates/executor/deployment.yaml @@ -54,7 +54,7 @@ spec: - name: SECRET_KEY_BASE valueFrom: secretKeyRef: - name: {{ include "betydbb.secretName" . }} + name: {{ include "pecan.betydb.secretName" . }} key: {{ include "pecan.betydb.betydbEncryptionSecretKey" . }} - name: BETYPASSWORD valueFrom: diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index 8bcb8d6..2f76d59 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -63,7 +63,7 @@ spec: - name: SECRET_KEY_BASE valueFrom: secretKeyRef: - name: {{ include "betydbb.secretName" . }} + name: {{ include "pecan.betydb.secretName" . }} key: {{ include "pecan.betydb.betydbEncryptionSecretKey" . }} - name: BETYPASSWORD valueFrom: From cf59f46e9ea7123355dde5ca9660299149b0eb6d Mon Sep 17 00:00:00 2001 From: Sagar2366 Date: Mon, 19 Sep 2022 22:53:21 +0530 Subject: [PATCH 4/5] Adding changes to use existing rabbitmq secret --- templates/_helpers.tpl | 57 +++++++++++++++++++++++++++--- templates/executor/deployment.yaml | 5 +++ templates/models/deployment.yaml | 5 +++ templates/monitor/deployment.yaml | 5 +++ templates/rstudio/statefulset.yaml | 10 ++++++ templates/web/deployment.yaml | 10 ++++++ values.yaml | 5 +++ 7 files changed, 92 insertions(+), 5 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index d33fe4a..542f185 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -58,15 +58,62 @@ Cluster environment {{- end }} {{- end -}} +{{/* +Get the rabbitmq secret. +*/}} +{{- define "pecan.rabbitmq.secretName" -}} +{{- if .Values.rabbitmq.existingPasswordSecret -}} + {{- printf "%s" (tpl .Values.rabbitmq.existingPasswordSecret $) -}} +{{- else -}} + {{ .Release.Name }}-rabbitmq +{{- end -}} +{{- end -}} + +{{/* +Get the rabbitmq secret key. +*/}} +{{- define "pecan.rabbitmq.rabbitmqPasswordSecretKey" -}} +{{- if .Values.rabbitmq.existingPasswordSecret }} + {{- if .Values.rabbitmq.secretKeys.rabbitmqPasswordSecretKey }} + {{- printf "%s" (tpl .Values.rabbitmq.secretKeys.rabbitmqPasswordSecretKey $) -}} + {{- else -}} + {{- "rabbitmq-password" }} + {{- end -}} +{{- else -}} + {{- "rabbitmq-password" }} +{{- end -}} +{{- end -}} + +{{/* +Get the erlang secret. +*/}} +{{- define "pecam.rabbitmq.secretErlangName" -}} + {{- if .Values.rabbitmq.existingErlangSecret -}} + {{- printf "%s" .Values.rabbitmq.existingErlangSecret -}} + {{- else -}} + {{ .Release.Name }}-rabbitmq + {{- end -}} +{{- end -}} + +{{/* +Get the rabbitmq erlangCookie Secret key. +*/}} +{{- define "pecan.rabbitmq.erlangCookieSecretKey" -}} +{{- if .Values.rabbitmq.existingErlangSecret }} + {{- if .Values.rabbitmq.secretKeys.erlangCookieSecretKey }} + {{- printf "%s" (tpl .Values.rabbitmq.secretKeys.erlangCookieSecretKey $) -}} + {{- else -}} + {{- "rabbitmq-erlang-cookie" }} + {{- end -}} +{{- else -}} + {{- "rabbitmq-erlang-cookie" }} +{{- end -}} +{{- end -}} + {{/* RabbitMQ URI environment */}} {{- define "pecan.env.rabbitmq" -}} -- name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-rabbitmq - key: rabbitmq-password - name: RABBITMQ_URI value: "amqp://{{ .Values.rabbitmq.rabbitmq.username }}:$(RABBITMQ_PASSWORD)@{{ .Release.Name }}-rabbitmq/%2F" {{- end -}} diff --git a/templates/executor/deployment.yaml b/templates/executor/deployment.yaml index 2d0b336..6a52db2 100644 --- a/templates/executor/deployment.yaml +++ b/templates/executor/deployment.yaml @@ -26,6 +26,11 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- include "pecan.env.rabbitmq" . | nindent 12 }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.rabbitmq.secretName" . }} + key: {{ include "pecan.rabbitmq.rabbitmqPasswordSecretKey" . }} - name: check-postgresql image: "{{ $.Values.image.checks }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} diff --git a/templates/models/deployment.yaml b/templates/models/deployment.yaml index 6243445..fb7cc2e 100644 --- a/templates/models/deployment.yaml +++ b/templates/models/deployment.yaml @@ -42,6 +42,11 @@ spec: mountPath: /data env: {{ $rabbitmqEnv | nindent 12 }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.rabbitmq.secretName" . }} + key: {{ include "pecan.rabbitmq.rabbitmqPasswordSecretKey" . }} {{- if .env }} {{- toYaml .env | nindent 12 }} {{- end }} diff --git a/templates/monitor/deployment.yaml b/templates/monitor/deployment.yaml index c2c1eec..ddfd3d1 100644 --- a/templates/monitor/deployment.yaml +++ b/templates/monitor/deployment.yaml @@ -50,6 +50,11 @@ spec: {{- include "pecan.env.cluster" . | nindent 12 }} - name: RABBITMQ_MGMT_PATH value: {{ .Values.rabbitmq.ingress.path | default "/" | quote }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.rabbitmq.secretName" . }} + key: {{ include "pecan.rabbitmq.rabbitmqPasswordSecretKey" . }} - name: BETYPASSWORD valueFrom: secretKeyRef: diff --git a/templates/rstudio/statefulset.yaml b/templates/rstudio/statefulset.yaml index f1795e7..0984ada 100644 --- a/templates/rstudio/statefulset.yaml +++ b/templates/rstudio/statefulset.yaml @@ -36,6 +36,11 @@ spec: imagePullPolicy: {{ $.Values.image.pullPolicy }} env: {{- $rabbitmq | nindent 12 }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.rabbitmq.secretName" . }} + key: {{ include "pecan.rabbitmq.rabbitmqPasswordSecretKey" . }} - name: check-postgresql image: "{{ $.Values.image.checks }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} @@ -62,6 +67,11 @@ spec: {{- $env | nindent 12 }} - name: RABBITMQ_MGMT_PATH value: {{ $.Values.rabbitmq.ingress.path | default "/" | quote }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.rabbitmq.secretName" . }} + key: {{ include "pecan.rabbitmq.rabbitmqPasswordSecretKey" . }} - name: USER value: {{ .username }} - name: PASSWORD diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index 2f76d59..37d2b59 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -26,6 +26,11 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- include "pecan.env.rabbitmq" . | nindent 12 }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.rabbitmq.secretName" . }} + key: {{ include "pecan.rabbitmq.rabbitmqPasswordSecretKey" . }} - name: check-postgresql image: "{{ $.Values.image.checks }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} @@ -60,6 +65,11 @@ spec: {{- include "pecan.env.rabbitmq" . | nindent 12 }} {{- include "pecan.env.postgresql" . | nindent 12 }} {{- include "pecan.env.cluster" . | nindent 12 }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.rabbitmq.secretName" . }} + key: {{ include "pecan.rabbitmq.rabbitmqPasswordSecretKey" . }} - name: SECRET_KEY_BASE valueFrom: secretKeyRef: diff --git a/values.yaml b/values.yaml index 4822d39..0df2e93 100644 --- a/values.yaml +++ b/values.yaml @@ -112,6 +112,11 @@ rabbitmq: enabled: false hostName: rabbitmq.localhost path: / + existingErlangSecret: "" + existingPasswordSecret: "" + secretKeys: + erlangCookieSecretKey: "" + rabbitmqPasswordSecretKey: "" ## ------------------------------------------------------------------------------- ## INGRESS RULES From 516ae72cb35e98e18e97da6de1a47e99dc48938a Mon Sep 17 00:00:00 2001 From: Sagar2366 Date: Mon, 19 Sep 2022 22:58:37 +0530 Subject: [PATCH 5/5] Adding changes to use existing rabbitmq secret --- templates/executor/deployment.yaml | 5 +++++ templates/monitor/deployment.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/templates/executor/deployment.yaml b/templates/executor/deployment.yaml index 6a52db2..9ddb60f 100644 --- a/templates/executor/deployment.yaml +++ b/templates/executor/deployment.yaml @@ -56,6 +56,11 @@ spec: {{- include "pecan.env.rabbitmq" . | nindent 12 }} {{- include "pecan.env.postgresql" . | nindent 12 }} {{- include "pecan.env.cluster" . | nindent 12 }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.rabbitmq.secretName" . }} + key: {{ include "pecan.rabbitmq.rabbitmqPasswordSecretKey" . }} - name: SECRET_KEY_BASE valueFrom: secretKeyRef: diff --git a/templates/monitor/deployment.yaml b/templates/monitor/deployment.yaml index ddfd3d1..5abda7f 100644 --- a/templates/monitor/deployment.yaml +++ b/templates/monitor/deployment.yaml @@ -26,6 +26,11 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- include "pecan.env.rabbitmq" . | nindent 12 }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pecan.rabbitmq.secretName" . }} + key: {{ include "pecan.rabbitmq.rabbitmqPasswordSecretKey" . }} - name: check-postgresql image: "{{ $.Values.image.checks }}" imagePullPolicy: {{ .Values.image.pullPolicy }}