added secret generation

Signed-off-by: PatStLouis <patrick.st-louis@opsecid.ca>
decentralized-identity · Oct 9, 2024 · a61e5aa · a61e5aa
1 parent d93a62e
commit a61e5aa
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 3 deletions.
diff --git a/.github/workflows/release.yaml → .github/workflows/chart-release.yaml b/.github/workflows/release.yaml → .github/workflows/chart-release.yaml
diff --git a/charts/tdw-server/templates/_helpers.tpl b/charts/tdw-server/templates/_helpers.tpl
@@ -32,6 +32,23 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 
+{{/*
+Returns a secret if it already in Kubernetes, otherwise it creates
+it randomly.
+*/}}
+{{- define "getOrGeneratePass" }}
+{{- $len := (default 16 .Length) | int -}}
+{{- $obj := (lookup "v1" .Kind .Namespace .Name).data -}}
+{{- if $obj }}
+{{- index $obj .Key -}}
+{{- else if (eq (lower .Kind) "secret") -}}
+{{- randAlphaNum $len | b64enc -}}
+{{- else -}}
+{{- randAlphaNum $len -}}
+{{- end -}}
+{{- end }}
+
+
 {{/* SERVER */}}
 
 {{- define "server.fullname" -}}

diff --git a/charts/tdw-server/templates/server/deployment.yaml b/charts/tdw-server/templates/server/deployment.yaml
@@ -28,14 +28,22 @@ spec:
           image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
           imagePullPolicy: {{ .Values.server.image.pullPolicy }}
           env:
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "server.fullname" . }}
+                  key: SECRET_KEY
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.nameOverride }}
+                  key: password
             - name: DOMAIN
               value: {{ .Values.server.host }}
             - name: ENDORSER_MULTIKEY
               value: {{ .Values.server.environment.ENDORSER_MULTIKEY }}
-            - name: SECRET_KEY
-              value: {{ .Values.server.environment.SECRET_KEY }}
             - name: POSTGRES_URI
-              value: postgres://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{ include "global.postgresql.fullname" . }}:{{ .Values.postgresql.primary.service.ports.postgresql }}
+              value: postgres://{{ .Values.postgresql.auth.username }}:$(POSTGRES_PASSWORD)@{{ include "global.postgresql.fullname" . }}:{{ .Values.postgresql.primary.service.ports.postgresql }}
           ports:
             - name: api
               containerPort: {{ .Values.server.service.apiPort }}

diff --git a/charts/tdw-server/templates/server/secret.yaml b/charts/tdw-server/templates/server/secret.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    "helm.sh/resource-policy": keep
+  name: {{ include "server.fullname" . }}
+  labels:
+    {{- include "server.labels" . | nindent 4 }}
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  SECRET_KEY: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "server.fullname" .) "Key" "SECRET_KEY" "Length" 32) }}
diff --git a/charts/tdw-server/values.yaml b/charts/tdw-server/values.yaml
@@ -52,6 +52,10 @@ postgresql:
   architecture: standalone
   auth:
     enablePostgresUser: true
+    existingSecret: ""
+    secretKeys:
+      adminPasswordKey: admin-password
+      userPasswordKey: database-password
     username: "tdw-server"
 
   ## PostgreSQL Primary parameters