diff --git a/freeleaps/helm-pkg/freeleaps/templates/freeleaps/deployment.yaml b/freeleaps/helm-pkg/freeleaps/templates/freeleaps/deployment.yaml index 6b4ae56e..f78af13d 100644 --- a/freeleaps/helm-pkg/freeleaps/templates/freeleaps/deployment.yaml +++ b/freeleaps/helm-pkg/freeleaps/templates/freeleaps/deployment.yaml @@ -106,12 +106,24 @@ spec: {{- end}} env: {{- range $key, $value := .Values.freeleaps.configs }} + {{- if not (or (eq $key "mongodbUri") (eq $key "jwtSecretKey") (eq $key "stripeApiKey") (eq $key "stripeWebhookSecret") (eq $key "stripeAccountWebhookSecret") (eq $key "rabbitmqPassword") (eq $key "redisUrl") (eq $key "giteaApiKey")) }} - name: {{ $key | snakecase | upper }} valueFrom: secretKeyRef: name: freeleaps-config key: {{ $key | snakecase | upper }} {{- end }} + {{- end }} + {{- if .Values.freeleaps.secrets }} + {{ $targetSecretName := .Values.freeleaps.secrets.target.name }} + {{- range .Values.freeleaps.secrets.data }} + - name: {{ .key | snakecase | upper }} + valueFrom: + secretKeyRef: + name: {{ $targetSecretName }} + key: {{ .key }} + {{- end }} + {{- end }} {{- if .Values.logIngest.enabled }} volumeMounts: - name: app-logs diff --git a/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleaps-config.yaml b/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleaps-config.yaml index 0a7ca014..0c710e3b 100644 --- a/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleaps-config.yaml +++ b/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleaps-config.yaml @@ -10,19 +10,13 @@ data: SERVICE_API_ACCESS_HOST: {{ .Values.freeleaps.configs.serviceApiAccessHost | b64enc | quote }} SERVICE_API_ACCESS_PORT: {{ .Values.freeleaps.configs.serviceApiAccessPort | toString | b64enc }} MONGODB_NAME: {{ .Values.freeleaps.configs.mongodbName | b64enc | quote }} - MONGODB_URI: {{ .Values.freeleaps.configs.mongodbUri | b64enc | quote }} MONGODB_PORT: {{ .Values.freeleaps.configs.mongodbPort | toString | b64enc }} EMAIL_FROM: {{ .Values.freeleaps.configs.emailFrom | b64enc | quote }} SITE_URL_ROOT: {{ .Values.freeleaps.configs.siteUrlRoot | b64enc | quote }} - JWT_SECRET_KEY: {{ .Values.freeleaps.configs.jwtSecretKey | b64enc | quote }} JWT_ALGORITHM: {{ .Values.freeleaps.configs.jwtAlgorithm | b64enc | quote }} - STRIPE_API_KEY: {{ .Values.freeleaps.configs.stripeApiKey | b64enc | quote }} - STRIPE_WEBHOOK_SECRET: {{ .Values.freeleaps.configs.stripeWebhookSecret | b64enc | quote }} - STRIPE_ACCOUNT_WEBHOOK_SECRET: {{ .Values.freeleaps.configs.stripeAccountWebhookSecret | b64enc | quote }} RABBITMQ_HOST: {{ .Values.freeleaps.configs.rabbitmqHost | b64enc | quote }} RABBITMQ_PORT: {{ .Values.freeleaps.configs.rabbitmqPort | toString | b64enc }} RABBITMQ_USERNAME: {{ .Values.freeleaps.configs.rabbitmqUsername | b64enc | quote }} - RABBITMQ_PASSWORD: {{ .Values.freeleaps.configs.rabbitmqPassword | b64enc | quote }} FREELEAPS_DEVSVC_ENDPOINT: {{ .Values.freeleaps.configs.freeleapsDevsvcEndpoint | b64enc | quote }} FREELEAPS_CONTENT_ENDPOINT: {{ .Values.freeleaps.configs.freeleapsContentEndpoint | b64enc | quote }} FREELEAPS_CENTRAL_STORAGE_ENDPOINT: {{ .Values.freeleaps.configs.freeleapsCentralStorageEndpoint | b64enc | quote }} @@ -33,9 +27,7 @@ data: FREELEAPS_NOTIFICATION_ENDPOINT: {{ .Values.freeleaps.configs.freeleapsNotificationEndpoint | b64enc | quote }} FREELEAPS_ENV: {{ .Values.freeleaps.configs.freeleapsEnv | b64enc | quote }} CERT_PATH: {{ .Values.freeleaps.configs.certPath | b64enc | quote }} - REDIS_URL: {{ .Values.freeleaps.configs.redisUrl | b64enc | quote }} REDIS_IS_CLUSTER: {{ .Values.freeleaps.configs.redisIsCluster | b64enc | quote }} METRICS_ENABLED: {{ .Values.freeleaps.configs.metricsEnabled | default false | toString | b64enc }} PROBES_ENABLED: {{ .Values.freeleaps.configs.probesEnabled | default false | toString | b64enc }} - GITEA_API_KEY: {{ .Values.freeleaps.configs.giteaApiKey | b64enc | quote }} GITEA_ENDPOINT: {{ .Values.freeleaps.configs.giteaEndpoint | b64enc | quote }} \ No newline at end of file diff --git a/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleapssecret.yaml b/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleapssecret.yaml new file mode 100644 index 00000000..e3f6e601 --- /dev/null +++ b/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleapssecret.yaml @@ -0,0 +1,23 @@ +{{- if .Values.freeleaps.secrets }} +--- +apiVersion: freeleaps.com/v1alpha1 +kind: FreeleapsSecret +metadata: + name: {{ .Values.freeleaps.secrets.target.name }} + namespace: {{ .Release.Namespace }} +spec: + secretStoreRef: + kind: {{ .Values.freeleaps.secrets.secretStoreRef.kind }} + name: {{ .Values.freeleaps.secrets.secretStoreRef.name }} + target: + name: {{ .Values.freeleaps.secrets.target.name }} + creationPolicy: {{ .Values.freeleaps.secrets.target.creationPolicy }} + refreshInterval: {{ .Values.freeleaps.secrets.refreshInterval }} + data: +{{- range .Values.freeleaps.secrets.data }} + - secretKey: {{ .key }} + remoteRef: + key: {{ .remoteRef.key }} + type: {{ .remoteRef.type }} +{{- end }} +{{- end }} diff --git a/freeleaps/helm-pkg/freeleaps/values.alpha.yaml b/freeleaps/helm-pkg/freeleaps/values.alpha.yaml index 1dfa191a..b34bbe0d 100644 --- a/freeleaps/helm-pkg/freeleaps/values.alpha.yaml +++ b/freeleaps/helm-pkg/freeleaps/values.alpha.yaml @@ -61,19 +61,13 @@ freeleaps: serviceApiAccessHost: 0.0.0.0 serviceApiAccessPort: 8001 mongodbName: freeleaps2 - mongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/ mongodbPort: 27017 emailFrom: freeleaps@freeleaps.com siteUrlRoot: https://freeleaps-alpha.com - jwtSecretKey: 8f87ca8c3c9c3df09a9c78e0adb0927855568f6072d9efc892534aee35f5867b jwtAlgorithm: HS256 - stripeApiKey: sk_test_51Ogsw5B0IyqaSJBrwczlr820jnmvA1qQQGoLZ2XxOsIzikpmXo4pRLjw4XVMTEBR8DdVTYySiAv1XX53Zv5xqynF00GfMqttFd - stripeWebhookSecret: whsec_hUbnahlGtAvN2yckBk45a236LmrODOdm - stripeAccountWebhookSecret: whsec_PgPnkWGhEUiQfnV8aIb5Wmruz7XETJLm rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster rabbitmqPort: 5672 rabbitmqUsername: user - rabbitmqPassword: NjlhHFvnDuC7K0ir freeleapsDevsvcEndpoint: http://devsvc-service.freeleaps-alpha.svc.freeleaps.cluster:8007/api/devsvc/ freeleapsContentEndpoint: http://content-service.freeleaps-alpha.svc.freeleaps.cluster:8013/api/content/ freeleapsCentralStorageEndpoint: http://central-storage-service.freeleaps-alpha.svc.freeleaps.cluster:8005/api/central_storage/ @@ -84,12 +78,52 @@ freeleaps: freeleapsAilabEndpoint: '' freeleapsEnv: alpha certPath: '' - redisUrl: redis://:4sTqfZvUwR@freeleaps-alpha-redis-master.freeleaps-alpha.svc.freeleaps.cluster:6379 redisIsCluster: 'false' metricsEnabled: 'false' probesEnabled: 'true' - giteaApiKey: 737645b8a52b24bf6fc5081c461255fd4c28ab0a giteaEndpoint: https://alpha.gitea.freeleaps.mathmast.com/ + + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: "freeleaps-freeleaps-alpha-secrets" + creationPolicy: "Owner" + refreshInterval: 30s + data: + - key: mongodbUri + remoteRef: + key: "freeleaps-alpha-mongodb-uri" + type: Secret + - key: jwtSecretKey + remoteRef: + key: "freeleaps-alpha-jwt-secret-key" + type: Secret + - key: stripeApiKey + remoteRef: + key: "freeleaps-alpha-stripe-api-key" + type: Secret + - key: stripeWebhookSecret + remoteRef: + key: "freeleaps-alpha-stripe-webhook-secret" + type: Secret + - key: stripeAccountWebhookSecret + remoteRef: + key: "freeleaps-alpha-stripe-account-webhook-secret" + type: Secret + - key: rabbitmqPassword + remoteRef: + key: "freeleaps-alpha-rabbitmq-password" + type: Secret + - key: redisUrl + remoteRef: + key: "freeleaps-alpha-redis-url" + type: Secret + - key: giteaApiKey + remoteRef: + key: "freeleaps-alpha-gitea-api-key" + type: Secret vpa: minAllowed: enabled: false diff --git a/freeleaps/helm-pkg/freeleaps/values.prod.yaml b/freeleaps/helm-pkg/freeleaps/values.prod.yaml index 61f70065..03f762f7 100644 --- a/freeleaps/helm-pkg/freeleaps/values.prod.yaml +++ b/freeleaps/helm-pkg/freeleaps/values.prod.yaml @@ -53,18 +53,12 @@ freeleaps: serviceApiAccessPort: 8001 mongodbName: freeleaps2 mongodbPort: 27017 - mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority emailFrom: freeleaps@freeleaps.com siteUrlRoot: https://freeleaps.com - jwtSecretKey: ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0 jwtAlgorithm: HS256 - stripeApiKey: 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 - stripeWebhookSecret: whsec_yWObkdtJTP4FOrmN2vPNEAv0EBGXbU3n - stripeAccountWebhookSecret: whsec_cFhia4hz65OQLdhv26LZAAmjoBc6WNgg rabbitmqHost: freeleaps-prod-rabbitmq-headless.freeleaps-prod.svc.freeleaps.cluster rabbitmqPort: 5672 rabbitmqUsername: user - rabbitmqPassword: D3b0HKz71T0OcYF8 freeleapsDevsvcEndpoint: http://devsvc-service.freeleaps-prod.svc.freeleaps.cluster:8007/api/devsvc/ freeleapsContentEndpoint: http://content-service.freeleaps-prod.svc.freeleaps.cluster:8013/api/content/ freeleapsCentralStorageEndpoint: http://central-storage-service.freeleaps-prod.svc.freeleaps.cluster:8005/api/central_storage/ @@ -73,14 +67,54 @@ freeleaps: freeleapsAuthenticationEndpoint: http://authentication-service.freeleaps-prod.svc.freeleaps.cluster:8004/api/auth/ freeleapsNotificationEndpoint: http://notification-service.freeleaps-prod.svc.freeleaps.cluster:8003/api/notification/ freeleapsAilabEndpoint: '' - freeleapsEnv: alpha + freeleapsEnv: prod certPath: '' - redisUrl: redis://:izrZtCmYk8@freeleaps-prod-redis-redis-cluster-headless.freeleaps-prod.svc.freeleaps.cluster:6379/0 redisIsCluster: 'true' metricsEnabled: 'true' probesEnabled: 'true' - giteaApiKey: a61216761e1cda4797c1bc13c4cc26472e9e1eb3 giteaEndpoint: https://gitea.freeleaps.mathmast.com/ + + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: "freeleaps-freeleaps-prod-secrets" + creationPolicy: "Owner" + refreshInterval: 30s + data: + - key: mongodbUri + remoteRef: + key: "freeleaps-prod-mongodb-uri" + type: Secret + - key: jwtSecretKey + remoteRef: + key: "freeleaps-prod-jwt-secret-key" + type: Secret + - key: stripeApiKey + remoteRef: + key: "freeleaps-prod-stripe-api-key" + type: Secret + - key: stripeWebhookSecret + remoteRef: + key: "freeleaps-prod-stripe-webhook-secret" + type: Secret + - key: stripeAccountWebhookSecret + remoteRef: + key: "freeleaps-prod-stripe-account-webhook-secret" + type: Secret + - key: rabbitmqPassword + remoteRef: + key: "freeleaps-prod-rabbitmq-password" + type: Secret + - key: redisUrl + remoteRef: + key: "freeleaps-prod-redis-url" + type: Secret + - key: giteaApiKey + remoteRef: + key: "freeleaps-prod-gitea-api-key" + type: Secret vpa: minAllowed: enabled: true diff --git a/freeleaps/helm-pkg/freeleaps/values.yaml b/freeleaps/helm-pkg/freeleaps/values.yaml index 75edc4e9..f0c68995 100644 --- a/freeleaps/helm-pkg/freeleaps/values.yaml +++ b/freeleaps/helm-pkg/freeleaps/values.yaml @@ -129,4 +129,46 @@ freeleaps: memory: "128Mi" controlledResources: - cpu - - memory \ No newline at end of file + - memory + + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: "freeleaps-freeleaps-secrets" + creationPolicy: "Owner" + refreshInterval: 30s + data: + - key: mongodbUri + remoteRef: + key: "freeleaps-mongodb-uri" + type: Secret + - key: jwtSecretKey + remoteRef: + key: "freeleaps-jwt-secret-key" + type: Secret + - key: stripeApiKey + remoteRef: + key: "freeleaps-stripe-api-key" + type: Secret + - key: stripeWebhookSecret + remoteRef: + key: "freeleaps-stripe-webhook-secret" + type: Secret + - key: stripeAccountWebhookSecret + remoteRef: + key: "freeleaps-stripe-account-webhook-secret" + type: Secret + - key: rabbitmqPassword + remoteRef: + key: "freeleaps-rabbitmq-password" + type: Secret + - key: redisUrl + remoteRef: + key: "freeleaps-redis-url" + type: Secret + - key: giteaApiKey + remoteRef: + key: "freeleaps-gitea-api-key" + type: Secret \ No newline at end of file