From 992db514115f5f8a2d8ab8b9335709691208d7ec Mon Sep 17 00:00:00 2001 From: Floppy Disk Date: Wed, 4 Dec 2024 18:20:41 +0300 Subject: [PATCH 1/3] fix kk secrets draft --- .../templates/configure-kk.yaml | 84 ++++++++++++++----- 1 file changed, 62 insertions(+), 22 deletions(-) diff --git a/packages/system/keycloak-configure/templates/configure-kk.yaml b/packages/system/keycloak-configure/templates/configure-kk.yaml index 71eeca32..6349675c 100644 --- a/packages/system/keycloak-configure/templates/configure-kk.yaml +++ b/packages/system/keycloak-configure/templates/configure-kk.yaml @@ -1,9 +1,67 @@ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} {{- $host := index $cozyConfig.data "root-host" }} -{{- $k8sClient := randAlphaNum 32 -}} -{{- $kubeappsClient := randAlphaNum 32 -}} {{- $rootSaConfigMap := lookup "v1" "ConfigMap" "kube-system" "kube-root-ca.crt" }} -{{- $k8sCa := index $rootSaConfigMap.data "ca.crt" | b64enc }} +{{- $k8sCa := index $rootSaConfigMap.data "ca.crt" | b64enc }} + +{{- $existingK8sSecret := lookup "v1" "Secret" .Release.Namespace "k8s-client" }} +{{- $existingKubeappsSecret := lookup "v1" "Secret" .Release.Namespace "kubeapps-client" }} +{{- $existingAuthConfig := lookup "v1" "Secret" "cozy-dashboard" "kubeapps-auth-config" }} + +{{ $k8sClient := "" }} +{{- if $existingK8sSecret }} + {{- $k8sClient := index $existingK8sSecret.data "client-secret-key" | b64dec }} +{{- else }} + {{- $k8sClient := randAlphaNum 32 }} +{{- end }} + +{{ $kubeappsClient := "" }} +{{- if $existingKubeappsSecret }} + {{- $kubeappsClient := index $existingKubeappsSecret.data "client-secret-key" | b64dec }} +{{- else }} + {{- $kubeappsClient := randAlphaNum 32 }} +{{- end }} + +{{ $cookieSecret := "" }} +{{- if $existingAuthConfig }} + {{- $cookieSecret := index $existingAuthConfig.data "cookieSecret" | b64dec }} +{{- else }} + {{- $cookieSecret := randAlphaNum 16 }} +{{- end }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: k8s-client + namespace: {{ .Release.Namespace }} +type: Opaque +data: + client-secret-key: {{ $k8sClient | b64enc }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: kubeapps-client + namespace: {{ .Release.Namespace }} +type: Opaque +data: + client-secret-key: {{ $kubeappsClient | b64enc }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: kubeapps-auth-config + namespace: cozy-dashboard +type: Opaque +data: + cookieSecret: {{ $cookieSecret | b64enc }} + +--- apiVersion: v1.edp.epam.com/v1alpha1 kind: ClusterKeycloak @@ -54,14 +112,6 @@ spec: --- -apiVersion: v1 -kind: Secret -metadata: - name: k8s-client -type: Opaque -stringData: - client-secret-key: {{ $k8sClient }} - --- apiVersion: v1.edp.epam.com/v1 @@ -119,16 +169,6 @@ spec: --- -apiVersion: v1 -kind: Secret -metadata: - name: kubeapps-client -type: Opaque -stringData: - client-secret-key: {{ $kubeappsClient }} - ---- - apiVersion: v1.edp.epam.com/v1 kind: KeycloakClient metadata: @@ -168,7 +208,7 @@ data: provider: "oidc" clientID: "kubeapps" clientSecret: {{ $kubeappsClient }} - cookieSecret: {{ randAlphaNum 16 | b64enc | quote }} + cookieSecret: {{ $cookieSecret }} extraFlags: - --ssl-insecure-skip-verify - --cookie-secure=false From 13d01c6508636fe1792b90d83aa6b53d77e5a9b4 Mon Sep 17 00:00:00 2001 From: Floppy Disk Date: Wed, 4 Dec 2024 18:31:57 +0300 Subject: [PATCH 2/3] fix --- .../keycloak-configure/templates/configure-kk.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/system/keycloak-configure/templates/configure-kk.yaml b/packages/system/keycloak-configure/templates/configure-kk.yaml index 6349675c..828b8567 100644 --- a/packages/system/keycloak-configure/templates/configure-kk.yaml +++ b/packages/system/keycloak-configure/templates/configure-kk.yaml @@ -9,23 +9,23 @@ {{ $k8sClient := "" }} {{- if $existingK8sSecret }} - {{- $k8sClient := index $existingK8sSecret.data "client-secret-key" | b64dec }} + {{- $k8sClient = index $existingK8sSecret.data "client-secret-key" | b64dec }} {{- else }} - {{- $k8sClient := randAlphaNum 32 }} + {{- $k8sClient = randAlphaNum 32 }} {{- end }} {{ $kubeappsClient := "" }} {{- if $existingKubeappsSecret }} - {{- $kubeappsClient := index $existingKubeappsSecret.data "client-secret-key" | b64dec }} + {{- $kubeappsClient = index $existingKubeappsSecret.data "client-secret-key" | b64dec }} {{- else }} - {{- $kubeappsClient := randAlphaNum 32 }} + {{- $kubeappsClient = randAlphaNum 32 }} {{- end }} {{ $cookieSecret := "" }} {{- if $existingAuthConfig }} - {{- $cookieSecret := index $existingAuthConfig.data "cookieSecret" | b64dec }} + {{- $cookieSecret = index $existingAuthConfig.data "cookieSecret" | b64dec }} {{- else }} - {{- $cookieSecret := randAlphaNum 16 }} + {{- $cookieSecret = randAlphaNum 16 }} {{- end }} --- From f91cc561f116af54df1c51b1b28465cba2c56236 Mon Sep 17 00:00:00 2001 From: Floppy Disk Date: Wed, 4 Dec 2024 18:50:13 +0300 Subject: [PATCH 3/3] fix draft password --- .../keycloak-configure/templates/configure-kk.yaml | 12 +++--------- packages/system/keycloak/templates/sts.yaml | 5 +++++ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/packages/system/keycloak-configure/templates/configure-kk.yaml b/packages/system/keycloak-configure/templates/configure-kk.yaml index 828b8567..111f4dbc 100644 --- a/packages/system/keycloak-configure/templates/configure-kk.yaml +++ b/packages/system/keycloak-configure/templates/configure-kk.yaml @@ -7,25 +7,19 @@ {{- $existingKubeappsSecret := lookup "v1" "Secret" .Release.Namespace "kubeapps-client" }} {{- $existingAuthConfig := lookup "v1" "Secret" "cozy-dashboard" "kubeapps-auth-config" }} -{{ $k8sClient := "" }} +{{ $k8sClient := randAlphaNum 32 }} {{- if $existingK8sSecret }} {{- $k8sClient = index $existingK8sSecret.data "client-secret-key" | b64dec }} -{{- else }} - {{- $k8sClient = randAlphaNum 32 }} {{- end }} -{{ $kubeappsClient := "" }} +{{ $kubeappsClient := randAlphaNum 32 }} {{- if $existingKubeappsSecret }} {{- $kubeappsClient = index $existingKubeappsSecret.data "client-secret-key" | b64dec }} -{{- else }} - {{- $kubeappsClient = randAlphaNum 32 }} {{- end }} -{{ $cookieSecret := "" }} +{{ $cookieSecret := randAlphaNum 16 }} {{- if $existingAuthConfig }} {{- $cookieSecret = index $existingAuthConfig.data "cookieSecret" | b64dec }} -{{- else }} - {{- $cookieSecret = randAlphaNum 16 }} {{- end }} --- diff --git a/packages/system/keycloak/templates/sts.yaml b/packages/system/keycloak/templates/sts.yaml index 42d88dc8..d91b56cf 100644 --- a/packages/system/keycloak/templates/sts.yaml +++ b/packages/system/keycloak/templates/sts.yaml @@ -1,6 +1,11 @@ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} {{- $host := index $cozyConfig.data "root-host" }} + +{{- $existingPassword := lookup "v1" "Secret" "cozy-keycloak" "{{ .Release.Name }}-credentials" }} {{- $password := randAlphaNum 16 -}} +{{- if $existingPassword }} + {{- $password = index $existingPassword.data "password" | b64dec }} +{{- end }} apiVersion: v1 kind: Secret