Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support external secrets for service tokens and the xsrf key #1372

Closed
wants to merge 52 commits into from
Closed

Support external secrets for service tokens and the xsrf key #1372

wants to merge 52 commits into from

Conversation

darend
Copy link
Contributor

@darend darend commented Jan 18, 2023

Add support for using external/existing secrets for the following keys:

  • registry.secret
  • jobservice.secret
  • core.secret
  • core.xsrfKey

Shengwen Yu and others added 30 commits January 18, 2023 14:00
…redentials.password (#1123)

Signed-off-by: Dmitry Sergeev <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Update database-ss.yaml

syntax correction

Signed-off-by: tsoni <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Update README accordingly

Signed-off-by: Michele Azzolari <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
  The job will migrate database before upgrade
  Add settings of enableMigrateHelmHook to helm chart
  Update readme.md to add the enableMigrateHelmHook option

Signed-off-by: stonezdj <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
… README tables and values.yaml

Signed-off-by: Jesper Axelsen <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
According to the ingress specification [1], the longest matching path should
be used. But for Istio, "The first rule matching an incoming request is
used" [2,3].

[1]: https://kubernetes.io/docs/concepts/services-networking/ingress/#multiple-matches
[2]: https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService
[3]: istio/istio#35033

Fixes: #485
Signed-off-by: Mathieu Parent <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Shengwen Yu <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Corrects the comment mistake in the Jaeger support mode that has the `agent` and `collector` mode description the wrong way around.

Signed-off-by: ChrisJBurns <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Jerry Jones <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Shengwen Yu <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Tom OBrien <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Christophe Jauffret <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Domonkos Cinke <[email protected]>
Signed-off-by: Domonkos Cinke <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Domonkos Cinke <[email protected]>
Signed-off-by: Domonkos Cinke <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Domonkos Cinke <[email protected]>
Signed-off-by: Domonkos Cinke <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: James Glennan <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: chlins <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Shengwen Yu <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Shengwen Yu <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Shengwen Yu <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
fix: Registry secret value path

fix: Secret usage
Signed-off-by: David Sabatie <[email protected]>
Signed-off-by: David Sabatie <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: David Sabatie <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: David Sabatie <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: David Sabatie <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: David Sabatie <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
golgoth31 and others added 22 commits January 18, 2023 14:00
Signed-off-by: David Sabatie <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: David Sabatie <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Change PASSWORD to password in readme for database existing secret

Signed-off-by: David Sabatie <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Curt Cunning <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: yminer <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Aleksy Zalenski <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Ivan Aguilar <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: yminer <[email protected]>

fix  external redis url

Signed-off-by: yminer <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Add secret env to job when database external secret is used

Signed-off-by: Cong Ha Minh <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
  Update the diagram
  Add the redis sentinel support

Signed-off-by: stonezdj <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
…_SECURITY_CHECKS

Signed-off-by: Shengwen Yu <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Add missing environment variable to registry container - only happens when using existingSecret for Azure imageChartStorage

Signed-off-by: Raul Garcia Sanchez <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
New values allow to configure timeoutSeconds in livenessProbe/readinessProbe
.database.internal.livenessProbe.timeoutSeconds
.database.internal.readinessProbe.timeoutSeconds

Default values (1 second) unchanged if parameters are not set.

Signed-off-by: Peter Englmaier <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Peter Englmaier <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Add JFrog Artifactory As Supported Proxy-Cache Registry Source

Signed-off-by: Derrik Campau <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Support value `f5-bigip` for `expose.ingress.controller`.

Ingresses like F5 BIG-IP are external to the cluster, so Services used
by them must be exposed as type `NodePort`.

Signed-off-by: Jake Yip <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
According to
[Harbor config](https://github.com/goharbor/harbor/blob/main/src/lib/config/metadata/metadatalist.go#L182),
OTEL timeout has to be set as int.

Signed-off-by: Sylvain Desbureaux <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
…aws-load-balancer controller

Signed-off-by: Jon Beilke <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Lionel Nicolas <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Instead of setting the admin password via a parameter in the helm chart,
provide the ability to give it via an existing secret.

Signed-off-by: Sylvain Desbureaux <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
Signed-off-by: Daren Desjardins <[email protected]>
@sagansystems sagansystems closed this by deleting the head repository Jan 18, 2023
@darend
Copy link
Contributor Author

darend commented Jan 18, 2023

Replaced with #1373

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.