diff --git a/freeleaps/helm-pkg/authentication/templates/authentication/deployment.yaml b/freeleaps/helm-pkg/authentication/templates/authentication/deployment.yaml index 2a531d95..14c37e54 100644 --- a/freeleaps/helm-pkg/authentication/templates/authentication/deployment.yaml +++ b/freeleaps/helm-pkg/authentication/templates/authentication/deployment.yaml @@ -106,6 +106,14 @@ spec: name: authentication-config key: {{ $key | snakecase | upper }} {{- end }} + # inject from secret created by FreeleapsSecret object + {{- range .Values.secrets.data }} + - name: {{ .key | snakecase | upper }} + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.target.name }} + key: {{ .key }} + {{- end }} {{- if .Values.logIngest.enabled }} volumeMounts: - name: app-logs diff --git a/freeleaps/helm-pkg/authentication/templates/authentication/freeleapssecret.yaml b/freeleaps/helm-pkg/authentication/templates/authentication/freeleapssecret.yaml new file mode 100644 index 00000000..7de96369 --- /dev/null +++ b/freeleaps/helm-pkg/authentication/templates/authentication/freeleapssecret.yaml @@ -0,0 +1,20 @@ +apiVersion: freeleaps.com/v1alpha1 +kind: FreeleapsSecret +metadata: + name: freeleaps-authentication-secrets + namespace: {{ .Release.Namespace }} +spec: + secretStoreRef: + kind: {{ .Values.secrets.secretStoreRef.kind }} + name: {{ .Values.secrets.secretStoreRef.name }} + target: + name: {{ .Values.secrets.target.name }} + creationPolicy: {{ .Values.secrets.target.creationPolicy }} + refreshInterval: {{ .Values.secrets.refreshInterval }} + data: +{{- range .Values.secrets.data }} + - key: {{ .key }} + remoteRef: + key: {{ .remoteRef.key }} + type: {{ .remoteRef.type }} +{{- end }} \ No newline at end of file diff --git a/freeleaps/helm-pkg/authentication/values.alpha.yaml b/freeleaps/helm-pkg/authentication/values.alpha.yaml index b0b0808c..8e33aa47 100644 --- a/freeleaps/helm-pkg/authentication/values.alpha.yaml +++ b/freeleaps/helm-pkg/authentication/values.alpha.yaml @@ -80,15 +80,30 @@ authentication: appName: authentication devsvcWebapiUrlBase: http://devsvc-service.freeleaps-alpha.svc.freeleaps.cluster:8007/api/devsvc/ notificationWebapiUrlBase: http://notification-service.freeleaps-alpha.svc.freeleaps.cluster:8003/api/notification/ - jwtSecretKey: 8f87ca8c3c9c3df09a9c78e0adb0927855568f6072d9efc892534aee35f5867b jwtAlgorithm: HS256 serviceApiAccessHost: 0.0.0.0 serviceApiAccessPort: 8004 mongodbName: freeleaps2 mongodbPort: 27017 - mongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/ metricsEnabled: 'false' probesEnabled: 'true' + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: "freeleaps-authentication-secrets" + creationPolicy: "Owner" + refreshInterval: 30s + data: + - key: jwtSecretKey + remoteRef: + key: "freeleaps-jwt-secret-key" + type: Secret + - key: mongodbUri + remoteRef: + key: "freeleaps-mongodb-uri" + type: Secret vpa: minAllowed: enabled: false diff --git a/freeleaps/manifests/freeleaps_main_secretstore.yaml b/freeleaps/manifests/freeleaps_main_secretstore.yaml new file mode 100644 index 00000000..76f9b422 --- /dev/null +++ b/freeleaps/manifests/freeleaps_main_secretstore.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: freeleaps-main-secret-store-azure-creds + namespace: freeleaps-devops-system +type: Opaque +data: + client-id: N2NkMWRmMTktMjRlYS00NmQ3LWFjZDMtNTMzNjI4MzEzOWUw + client-secret: WE15OFF+WGJzZ2lYQzZZcm03dkNSQ3NIZExoUXBJTVlDU1J2Z2NMSA== +--- +apiVersion: freeleaps.com/v1alpha1 +kind: FreeleapsSecretStore +metadata: + name: freeleaps-main-secret-store +spec: + provider: + azurekv: + tenantId: "cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24" + vaultUrl: "https://freeleaps-main.vault.azure.net/" + vaultName: "freeleaps-main" + subscriptionId: "1b7a028d-7d8b-4f41-b467-0efeb04c5b5a" + resourceGroup: "freeleaps" + authSecretRef: + clientId: + name: freeleaps-main-secret-store-azure-creds + key: client-id + namespace: freeleaps-devops-system + clientSecret: + name: freeleaps-main-secret-store-azure-creds + key: client-secret + namespace: freeleaps-devops-system