icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'feat(centralStorage): migrate alpha environment to use Azure Key Vault for sensitive data' (#67) from Nicolas_local_ops into master

Browse Source 
Reviewed-on: https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-ops/pulls/67
This commit is contained in:
Nicolas 2025-08-18 08:25:23 +00:00
commit dc7297967c
4 changed files with 52 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
freeleaps/helm-pkg/centralStorage/templates/central-storage/central-storage-config.yaml
View File

@ -11,9 +11,6 @@ data:
SERVICE_API_ACCESS_PORT: {{ .Values.centralStorage.configs.serviceApiAccessPort | toString | b64enc }}
MONGODB_NAME: {{ .Values.centralStorage.configs.mongodbName | b64enc | quote }}
MONGODB_PORT: {{ .Values.centralStorage.configs.mongodbPort | toString | b64enc }}
MONGODB_URI: {{ .Values.centralStorage.configs.mongodbUri | b64enc | quote }}
AZURE_STORAGE_DOCUMENT_API_KEY: {{ .Values.centralStorage.configs.azureStorageDocumentApiKey | b64enc | quote }}
AZURE_STORAGE_DOCUMENT_API_ENDPOINT: {{ .Values.centralStorage.configs.azureStorageDocumentApiEndpoint | b64enc | quote }}
METRICS_ENABLED: {{ .Values.centralStorage.configs.metricsEnabled | default false | toString | b64enc }}
PROBES_ENABLED: {{ .Values.centralStorage.configs.probesEnabled | default false | toString | b64enc }}
DEBUG_MODE: {{ .Values.centralStorage.configs.debugMode | default false | toString | b64enc }}

11
freeleaps/helm-pkg/centralStorage/templates/central-storage/deployment.yaml
View File

@ -106,6 +106,17 @@ spec:
name: central-storage-config
key: {{ $key | snakecase | upper }}
{{- end }}
# Inject secrets from FreeleapsSecret object
{{- if .Values.centralStorage.secrets }}
{{ $targetSecretName := .Values.centralStorage.secrets.target.name }}
{{- range .Values.centralStorage.secrets.data }}
- name: {{ .key | snakecase | upper }}
valueFrom:
secretKeyRef:
name: {{ $targetSecretName }}
key: {{ .key }}
{{- end }}
{{- end }}
{{- if .Values.logIngest.enabled }}
volumeMounts:
- name: app-logs

20
freeleaps/helm-pkg/centralStorage/templates/central-storage/freeleapssecret.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: freeleaps.com/v1alpha1
kind: FreeleapsSecret
metadata:
name: freeleaps-central-storage-alpha-secrets
namespace: {{ .Release.Namespace }}
spec:
secretStoreRef:
kind: {{ .Values.centralStorage.secrets.secretStoreRef.kind }}
name: {{ .Values.centralStorage.secrets.secretStoreRef.name }}
target:
name: {{ .Values.centralStorage.secrets.target.name }}
creationPolicy: {{ .Values.centralStorage.secrets.target.creationPolicy }}
refreshInterval: {{ .Values.centralStorage.secrets.refreshInterval }}
data:
{{- range .Values.centralStorage.secrets.data }}
- secretKey: {{ .key }}
remoteRef:
key: {{ .remoteRef.key }}
type: {{ .remoteRef.type }}
{{- end }}

24
freeleaps/helm-pkg/centralStorage/values.alpha.yaml
View File

@ -82,12 +82,30 @@ centralStorage:
serviceApiAccessPort: 8005
mongodbName: freeleaps2
mongodbPort: 27017
mongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/
azureStorageDocumentApiKey: xbiFtFeQ6v5dozgVM99fZ9huUomL7QcLu6s0y8zYHtIXZ8XdneKDMcg4liQr/9oNlVoRFcZhWjLY+ASt9cjICQ==
azureStorageDocumentApiEndpoint: https://freeleaps1document.blob.core.windows.net/
metricsEnabled: 'false'
probesEnabled: 'true'
debugMode: 'false'
secrets:
secretStoreRef:
kind: FreeleapsSecretStore
name: freeleaps-main-secret-store
target:
name: "freeleaps-central-storage-secrets"
creationPolicy: "Owner"
refreshInterval: 30s
data:
- key: mongodbUri
remoteRef:
key: "freeleaps-alpha-mongodb-uri"
type: Secret
- key: azureStorageDocumentApiKey
remoteRef:
key: "freeleaps-alpha-azure-storage-document-api-key"
type: Secret
- key: azureStorageDocumentApiEndpoint
remoteRef:
key: "freeleaps-alpha-azure-storage-document-api-endpoint"
type: Secret
vpa:
minAllowed:
enabled: false