Skip to content

Commit

Permalink
Merge pull request #45 from replicatedhq/danj/optional-password-secret
Browse files Browse the repository at this point in the history 
Make password secret optional
  • Loading branch information
@danj-replicated
danj-replicated authored May 14, 2024
2 parents a4ea635 + f59adf8 commit 861db4a
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 7 deletions.
5 changes: 5 additions & 0 deletions templates/abandon-resources-hook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ spec:
if kubectl get configmap kotsadm-application-metadata -n {{ .Release.Namespace }} -o jsonpath='{.metadata.labels.app\.kubernetes\.io/managed-by}' | grep -q "Helm"; then
kubectl annotate configmap kotsadm-application-metadata -n {{ .Release.Namespace }} helm.sh/resource-policy=keep
fi
{{- if .Values.passwordSecretRef }}
if kubectl get secret kotsadm-password -n {{ .Release.Namespace }} -o jsonpath='{.metadata.labels.app\.kubernetes\.io/managed-by}' | grep -q "Helm"; then
kubectl annotate secret kotsadm-password -n {{ .Release.Namespace }} helm.sh/resource-policy=keep
fi
{{- end }}
image: {{ .Values.images.kotsadm }}
imagePullPolicy: IfNotPresent
name: abandon-resources
Expand Down
23 changes: 17 additions & 6 deletions templates/kotsadm-statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,19 @@ spec:
- name: SHARED_PASSWORD_BCRYPT
valueFrom:
secretKeyRef:
{{- if .Values.passwordSecretRef }}
{{- with .Values.passwordSecretRef }}
key: {{ .key }}
name: {{ .name }}
- name: SHARED_PASSWORD_SECRET_NAME
value: {{ .name }}
- name: SHARED_PASSWORD_SECRET_KEY
value: {{ .key }}
{{- end }}
{{- else }}
key: passwordBcrypt
name: kotsadm-password
{{- end }}
- name: AUTO_CREATE_CLUSTER_TOKEN
valueFrom:
secretKeyRef:
Expand All @@ -40,7 +51,7 @@ spec:
secretKeyRef:
key: key
name: kotsadm-session
{{ if not .Values.isHelmManaged }}
{{- if not .Values.isHelmManaged }}
- name: RQLITE_PASSWORD
valueFrom:
secretKeyRef:
Expand All @@ -51,7 +62,7 @@ spec:
secretKeyRef:
key: uri
name: kotsadm-rqlite
{{ end }}
{{- end }}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
Expand All @@ -65,14 +76,14 @@ spec:
value: http://kotsadm.{{ .Release.Namespace }}.svc.cluster.local:3000
- name: API_ADVERTISE_ENDPOINT
value: http://localhost:8800
{{ if .Values.embeddedClusterID }}
{{- if .Values.embeddedClusterID }}
- name: EMBEDDED_CLUSTER_ID
value: {{ .Values.embeddedClusterID | quote }}
{{ end }}
{{ if .Values.embeddedClusterVersion }}
{{- end }}
{{- if .Values.embeddedClusterVersion }}
- name: EMBEDDED_CLUSTER_VERSION
value: {{ .Values.embeddedClusterVersion | quote }}
{{ end }}
{{- end }}
- name: HTTP_PROXY
- name: HTTPS_PROXY
- name: NO_PROXY
Expand Down
5 changes: 4 additions & 1 deletion templates/secret-shared-password.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# Default password is "password".
# Password specified in values or on command line overrides password currently in secret.
# If no password is specified, password in secret is preserved.
# If passwordSecretRef is defined this will be skipped entirely (useful for EC)
{{- if not .Values.passwordSecretRef }}
{{- $passwordBcrypt := "password" | bcrypt | b64enc }}
{{- if ne .Values.password "" }}
{{- $passwordBcrypt = .Values.password | bcrypt | b64enc }}
Expand All @@ -17,4 +19,5 @@ metadata:
{{- include "admin-console.labels" . | nindent 4 }}
name: kotsadm-password
data:
passwordBcrypt: {{ $passwordBcrypt }}
passwordBcrypt: {{ $passwordBcrypt }}
{{- end }}
1 change: 1 addition & 0 deletions values.yaml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ images:
rqlite: ${KOTSADM_REGISTRY}/rqlite:${RQLITE_TAG}
kurlProxy: ${KOTSADM_REGISTRY}/kurl-proxy:${KOTS_TAG}
password: ""
passwordSecretRef: {}
minimalRBAC: true
isHelmManaged: true
embeddedClusterID: ""
Expand Down

0 comments on commit 861db4a

Please sign in to comment.