From 0d7dc1a81a50cf984edc4d0302fed46c87686bfa Mon Sep 17 00:00:00 2001
From: Nicolas <nicolas@mathmast.com>
Date: Mon, 18 Aug 2025 17:53:35 +0800
Subject: [PATCH] Enable the content service to support akv

---
 .../templates/content/content-config.yaml     |  2 --
 .../content/templates/content/deployment.yaml | 13 ++++++++++++
 .../templates/content/freeleapssecret.yaml    | 20 ++++++++++++++++++
 freeleaps/helm-pkg/content/values.alpha.yaml  | 21 +++++++++++++++++--
 freeleaps/helm-pkg/content/values.prod.yaml   | 21 +++++++++++++++++--
 freeleaps/helm-pkg/content/values.yaml        | 18 ++++++++++++++++
 6 files changed, 89 insertions(+), 6 deletions(-)
 create mode 100644 freeleaps/helm-pkg/content/templates/content/freeleapssecret.yaml

diff --git a/freeleaps/helm-pkg/content/templates/content/content-config.yaml b/freeleaps/helm-pkg/content/templates/content/content-config.yaml
index 326b059b..d08f1f3f 100644
--- a/freeleaps/helm-pkg/content/templates/content/content-config.yaml
+++ b/freeleaps/helm-pkg/content/templates/content/content-config.yaml
@@ -11,8 +11,6 @@ data:
   SERVICE_API_ACCESS_PORT: {{ .Values.content.configs.serviceApiAccessPort | toString | b64enc }}
   MONGODB_NAME: {{ .Values.content.configs.mongodbName | b64enc | quote }}
   MONGODB_PORT: {{ .Values.content.configs.mongodbPort | toString | b64enc }}
-  MONGODB_URI: {{ .Values.content.configs.mongodbUri | b64enc | quote }}
-  FREELEAPS_WWW_AS_AZURE_CLIENT_SECRET: {{ .Values.content.configs.freeleapsWwwAsAzureClientSecret | b64enc | quote }}
   CENTRAL_STORAGE_WEBAPI_URL_BASE: {{ .Values.content.configs.centralStorageWebapiUrlBase | b64enc | quote }}
   METRICS_ENABLED: {{ .Values.content.configs.metricsEnabled | default false | toString | b64enc }}
   PROBES_ENABLED: {{ .Values.content.configs.probesEnabled | default false | toString | b64enc }}
\ No newline at end of file
diff --git a/freeleaps/helm-pkg/content/templates/content/deployment.yaml b/freeleaps/helm-pkg/content/templates/content/deployment.yaml
index e352552c..74421105 100644
--- a/freeleaps/helm-pkg/content/templates/content/deployment.yaml
+++ b/freeleaps/helm-pkg/content/templates/content/deployment.yaml
@@ -100,12 +100,25 @@ spec:
           {{- end}}
           env:
             {{- range $key, $value := .Values.content.configs }}
+            {{- if not (or (eq $key "mongodbUri") (eq $key "freeleapsWwwAsAzureClientSecret")) }}
             - name: {{ $key | snakecase | upper }}
               valueFrom:
                 secretKeyRef:
                   name: content-config
                   key: {{ $key | snakecase | upper }}
             {{- end }}
+            {{- end }}
+            # Inject secrets from FreeleapsSecret object
+            {{- if .Values.content.secrets }}
+            {{ $targetSecretName := .Values.content.secrets.target.name }}
+            {{- range .Values.content.secrets.data }}
+            - name: {{ .key | snakecase | upper }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $targetSecretName }}
+                  key: {{ .key }}
+            {{- end }}
+            {{- end }}
 {{- if .Values.logIngest.enabled }}
           volumeMounts:
             - name: app-logs
diff --git a/freeleaps/helm-pkg/content/templates/content/freeleapssecret.yaml b/freeleaps/helm-pkg/content/templates/content/freeleapssecret.yaml
new file mode 100644
index 00000000..2b30b7ad
--- /dev/null
+++ b/freeleaps/helm-pkg/content/templates/content/freeleapssecret.yaml
@@ -0,0 +1,20 @@
+apiVersion: freeleaps.com/v1alpha1
+kind: FreeleapsSecret
+metadata:
+  name: {{ .Values.content.secrets.target.name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretStoreRef:
+    kind: {{ .Values.content.secrets.secretStoreRef.kind }}
+    name: {{ .Values.content.secrets.secretStoreRef.name }}
+  target:
+    name: {{ .Values.content.secrets.target.name }}
+    creationPolicy: {{ .Values.content.secrets.target.creationPolicy }}
+  refreshInterval: {{ .Values.content.secrets.refreshInterval }}
+  data:
+{{- range .Values.content.secrets.data }}
+  - secretKey: {{ .key }}
+    remoteRef:
+      key: {{ .remoteRef.key }}
+      type: {{ .remoteRef.type }}
+{{- end }}
diff --git a/freeleaps/helm-pkg/content/values.alpha.yaml b/freeleaps/helm-pkg/content/values.alpha.yaml
index bd4f02ff..c728b6f6 100644
--- a/freeleaps/helm-pkg/content/values.alpha.yaml
+++ b/freeleaps/helm-pkg/content/values.alpha.yaml
@@ -82,11 +82,28 @@ content:
     serviceApiAccessPort: 8013
     mongodbName: freeleaps2
     mongodbPort: 27017
-    mongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/
-    freeleapsWwwAsAzureClientSecret: jTu8Q~WceiK-5dfZB44Ww-K4fVGi3_5tHNWYYbdX
+    
     centralStorageWebapiUrlBase: http://central-storage-service.freeleaps-alpha.svc.freeleaps.cluster:8005/api/central_storage
     metricsEnabled: 'false'
     probesEnabled: 'true'
+  
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-content-alpha-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-alpha-mongodb-uri"
+          type: Secret
+      - key: freeleapsWwwAsAzureClientSecret
+        remoteRef:
+          key: "freeleaps-alpha-www-as-azure-client-secret"
+          type: Secret
   vpa:
     minAllowed:
       enabled: false
diff --git a/freeleaps/helm-pkg/content/values.prod.yaml b/freeleaps/helm-pkg/content/values.prod.yaml
index effceec5..57c6ccf3 100644
--- a/freeleaps/helm-pkg/content/values.prod.yaml
+++ b/freeleaps/helm-pkg/content/values.prod.yaml
@@ -68,11 +68,28 @@ content:
     serviceApiAccessPort: 8013
     mongodbName: freeleaps2
     mongodbPort: 27017
-    mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority
-    freeleapsWwwAsAzureClientSecret: jTu8Q~WceiK-5dfZB44Ww-K4fVGi3_5tHNWYYbdX
+    
     centralStorageWebapiUrlBase: http://central-storage-service.freeleaps-prod.svc.freeleaps.cluster:8005/api/central_storage
     metricsEnabled: 'true'
     probesEnabled: 'true'
+  
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-content-prod-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-prod-mongodb-uri"
+          type: Secret
+      - key: freeleapsWwwAsAzureClientSecret
+        remoteRef:
+          key: "freeleaps-prod-www-as-azure-client-secret"
+          type: Secret
   vpa:
     minAllowed:
       enabled: true
diff --git a/freeleaps/helm-pkg/content/values.yaml b/freeleaps/helm-pkg/content/values.yaml
index d758567f..e20d8338 100644
--- a/freeleaps/helm-pkg/content/values.yaml
+++ b/freeleaps/helm-pkg/content/values.yaml
@@ -69,6 +69,24 @@ content:
     metricsEnabled: "false"
     # PROBES_ENABLED
     probesEnabled: "false"
+  # AKV secrets configuration
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-content-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-mongodb-uri"
+          type: Secret
+      - key: freeleapsWwwAsAzureClientSecret
+        remoteRef:
+          key: "freeleaps-www-as-azure-client-secret"
+          type: Secret
   vpa:
     minAllowed:
       enabled: false