Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(helm): enable k8s secrets and custom db user for subchart #34

Closed
wants to merge 10 commits into from
+38 −8
Closed

chore(helm): enable k8s secrets and custom db user for subchart #34

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
d5f6667
chore(helm-chart): enable k8s secrets
evegufy Apr 19, 2024
d23c3aa
chore: update helm-docs
evegufy Apr 19, 2024
6e65f23
chore: don't change helm docs version
evegufy Apr 19, 2024
99cd9d1
fix: set secret for db dependency
evegufy Apr 19, 2024
4d6aa5f
chore: change definition of secret name for db subchart
evegufy Apr 19, 2024
4df1df8
chore: update helm-docs
evegufy Apr 19, 2024
5562c7f
chore: update dependencies file
evegufy Apr 19, 2024
5cce935
fix: change path to existing secret and improve docs
evegufy Apr 22, 2024
7c21e9b
chore: revert change for api key
evegufy Apr 22, 2024
8b56d3b
chore: revert helm docs version change
evegufy Apr 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions DEPENDENCIES
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,9 +130,9 @@ maven/mavencentral/org.apache.xbean/xbean-reflect/3.7, Apache-2.0, approved, cle
maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.assertj/assertj-core/3.25.1, Apache-2.0, approved, #12585
maven/mavencentral/org.assertj/assertj-core/3.25.3, Apache-2.0, approved, #12585
maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14235
maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14237
maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14238
maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14434
maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14433
maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14435
maven/mavencentral/org.ccil.cowan.tagsoup/tagsoup/1.2.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.checkerframework/checker-qual/3.27.0, MIT, approved, clearlydefined
maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined
Expand Down
5 changes: 3 additions & 2 deletions charts/bdrs-server-memory/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,15 +52,16 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \
| server.debug.enabled | bool | `false` | |
| server.debug.port | int | `1044` | |
| server.debug.suspendOnStart | bool | `false` | |
| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","path":"/api/management","port":8081}}` | endpoints of the control plane |
| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}}` | endpoints of the control plane |
| server.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress |
| server.endpoints.default.path | string | `"/api"` | path for incoming api calls |
| server.endpoints.default.port | int | `8080` | port for incoming api calls |
| server.endpoints.directory | object | `{"path":"/api/directory","port":8082}` | directory API |
| server.endpoints.directory.path | string | `"/api/directory"` | path for incoming api calls |
| server.endpoints.directory.port | int | `8082` | port for incoming api calls |
| server.endpoints.management | object | `{"authKey":"password","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing |
| server.endpoints.management | object | `{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing |
| server.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header |
| server.endpoints.management.existingSecret | string | `""` | secret containing the auth-key for incoming api calls |
| server.endpoints.management.path | string | `"/api/management"` | path for incoming api calls |
| server.endpoints.management.port | int | `8081` | port for incoming api calls |
| server.env | object | `{}` | |
Expand Down
11 changes: 11 additions & 0 deletions charts/bdrs-server-memory/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,3 +84,14 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

{{/*
Determine secret name.
*/}}
{{- define "bdrs.secretName" -}}
{{- if .Values.existingSecret -}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that path seems incorrect - shouldn't it be this?

Suggested change
{{- if .Values.existingSecret -}}
{{- if .Values.server.endpoints.management.existingSecret -}}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, fixed

{{- .Values.existingSecret }}
{{- else -}}
{{- include "bdrs.fullname" . -}}
{{- end -}}
{{- end -}}
5 changes: 4 additions & 1 deletion charts/bdrs-server-memory/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,10 @@ spec:
# API #
#######
- name: "EDC_API_AUTH_KEY"
value: {{ .Values.server.endpoints.management.authKey | required ".Values.runtime.endpoints.management.authKey is required" | quote }}
valueFrom:
secretKeyRef:
name: "{{ template "bdrs.secretName" . }}"
key: "auth-key"
- name: "WEB_HTTP_PORT"
value: {{ .Values.server.endpoints.default.port | quote }}
- name: "WEB_HTTP_PATH"
Expand Down
29 changes: 29 additions & 0 deletions charts/bdrs-server-memory/templates/secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{{- /*
* Copyright (c) 2024 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0.
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*
* SPDX-License-Identifier: Apache-2.0
*/}}

{{- if not .Values.server.endpoints.management.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "bdrs.secretName" . }}
namespace: {{ .Release.Namespace | quote }}
type: Opaque
data:
auth-key: {{ .Values.server.endpoints.management.authKey | required ".Values.server.endpoints.management.authKey is required" | b64enc | quote }}
{{- end }}
2 changes: 2 additions & 0 deletions charts/bdrs-server-memory/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,8 @@ server:
path: /api/management
# -- authentication key, must be attached to each 'X-Api-Key' request header
authKey: "password"
# -- secret containing the auth-key for incoming api calls
existingSecret: ""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name authKeyAlias of just alias seems more fitting.

# -- directory API
directory:
# -- port for incoming api calls
Expand Down
7 changes: 4 additions & 3 deletions charts/bdrs-server/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \
| nameOverride | string | `""` | |
| postgresql.auth.database | string | `"bdrs"` | |
| postgresql.auth.password | string | `"password"` | |
| postgresql.auth.username | string | `"postgres"` | |
| postgresql.auth.username | string | `"bdrs"` | |
| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/bdrs"` | |
| postgresql.primary.persistence.enabled | bool | `false` | |
| postgresql.readReplicas.persistence.enabled | bool | `false` | |
Expand All @@ -62,15 +62,16 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \
| server.debug.enabled | bool | `false` | |
| server.debug.port | int | `1044` | |
| server.debug.suspendOnStart | bool | `false` | |
| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","path":"/api/management","port":8081}}` | endpoints of the control plane |
| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}}` | endpoints of the control plane |
| server.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress |
| server.endpoints.default.path | string | `"/api"` | path for incoming api calls |
| server.endpoints.default.port | int | `8080` | port for incoming api calls |
| server.endpoints.directory | object | `{"path":"/api/directory","port":8082}` | directory API |
| server.endpoints.directory.path | string | `"/api/directory"` | path for incoming api calls |
| server.endpoints.directory.port | int | `8082` | port for incoming api calls |
| server.endpoints.management | object | `{"authKey":"password","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing |
| server.endpoints.management | object | `{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing |
| server.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header |
| server.endpoints.management.existingSecret | string | `""` | secret containing the auth-key for incoming api calls |
| server.endpoints.management.path | string | `"/api/management"` | path for incoming api calls |
| server.endpoints.management.port | int | `8081` | port for incoming api calls |
| server.env | object | `{}` | |
Expand Down
27 changes: 27 additions & 0 deletions charts/bdrs-server/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,3 +84,30 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

{{/*
Determine secret name.
*/}}
{{- define "bdrs.secretName" -}}
{{- if .Values.existingSecret -}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that path seems incorrect - shouldn't it be this?

Suggested change
{{- if .Values.existingSecret -}}
{{- if .Values.server.endpoints.management.existingSecret -}}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, fixed

{{- .Values.existingSecret }}
{{- else -}}
{{- include "bdrs.fullname" . -}}
{{- end -}}
{{- end -}}

{{/*
Define secret name of postgresql dependency.
*/}}
{{- define "bdrs.postgresqlSecretName" -}}
{{- if .Values.postgresql.fullnameOverride -}}
{{- .Values.postgresql.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default "postgresql" .Values.postgresql.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
10 changes: 8 additions & 2 deletions charts/bdrs-server/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,10 @@ spec:
# API #
#######
- name: "EDC_API_AUTH_KEY"
value: {{ .Values.server.endpoints.management.authKey | required ".Values.runtime.endpoints.management.authKey is required" | quote }}
valueFrom:
secretKeyRef:
name: "{{ template "bdrs.secretName" . }}"
key: "auth-key"
- name: "WEB_HTTP_PORT"
value: {{ .Values.server.endpoints.default.port | quote }}
- name: "WEB_HTTP_PATH"
Expand All @@ -170,7 +173,10 @@ spec:
- name: "EDC_DATASOURCE_DIDENTRY_USER"
value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
- name: "EDC_DATASOURCE_DIDENTRY_PASSWORD"
value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
valueFrom:
secretKeyRef:
name: "{{ template "bdrs.postgresqlSecretName" . }}"
key: "password"
- name: "EDC_DATASOURCE_DIDENTRY_URL"
value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}

Expand Down
29 changes: 29 additions & 0 deletions charts/bdrs-server/templates/secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{{- /*
* Copyright (c) 2024 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0.
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*
* SPDX-License-Identifier: Apache-2.0
*/}}

{{- if not .Values.server.endpoints.management.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "bdrs.secretName" . }}
namespace: {{ .Release.Namespace | quote }}
type: Opaque
data:
auth-key: {{ .Values.server.endpoints.management.authKey | required ".Values.server.endpoints.management.authKey is required" | b64enc | quote }}
{{- end }}
4 changes: 3 additions & 1 deletion charts/bdrs-server/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,8 @@ server:
path: /api/management
# -- authentication key, must be attached to each 'X-Api-Key' request header
authKey: "password"
# -- secret containing the auth-key for incoming api calls
existingSecret: ""
# -- directory API
directory:
# -- port for incoming api calls
Expand Down Expand Up @@ -277,5 +279,5 @@ postgresql:
enabled: false
auth:
database: "bdrs"
username: "postgres"
username: "bdrs"
password: "password"
Loading