Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide confidential values as secret #71

Merged
merged 14 commits into from
Sep 10, 2023
Merged

Provide confidential values as secret #71

merged 14 commits into from
Sep 10, 2023

Conversation

ridoo
Copy link
Contributor

@ridoo ridoo commented Sep 6, 2023
edited
Loading

Description

Separates confidential values (currently the superuser credentials) from values.yaml into a Kubernetes Secret.
Provides a templates/demo-secret.yaml by default. However, can be overridden by a custom secret which can be referenced by name in the values.yaml.

@mwallschlaeger please have a look, if you think this is a path we may want to follow. If you are ok, I will continue refactoring the remaining credentials.

Type of Change

Please select the relevant option:

  • Bug fix
  • New feature
  • Documentation update
  • Refactoring
  • Other (please describe)

Related Issue

If there is an existing issue related to this pull request, please reference it here.

closes #70

Checklist

Please ensure that your pull request meets the following requirements:

  • The pull request is limited to one type (docs, feature, bug fix, etc.)
  • The pull request is as small as possible. Consider opening multiple pull requests instead of one large one.
  • The feature or bug fix has been discussed and documented in an issue beforehand.

Additional Notes

Any additional information or context regarding the pull request can be provided here.

Thank you for creating this pull request

@ridoo ridoo requested a review from mwallschlaeger September 6, 2023 15:40
@ridoo ridoo mentioned this pull request Sep 7, 2023
Closed
ridoo added 3 commits September 7, 2023 12:11
@ridoo
Remove secret boilerplate in values.yaml
9bfb972
@ridoo
Configure secret creation via flag
a7fa6f7
@ridoo
Enhance secret configuration
eb3152b 
- Use existingSecretName to configure secret via external secret
- rabbitmq uses its own naming syntax. We show them for convenience
- fixing external database property

Postgres secrets for external databases has to be added still
@ridoo ridoo marked this pull request as draft September 7, 2023 15:25
mwallschlaeger
mwallschlaeger requested changes Sep 8, 2023
View reviewed changes
Copy link
Contributor

@mwallschlaeger mwallschlaeger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see my two remarks on this. else i'm fine with the general idea on this now.

charts/geonode/templates/geonode/geonode-deploy.yaml Outdated Show resolved Hide resolved
charts/geonode/templates/geonode/geonode-secret.yaml Outdated Show resolved Hide resolved
mwallschlaeger
mwallschlaeger reviewed Sep 8, 2023
View reviewed changes
charts/geonode/templates/geoserver/geoserver-deploy.yaml Outdated
@@ -65,6 +65,8 @@ spec:
envFrom:
- configMapRef:
name: {{ include "geoserver_pod_name" . }}-env
- secretRef:
name: {{ .Values.geoserver.secret.existingSecretName | "geoserver-secret" | quote }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comments on geonode-deploy.yaml herefor

mwallschlaeger
mwallschlaeger previously approved these changes Sep 8, 2023
View reviewed changes
@mwallschlaeger mwallschlaeger added documentation Improvements or additions to documentation feature new required feature labels Sep 8, 2023
@ridoo ridoo marked this pull request as ready for review September 8, 2023 08:57
@ridoo ridoo changed the title WIP: Provide confidential values as secret Provide confidential values as secret Sep 8, 2023
@mwallschlaeger mwallschlaeger merged commit 78f213b into zalf-rdm:main Sep 10, 2023
@ridoo ridoo deleted the issue#70_externalize-secrets branch September 10, 2023 16:44
mwallschlaeger added a commit that referenced this pull request Sep 11, 2023
@mwallschlaeger @ridoo
merge main into gh-pages (#79)
2044437 
* Issue#59 task prepare this repository to be available on artifact hub (#65)

* Fixes [#59,#58]

* Issue#27 py csw single microservice (#68)

issue#27_csw_single_microsservice

* Issue#67 separate site url related settings from ingress config (#69)

issue#67_separate_site_url_related_settings_from_ingress_config

* Provide confidential values as secret (#71)

* WIP: Provide confidential values as secret

* Fix parameter names in comment

* Provide demo credentials as base64

* Add named secret in values.yaml with default content

* Remove secret boilerplate in values.yaml

* Configure secret creation via flag

* Enhance secret configuration

- Use existingSecretName to configure secret via external secret
- rabbitmq uses its own naming syntax. We show them for convenience
- fixing external database property

Postgres secrets for external databases has to be added still

* Fix yaml syntax

* Fix yaml and property refs

* Adds configurable secret to external database

* Adjust minikube values

* Resolve go template issues

* Update documentation

* Fix wording

* release 1.0.0 final changes [geonode 4.1.2] (#74)

release 1.0.0

* Issue#72 bug celery container is not starting properly and exiting right away (#76)

* release 1.0.0

* fixing release build (#78)

* added github token to install helm

---------

Co-authored-by: Henning Bredel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mwallschlaeger mwallschlaeger mwallschlaeger approved these changes

Assignees

@ridoo ridoo

Labels
documentation Improvements or additions to documentation feature new required feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature: Externalize secrets
2 participants
@ridoo @mwallschlaeger