From 650e91d13bda2edde7e576d58808497c9d9c488a Mon Sep 17 00:00:00 2001 From: "Chu, Clemens" Date: Thu, 31 Aug 2023 18:25:52 +0200 Subject: [PATCH 1/2] feat: allow using own secret for database --- helm/frost-server/README.md | 7 +++++++ helm/frost-server/templates/_helpers.tpl | 15 +++++++++++++-- .../templates/db-backup-deployment.yaml | 8 ++++---- helm/frost-server/templates/db-deployment.yaml | 8 ++++---- helm/frost-server/templates/http-deployment.yaml | 16 ++++++++-------- helm/frost-server/templates/mqtt-deployment.yaml | 16 ++++++++-------- helm/frost-server/templates/secret.yaml | 4 +++- helm/frost-server/values.yaml | 4 ++++ 8 files changed, 51 insertions(+), 27 deletions(-) diff --git a/helm/frost-server/README.md b/helm/frost-server/README.md index 93a9481d9..aebde8ca6 100644 --- a/helm/frost-server/README.md +++ b/helm/frost-server/README.md @@ -201,6 +201,9 @@ The following table lists the configurable parameters of the FROST-Server chart | `frost.db.persistence.local.nodeMountPath` | The mount path to use if using the `local` StorageClassName as FROST-Server database StorageClass persistence. See [bellow](#persistence) for more information. | `/mnt/frost-server-db` | | `frost.db.persistence.hostPath` | If `frost.db.persistence.enabled` is set to false. Than this variable can be used to mount this hostPath to the database container. | `nil` | | `frost.db.database` | The FROST-Server database name to use. | `sensorthings` | +| `frost.db.existingSecret` | If set, this secret is used for the database credentials. | `nil` | +| `frost.db.secretUsernameKey:` | The key in the database secret for the username. Change if your secret differs. | `db.username` | +| `frost.db.secretPasswordKey:` | The key in the database secret for the password. Change if your secret differs. | `db.password` | | `frost.db.username` | The _base64_ username to use when connecting to the FROST-Server database. | `c2Vuc29ydGhpbmdz` (`sensorthings`) | | `frost.db.password` | The _base64_ password to use when connecting to the FROST-Server database. | `bm93eW91Y2FuY2hhbmdlaXQ=` (`nowyoucanchangeit`) | | `frost.db.idGenerationMode` | Determines how entity ids are generated by any FROST-Server module. See [here](https://github.com/FraunhoferIOSB/FROST-Server/blob/master/docs/settings.adoc#persistence-settings) for more information. | `ServerGeneratedOnly` | @@ -381,6 +384,10 @@ To enable it, set the `frost.db.persistence.storageClassName` to `frost-server-d > **Warning #2**: The `local` StorageClass can only be used if only the ReadWriteOnce [AccessMode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) is claimed (check the `frost.db.persistence.accessModes` configuration parameter). +### Secret + +It is also possible to create your own secret. To do so set the `frost.db.existingSecret` to your secret. +If your keys differ, you can also set them by setting `frost.db.secretUsernameKey` and `frost.db.secretPasswordKey`. ## Ingress HTTP diff --git a/helm/frost-server/templates/_helpers.tpl b/helm/frost-server/templates/_helpers.tpl index 9853ddeab..2ced7eb8c 100644 --- a/helm/frost-server/templates/_helpers.tpl +++ b/helm/frost-server/templates/_helpers.tpl @@ -27,15 +27,26 @@ Create chart name and version as used by the chart label. {{- end -}} {{/* -Get the HTTP service API version +Get the HTTP service API version. */}} {{- define "frost-server.http.apiVersion" -}} v1.0 {{- end -}} {{/* -Get the HTTP service root URL +Get the HTTP service root URL. */}} {{- define "frost-server.http.serviceRootUrl" -}} {{ .Values.frost.http.serviceProtocol }}://{{ .Values.frost.http.serviceHost }}{{ if .Values.frost.http.servicePort }}:{{ .Values.frost.http.servicePort }}{{ else if not .Values.frost.http.ingress.enabled }}:{{ .Values.frost.http.ports.http.nodePort }}{{ end }}{{ if .Values.frost.http.urlSubPath }}/{{ .Values.frost.http.urlSubPath }}{{ end }} {{- end -}} + +{{/* +Get the DB secret. +*/}} +{{- define "frost-server.db.secret" -}} +{{- if .Values.frost.db.existingSecret -}} +{{ .Values.frost.db.existingSecret }} +{{- else -}} +{{ include "frost-server.fullName" . }} +{{- end -}} +{{- end -}} diff --git a/helm/frost-server/templates/db-backup-deployment.yaml b/helm/frost-server/templates/db-backup-deployment.yaml index bc40f77b5..deaca34fd 100644 --- a/helm/frost-server/templates/db-backup-deployment.yaml +++ b/helm/frost-server/templates/db-backup-deployment.yaml @@ -45,15 +45,15 @@ spec: - name: POSTGRES_PASS valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretPasswordKey }} - name: POSTGRES_PORT value: "5432" - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretUsernameKey }} - name: REMOVE_BEFORE value: "{{ .Values.frost.backup.removeBefore }}" volumes: diff --git a/helm/frost-server/templates/db-deployment.yaml b/helm/frost-server/templates/db-deployment.yaml index f47b0ed9f..dc4c3999e 100644 --- a/helm/frost-server/templates/db-deployment.yaml +++ b/helm/frost-server/templates/db-deployment.yaml @@ -62,13 +62,13 @@ spec: - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretUsernameKey }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretPasswordKey }} {{- if .Values.frost.db.persistence.enabled }} volumes: - name: {{ $fullName }} diff --git a/helm/frost-server/templates/http-deployment.yaml b/helm/frost-server/templates/http-deployment.yaml index 0b2641911..a57887091 100644 --- a/helm/frost-server/templates/http-deployment.yaml +++ b/helm/frost-server/templates/http-deployment.yaml @@ -135,13 +135,13 @@ spec: - name: persistence_db_username valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretUsernameKey }} - name: persistence_db_password valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretPasswordKey }} # Plugin-Loading settings {{- if .Values.frost.plugins.providedPlugins }} @@ -304,13 +304,13 @@ spec: - name: auth_db_username valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretUsernameKey }} - name: auth_db_password valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretPasswordKey }} {{- else if contains "keycloak" (lower .Values.frost.auth.provider) }} # KeyCloak auth requested - name: auth_provider diff --git a/helm/frost-server/templates/mqtt-deployment.yaml b/helm/frost-server/templates/mqtt-deployment.yaml index 142c366fb..1a845a78d 100644 --- a/helm/frost-server/templates/mqtt-deployment.yaml +++ b/helm/frost-server/templates/mqtt-deployment.yaml @@ -155,13 +155,13 @@ spec: - name: persistence_db_username valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretUsernameKey }} - name: persistence_db_password valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretPasswordKey }} # Plugin-Loading settings {{- if .Values.frost.plugins.providedPlugins }} @@ -324,13 +324,13 @@ spec: - name: auth_db_username valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretUsernameKey }} - name: auth_db_password valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.secretPasswordKey }} {{- else if contains "keycloak" (lower .Values.frost.auth.provider) }} # KeyCloak auth requested - name: auth_provider diff --git a/helm/frost-server/templates/secret.yaml b/helm/frost-server/templates/secret.yaml index 7c981caf8..09999152e 100644 --- a/helm/frost-server/templates/secret.yaml +++ b/helm/frost-server/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.frost.db.existingSecret -}} apiVersion: v1 kind: Secret metadata: @@ -9,4 +10,5 @@ metadata: app: {{ include "frost-server.name" . }} data: db.username: {{ .Values.frost.db.username }} - db.password: {{ .Values.frost.db.password }} \ No newline at end of file + db.password: {{ .Values.frost.db.password }} +{{- end -}} diff --git a/helm/frost-server/values.yaml b/helm/frost-server/values.yaml index 03a954d2e..162a3f5dc 100644 --- a/helm/frost-server/values.yaml +++ b/helm/frost-server/values.yaml @@ -286,6 +286,10 @@ frost: transactionRole: false countMode: "FULL" database: sensorthings + # Set this to your own created secret if needed + existingSecret: + secretUsernameKey: db.username + secretPasswordKey: db.password username: c2Vuc29ydGhpbmdz password: bm93eW91Y2FuY2hhbmdlaXQ= securityContext: From 299eac94fa37144390fad424d82f586270ec1f29 Mon Sep 17 00:00:00 2001 From: "Chu, Clemens" Date: Thu, 31 Aug 2023 19:27:54 +0200 Subject: [PATCH 2/2] fix: keyrefs for database secret --- helm/frost-server/README.md | 4 ++-- helm/frost-server/templates/db-backup-deployment.yaml | 4 ++-- helm/frost-server/templates/db-deployment.yaml | 4 ++-- helm/frost-server/templates/http-deployment.yaml | 8 ++++---- helm/frost-server/templates/mqtt-deployment.yaml | 8 ++++---- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/helm/frost-server/README.md b/helm/frost-server/README.md index aebde8ca6..e28a0aee2 100644 --- a/helm/frost-server/README.md +++ b/helm/frost-server/README.md @@ -202,8 +202,8 @@ The following table lists the configurable parameters of the FROST-Server chart | `frost.db.persistence.hostPath` | If `frost.db.persistence.enabled` is set to false. Than this variable can be used to mount this hostPath to the database container. | `nil` | | `frost.db.database` | The FROST-Server database name to use. | `sensorthings` | | `frost.db.existingSecret` | If set, this secret is used for the database credentials. | `nil` | -| `frost.db.secretUsernameKey:` | The key in the database secret for the username. Change if your secret differs. | `db.username` | -| `frost.db.secretPasswordKey:` | The key in the database secret for the password. Change if your secret differs. | `db.password` | +| `frost.db.secretUsernameKey` | The key in the database secret for the username. Change if your secret differs. | `db.username` | +| `frost.db.secretPasswordKey` | The key in the database secret for the password. Change if your secret differs. | `db.password` | | `frost.db.username` | The _base64_ username to use when connecting to the FROST-Server database. | `c2Vuc29ydGhpbmdz` (`sensorthings`) | | `frost.db.password` | The _base64_ password to use when connecting to the FROST-Server database. | `bm93eW91Y2FuY2hhbmdlaXQ=` (`nowyoucanchangeit`) | | `frost.db.idGenerationMode` | Determines how entity ids are generated by any FROST-Server module. See [here](https://github.com/FraunhoferIOSB/FROST-Server/blob/master/docs/settings.adoc#persistence-settings) for more information. | `ServerGeneratedOnly` | diff --git a/helm/frost-server/templates/db-backup-deployment.yaml b/helm/frost-server/templates/db-backup-deployment.yaml index deaca34fd..a5db4f03a 100644 --- a/helm/frost-server/templates/db-backup-deployment.yaml +++ b/helm/frost-server/templates/db-backup-deployment.yaml @@ -46,14 +46,14 @@ spec: valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretPasswordKey }} + key: {{ .Values.frost.db.secretPasswordKey }} - name: POSTGRES_PORT value: "5432" - name: POSTGRES_USER valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretUsernameKey }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: REMOVE_BEFORE value: "{{ .Values.frost.backup.removeBefore }}" volumes: diff --git a/helm/frost-server/templates/db-deployment.yaml b/helm/frost-server/templates/db-deployment.yaml index dc4c3999e..d9b370422 100644 --- a/helm/frost-server/templates/db-deployment.yaml +++ b/helm/frost-server/templates/db-deployment.yaml @@ -63,12 +63,12 @@ spec: valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretUsernameKey }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretPasswordKey }} + key: {{ .Values.frost.db.secretPasswordKey }} {{- if .Values.frost.db.persistence.enabled }} volumes: - name: {{ $fullName }} diff --git a/helm/frost-server/templates/http-deployment.yaml b/helm/frost-server/templates/http-deployment.yaml index a57887091..cad6aa4be 100644 --- a/helm/frost-server/templates/http-deployment.yaml +++ b/helm/frost-server/templates/http-deployment.yaml @@ -136,12 +136,12 @@ spec: valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretUsernameKey }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: persistence_db_password valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretPasswordKey }} + key: {{ .Values.frost.db.secretPasswordKey }} # Plugin-Loading settings {{- if .Values.frost.plugins.providedPlugins }} @@ -305,12 +305,12 @@ spec: valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretUsernameKey }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: auth_db_password valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretPasswordKey }} + key: {{ .Values.frost.db.secretPasswordKey }} {{- else if contains "keycloak" (lower .Values.frost.auth.provider) }} # KeyCloak auth requested - name: auth_provider diff --git a/helm/frost-server/templates/mqtt-deployment.yaml b/helm/frost-server/templates/mqtt-deployment.yaml index 1a845a78d..8768ec28d 100644 --- a/helm/frost-server/templates/mqtt-deployment.yaml +++ b/helm/frost-server/templates/mqtt-deployment.yaml @@ -156,12 +156,12 @@ spec: valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretUsernameKey }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: persistence_db_password valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretPasswordKey }} + key: {{ .Values.frost.db.secretPasswordKey }} # Plugin-Loading settings {{- if .Values.frost.plugins.providedPlugins }} @@ -325,12 +325,12 @@ spec: valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretUsernameKey }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: auth_db_password valueFrom: secretKeyRef: name: {{ include "frost-server.db.secret" . }} - key: {{ .Values.frost.secretPasswordKey }} + key: {{ .Values.frost.db.secretPasswordKey }} {{- else if contains "keycloak" (lower .Values.frost.auth.provider) }} # KeyCloak auth requested - name: auth_provider