Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use existing secret rework #4

Merged
merged 4 commits into from
Nov 3, 2023
Merged

Use existing secret rework #4

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
57a0733
Use existing secret rework
mrdotb Oct 27, 2023
f26f401
[MOD] Bump to 0.2.0
alexnuttinck Nov 3, 2023
cff5510
[MOD] bump chart-testing-action to 2.6.0
alexnuttinck Nov 3, 2023
08928b1
[FIX] yamllint
alexnuttinck Nov 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,3 +60,15 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}


{{/*
Define the name of the secret to use
*/}}
{{- define "plausible-analytics.secretName" -}}
{{- if .Values.secret.existingSecret -}}
{{- .Values.secret.existingSecret -}}
{{- else -}}
{{- template "plausible-analytics.fullname" . -}}
{{- end -}}
{{- end -}}
39 changes: 39 additions & 0 deletions templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "plausible-analytics.fullname" . }}
labels:
{{- include "plausible-analytics.labels" . | nindent 4 }}
data:
wait-for-postgres.sh: |
#!/bin/sh
url="$DATABASE_URL"

info=$(echo $url | awk '{ gsub(/postgres:\/\//, "", $0); print }')
host=$(echo $info | awk -F[@:/] '{print $3}')
port=$(echo $info | awk -F[@:/] '{print $4}')
user=$(echo $info | awk -F[@:/] '{print $1}')
db=$(echo $info | awk -F[@:/] '{print $5}')

until pg_isready -h "$host" -p "$port" -U "$user" -d "$db"; do
echo "Waiting for PostgreSQL to be ready..."
sleep 2
done
echo "PostgreSQL is ready."
wait-for-clickhouse.sh: |
#!/bin/sh
url="$CLICKHOUSE_DATABASE_URL"

info=$(echo $url | awk '{ gsub(/https?:\/\//, "", $0); print }')
host=$(echo $info | awk -F[/:@] '{print $3}')
user=$(echo $info | awk -F[/:@] '{print $1}')
password=$(echo $info | awk -F[/:@] '{print $2}')

until clickhouse-client \
--host "$host" --port 9000 \
--user "$user" --password "$password" \
--query "SELECT version()"; do
echo "Waiting for ClickHouse to be ready..."
sleep 2
done
echo "ClickHouse is ready."
241 changes: 99 additions & 142 deletions templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,26 +28,37 @@ spec:
serviceAccountName: {{ include "plausible-analytics.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.initContainers }}
volumes:
- name: scripts-volume
configMap:
name: {{ include "plausible-analytics.fullname" . }}
initContainers:
- name: wait-for-postgres
image: postgres:13.3-alpine
command: ['sh', '-c', 'until pg_isready -h {{ .Values.postgresql.host }} -p {{ .Values.postgresql.port }} -U {{ .Values.postgresql.auth.username }}; do echo "Waiting for PostgreSQL to be ready..."; sleep 2; done;']
{{- if .Values.clickhouse.initContainersClient.enabled }}
command: ['sh', '/scripts/wait-for-postgres.sh']
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: {{ include "plausible-analytics.secretName" . }}
volumeMounts:
- name: scripts-volume
mountPath: /scripts
- name: wait-for-clickhouse
image: bitnami/clickhouse:23.3.9
command: ['sh', '-c', 'until clickhouse-client --host {{ .Values.clickhouse.host }} --port 9000 --user {{ .Values.clickhouse.auth.username }} --password "$CLICKHOUSE_PASSWORD" --query "SELECT version()"; do echo "Waiting for ClickHouse to be ready..."; sleep 2; done;']
{{- end }}
{{- if .Values.clickhouse.initContainersHttp.enabled }}
- name: wait-for-clickhouse
image: curlimages/curl:8.2.1
command: ['sh', '-c', 'until curl --fail --silent --output /dev/null {{ .Values.clickhouse.host }}; do echo "Waiting for ClickHouse to be ready..."; sleep 2; done;']
{{- end }}
env:
- name: CLICKHOUSE_PASSWORD
command: ['sh', '/scripts/wait-for-clickhouse.sh']
env:
- name: CLICKHOUSE_DATABASE_URL
valueFrom:
secretKeyRef:
key: CLICKHOUSE_PASSWORD
name: {{ include "plausible-analytics.fullname" . }}
key: CLICKHOUSE_DATABASE_URL
name: {{ include "plausible-analytics.secretName" . }}
volumeMounts:
- name: scripts-volume
mountPath: /scripts
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
Expand All @@ -68,189 +79,135 @@ spec:
- name: LISTEN_IP
value: {{ .Values.listenip | toString | quote }}
{{- end }}
{{- if .Values.adminUser.email }}
- name: ADMIN_USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_USER_EMAIL
name: {{ include "plausible-analytics.fullname" . }}
{{- end }}
{{- if .Values.adminUser.name }}
- name: ADMIN_USER_NAME
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: ADMIN_USER_NAME
name: {{ include "plausible-analytics.fullname" . }}
key: SECRET_KEY_BASE
name: {{ include "plausible-analytics.secretName" . }}
{{- if .Values.disableRegistration }}
- name: DISABLE_REGISTRATION
value: {{ .Values.disableRegistration | toString | quote }}
{{- end }}
{{- if .Values.adminUser.password }}
- name: ADMIN_USER_PWD
valueFrom:
secretKeyRef:
key: ADMIN_USER_PWD
name: {{ include "plausible-analytics.fullname" . }}
{{- if .Values.logFailedLoginAttempts }}
- name: LOG_FAILED_LOGIN_ATTEMPTS
value: {{ .Values.logFailedLoginAttempts | toString | quote }}
{{- end }}
{{- if .Values.postgresql.url }}
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: {{ include "plausible-analytics.fullname" . }}
{{- end }}
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: {{ include "plausible-analytics.fullname" . }}
{{- if .Values.clickhouse.url }}
name: {{ include "plausible-analytics.secretName" . }}
- name: CLICKHOUSE_DATABASE_URL
valueFrom:
secretKeyRef:
key: CLICKHOUSE_DATABASE_URL
name: {{ include "plausible-analytics.fullname" . }}
{{- end }}
{{- if .Values.clickhouse.auth.username }}
- name: CLICKHOUSE_USER
valueFrom:
secretKeyRef:
key: CLICKHOUSE_USER
name: {{ include "plausible-analytics.fullname" . }}
{{- end }}
{{- if .Values.clickhouse.auth.password }}
- name: CLICKHOUSE_PASSWORD
valueFrom:
secretKeyRef:
key: CLICKHOUSE_PASSWORD
name: {{ include "plausible-analytics.fullname" . }}
{{- end }}
{{- if .Values.smtp.enabled }}
{{- if .Values.smtp.mailer.emailAddress }}
name: {{ include "plausible-analytics.secretName" . }}
{{- if .Values.mailer.enabled }}
{{- if .Values.mailer.email }}
- name: MAILER_EMAIL
valueFrom:
secretKeyRef:
key: MAILER_EMAIL
name: {{ include "plausible-analytics.fullname" . }}
value: {{ .Values.mailer.email | toString | quote }}
{{- end }}
{{- if .Values.smtp.adapter }}
{{- if .Values.mailer.adapter }}
- name: MAILER_ADAPTER
valueFrom:
secretKeyRef:
key: MAILER_ADAPTER
name: {{ include "plausible-analytics.fullname" . }}
value: {{ .Values.mailer.adatper | toString | quote }}
{{- end }}
{{- if .Values.smtp.host }}
{{- if eq .Values.mailer.adapter "Bamboo.SMTPAdapter" }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mrdotb the same here, I think we should be able to set the SMTP_HOST_ADDR for any mailer adapters.

{{- if .Values.mailer.smtp.host }}
- name: SMTP_HOST_ADDR
valueFrom:
secretKeyRef:
key: SMTP_HOST_ADDR
name: {{ include "plausible-analytics.fullname" . }}
value: {{ .Values.mailer.smtp.host | toString | quote }}
{{- end }}
{{- if .Values.smtp.port }}
{{- if .Values.mailer.smtp.port }}
- name: SMTP_HOST_PORT
valueFrom:
secretKeyRef:
key: SMTP_HOST_PORT
name: {{ include "plausible-analytics.fullname" . }}
value: {{ .Values.mailer.smtp.port | toString | quote }}
{{- end }}
{{- if .Values.smtp.username }}
{{- if .Values.mailer.smtp.username }}
- name: SMTP_USER_NAME
valueFrom:
secretKeyRef:
key: SMTP_USER_NAME
name: {{ include "plausible-analytics.fullname" . }}
value: {{ .Values.mailer.smtp.username | toString | quote }}
{{- end }}
{{- if .Values.smtp.password }}
- name: SMTP_USER_PWD
valueFrom:
secretKeyRef:
key: SMTP_USER_PWD
name: {{ include "plausible-analytics.fullname" . }}
{{- end }}
{{- if .Values.smtp.ssl.enabled }}
name: {{ include "plausible-analytics.secretName" . }}
{{- if .Values.mailer.smtp.ssl }}
- name: SMTP_HOST_SSL_ENABLED
valueFrom:
secretKeyRef:
key: SMTP_HOST_SSL_ENABLED
name: {{ include "plausible-analytics.fullname" . }}
value: {{ .Values.mailer.smtp.ssl | toString | quote }}
{{- end }}
{{- if .Values.smtp.retires }}
{{- if .Values.mailer.smtp.retries }}
- name: SMTP_RETRIES
valueFrom:
secretKeyRef:
key: SMTP_RETRIES
name: {{ include "plausible-analytics.fullname" . }}
value: {{ .Values.mailer.smtp.retries | toString | quote }}
{{- end }}
{{- end }}
{{- if .Values.google.clientID }}
- name: GOOGLE_CLIENT_ID
{{- if eq .Values.mailer.adapter "Bamboo.PostmarkAdapter" }}
- name: POSTMARK_API_KEY
valueFrom:
secretKeyRef:
key: GOOGLE_CLIENT_ID
name: {{ include "plausible-analytics.fullname" . }}
key: POSTMARK_API_KEY
name: {{ include "plausible-analytics.secretName" . }}
{{- end }}
{{- if .Values.google.clientSecret }}
- name: GOOGLE_CLIENT_SECRET
{{- if eq .Values.mailer.adapter "Bamboo.MailgunAdapter" }}
- name: MAILGUN_API_KEY
valueFrom:
secretKeyRef:
key: GOOGLE_CLIENT_SECRET
name: {{ include "plausible-analytics.fullname" . }}
key: MAILGUN_API_KEY
name: {{ include "plausible-analytics.secretName" . }}
{{- if .Values.mailer.mailgun.domain }}
- name: MAILGUN_DOMAIN
value: {{ .Values.mailer.mailgun.domain | toString | quote }}
{{- end }}
{{- if .Values.mailer.mailgun.baseURI }}
- name: MAILGUN_BASE_URI
value: {{ .Values.mailer.mailgun.baseURI | toString | quote }}
{{- end }}
{{- if .Values.twitter.consumer.key }}
- name: TWITTER_CONSUMER_KEY
valueFrom:
secretKeyRef:
key: TWITTER_CONSUMER_KEY
name: {{ include "plausible-analytics.fullname" . }}
{{- end }}
{{- if .Values.twitter.consumer.secret }}
- name: TWITTER_CONSUMER_SECRET
{{- if eq .Values.mailer.adapter "Bamboo.MandrillAdapter" }}
- name: MANDRILL_API_KEY
valueFrom:
secretKeyRef:
key: TWITTER_CONSUMER_SECRET
name: {{ include "plausible-analytics.fullname" . }}
key: MANDRILL_API_KEY
name: {{ include "plausible-analytics.secretName" . }}
{{- end }}
{{- if .Values.twitter.access.token }}
- name: TWITTER_ACCESS_TOKEN
{{- if eq .Values.mailer.adapter "Bamboo.SendGridAdapter" }}
- name: SENDGRID_API_KEY
valueFrom:
secretKeyRef:
key: TWITTER_ACCESS_TOKEN
name: {{ include "plausible-analytics.fullname" . }}
key: SENDGRID_API_KEY
name: {{ include "plausible-analytics.secretName" . }}
{{- end }}
{{- end }}
{{- if .Values.twitter.access.secret }}
- name: TWITTER_ACCESS_TOKEN_SECRET
{{- if .Values.extra_geolocation.enabled }}
- name: MAXMIND_LICENSE_KEY
valueFrom:
secretKeyRef:
key: TWITTER_ACCESS_TOKEN_SECRET
name: {{ include "plausible-analytics.fullname" . }}
key: MAXMIND_LICENSE_KEY
name: {{ include "plausible-analytics.secretName" . }}
{{- if .Values.extra_geolocation.maxmind.edition }}
- name: MAXMIND_EDITION
value: {{ .Values.extra_geolocation.maxmind.edition | toString | quote }}
{{- end }}
{{- if .Values.disableAuth }}
- name: DISABLE_AUTH
value: {{ .Values.disableAuth | toString | quote }}
{{- if .Values.extra_geolocation.geolite2CountryDB }}
- name: GEOLITE2_COUNTRY_DB
value: {{ .Values.extra_geolocation.geolite2CountryDB | toString | quote }}
{{- end }}
{{- if .Values.disableRegistration }}
- name: DISABLE_REGISTRATION
value: {{ .Values.disableRegistration | toString | quote }}
{{- if .Values.extra_geolocation.geolite2CountryDB }}
- name: GEONAMES_SOURCE_FILE
value: {{ .Values.extra_geolocation.geonamesSourceFile | toString | quote }}
{{- end }}
{{- if .Values.logFailedLoginAttempts }}
- name: LOG_FAILED_LOGIN_ATTEMPTS
value: {{ .Values.logFailedLoginAttempts | toString | quote }}
{{- end }}
# {{- if .Values.geolocation.enabled }}
# - name: GEOLITE2_COUNTRY_DB
# value: "/geoip/GeoLite2-Country.mmdb"
# {{ end }}
{{- if .Values.postmark.apiKey }}
- name: POSTMARK_API_KEY
{{- if .Values.google.enabled }}
- name: GOOGLE_CLIENT_ID
valueFrom:
secretKeyRef:
key: POSTMARK_API_KEY
name: {{ include "plausible-analytics.fullname" . }}
{{- end }}
{{- if .Values.geoliteCountryDB }}
- name: GEOLITE2_COUNTRY_DB
key: GOOGLE_CLIENT_ID
name: {{ include "plausible-analytics.secretName" . }}
- name: GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: GEOLITE2_COUNTRY_DB
name: {{ include "plausible-analytics.fullname" . }}
key: GOOGLE_CLIENT_SECRET
name: {{ include "plausible-analytics.secretName" . }}
{{- end }}
{{- if .Values.extraEnv }}
{{ toYaml .Values.extraEnv | indent 10 }}
{{- end }}
ports:
- name: http
Expand Down
Loading
Loading