From ae36811b81281041eb827f25a3833a0ad156869e Mon Sep 17 00:00:00 2001 From: Marcin Jasion Date: Fri, 13 Jan 2023 21:37:29 +0100 Subject: [PATCH] Refactor environment variables Environment variables are loaded by envFrom instead writing them in a Pod spec. In secret object the keys has been uppercased to easly load them and the postgres url has been put there. --- charts/studio/templates/_env_vars.tpl | 293 ------------------ charts/studio/templates/_helpers.tpl | 5 + .../studio/templates/configmap-ca-cert.yaml | 9 + charts/studio/templates/configmap.yaml | 86 ++++- .../templates/deployment-studio-backend.yaml | 9 +- .../templates/deployment-studio-beat.yaml | 8 +- .../templates/deployment-studio-ui.yaml | 9 +- .../templates/deployment-studio-worker.yaml | 8 +- charts/studio/templates/secret.yaml | 69 +++++ charts/studio/templates/secrets.yaml | 75 ----- charts/studio/values.yaml | 2 +- 11 files changed, 190 insertions(+), 383 deletions(-) delete mode 100644 charts/studio/templates/_env_vars.tpl create mode 100644 charts/studio/templates/configmap-ca-cert.yaml create mode 100644 charts/studio/templates/secret.yaml delete mode 100644 charts/studio/templates/secrets.yaml diff --git a/charts/studio/templates/_env_vars.tpl b/charts/studio/templates/_env_vars.tpl deleted file mode 100644 index e2a95fb4..00000000 --- a/charts/studio/templates/_env_vars.tpl +++ /dev/null @@ -1,293 +0,0 @@ -{{- define "studio.envvars" }} -- name: ALLOWED_HOSTS - value: "*" - -- name: API_URL -{{- if .Values.studioBackend.ingress.enabled }} -{{- range $host := .Values.studioBackend.ingress.hosts }} - {{- range .paths }} - value: "http{{ if $.Values.studioBackend.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}" - {{- end }} -{{- end }} -{{- else }} - value: "http://studio-backend.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.studioBackend.service.port }}" -{{- end }} - -- name: UI_URL -{{- if .Values.studioUi.ingress.enabled }} -{{- range $host := .Values.studioUi.ingress.hosts }} - {{- range .paths }} - value: "http{{ if $.Values.studioUi.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}" - {{- end }} -{{- end }} -{{- else }} - value: "http://studio-ui.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.studioUi.service.port }}" -{{- end }} - -- name: BITBUCKET_URL -{{- if .Values.global.scmProviders.bitbucket.url }} - value: {{ .Values.global.scmProviders.bitbucket.url }} -{{- else }} - value: "" -{{- end }} - -- name: BITBUCKET_API_URL -{{- if .Values.global.scmProviders.bitbucket.apiUrl }} - value: {{ .Values.global.scmProviders.bitbucket.apiUrl }} -{{- else }} - value: "" -{{- end }} - -- name: BITBUCKET_WEBHOOK_URL -{{- if .Values.global.scmProviders.bitbucket.webhookUrl }} - value: {{ .Values.global.scmProviders.bitbucket.webhookUrl }} -{{- else }} - value: "" -{{- end }} - -- name: BITBUCKET_CLIENT_ID -{{- if .Values.global.scmProviders.bitbucket.clientId }} - valueFrom: - secretKeyRef: - name: studio - key: bitbucketClientId -{{- else }} - value: "" -{{- end }} - -- name: BITBUCKET_SECRET_KEY -{{- if .Values.global.scmProviders.bitbucket.secretKey }} - valueFrom: - secretKeyRef: - name: studio - key: bitbucketSecretKey -{{- else }} - value: "" -{{- end }} - -- name: ENABLE_BLOBVAULT - value: "True" - -- name: BLOBVAULT_AWS_ACCESS_KEY_ID -{{- if .Values.global.blobvault.accessKeyId }} - valueFrom: - secretKeyRef: - name: studio - key: blobvaultAccessKeyId -{{- else }} - value: "" -{{- end }} - -- name: BLOBVAULT_AWS_SECRET_ACCESS_ID -{{- if .Values.global.blobvault.secretAccessKeyId }} - valueFrom: - secretKeyRef: - name: studio - key: blobvaultSecretAccessKeyId -{{- else }} - value: "" -{{- end }} - -- name: BLOBVAULT_ENDPOINT_URL -{{- if .Values.global.blobvault.endpointUrl }} - value: {{ .Values.global.blobvault.endpointUrl }} -{{- else }} - value: "{{ .Values.minio.fullnameOverride }}.{{ .Release.Namespace }}.svc.cluster.local:9000" -{{- end }} - -- name: BLOBVAULT_ENDPOINT_URL_FE -{{- if .Values.global.blobvault.endpointUrlFe }} - value: {{ .Values.global.blobvault.endpointUrlFe }} -{{- else }} - value: "{{ .Values.minio.fullnameOverride }}.{{ .Release.Namespace }}.svc.cluster.local:9000" -{{- end }} - -- name: BLOBVAULT_BUCKET -{{- if .Values.global.blobvault.bucket }} - value: {{ .Values.global.blobvault.bucket }} -{{- else }} - value: "" -{{- end }} - -- name: CELERY_BROKER_URL -{{- if .Values.global.celery.brokerUrl }} - value: {{ .Values.global.celery.brokerUrl }} -{{- else }} - value: "redis://{{ .Values.redis.fullnameOverride }}-master.{{ .Release.Namespace }}.svc.cluster.local:6379" -{{- end }} - -- name: CELERY_RESULT_BACKEND -{{- if .Values.global.celery.resultBackend }} - value: {{ .Values.global.celery.resultBackend }} -{{- else }} - value: "redis://{{ .Values.redis.fullnameOverride }}-master.{{ .Release.Namespace }}.svc.cluster.local:6379" -{{- end }} - -- name: REDIS_URL -{{- if .Values.global.celery.resultBackend }} - value: {{ .Values.global.celery.resultBackend }} -{{- else }} - value: "redis://{{ .Values.redis.fullnameOverride }}-master.{{ .Release.Namespace }}.svc.cluster.local:6379" -{{- end }} - -- name: DATABASE_URL - value: "psql://{{ .Values.global.postgres.databaseUser}}:{{ .Values.global.postgres.databasePassword }}@{{ .Values.global.postgres.databaseUrl }}" - -- name: SECRET_KEY - valueFrom: - secretKeyRef: - name: studio - key: secretKey - -- name: GITHUB_APP_ID -{{- if .Values.global.scmProviders.github.appId }} - valueFrom: - secretKeyRef: - name: studio - key: githubAppId -{{- else }} - value: "" -{{- end }} - -- name: GITHUB_APP_CLIENT_ID -{{- if .Values.global.scmProviders.github.clientId }} - valueFrom: - secretKeyRef: - name: studio - key: githubClientId -{{- else }} - value: "" -{{- end }} - -- name: GITHUB_APP_SECRET_KEY -{{- if .Values.global.scmProviders.github.appSecret }} - valueFrom: - secretKeyRef: - name: studio - key: githubAppSecret -{{- else }} - value: "" -{{- end }} - -- name: GITHUB_APP_PRIVATE_KEY_PEM -{{- if .Values.global.scmProviders.github.privateKey }} - valueFrom: - secretKeyRef: - name: studio - key: githubPrivateKey -{{- else }} - value: "" -{{- end }} - -- name: GITHUB_WEBHOOK_SECRET -{{- if .Values.global.scmProviders.github.webhookSecret }} - valueFrom: - secretKeyRef: - name: studio - key: githubWebhookSecret -{{- else }} - value: "" -{{- end }} - -- name: GITHUB_URL -{{- if .Values.global.scmProviders.github.url }} - value: {{ .Values.global.scmProviders.github.url }} -{{- else }} - value: "" -{{- end }} - -- name: GITHUB_WEBHOOK_URL -{{- if .Values.global.scmProviders.github.webhookUrl }} - value: {{ .Values.global.scmProviders.github.webhookUrl }} -{{- else }} - value: "" -{{- end }} - -- name: GITLAB_CLIENT_ID -{{- if .Values.global.scmProviders.gitlab.clientId }} - valueFrom: - secretKeyRef: - name: studio - key: gitlabClientId -{{- else }} - value: "" -{{- end }} - -- name: GITLAB_SECRET_KEY -{{- if .Values.global.scmProviders.gitlab.secretKey }} - valueFrom: - secretKeyRef: - name: studio - key: gitlabSecretKey -{{- else }} - value: "" -{{- end }} - -- name: GITLAB_WEBHOOK_SECRET -{{- if .Values.global.scmProviders.gitlab.webhookSecret }} - valueFrom: - secretKeyRef: - name: studio - key: gitlabWebhookSecret -{{- else }} - value: "" -{{- end }} - -- name: GITLAB_URL -{{- if .Values.global.scmProviders.gitlab.url }} - value: {{ .Values.global.scmProviders.gitlab.url }} -{{- else }} - value: "" -{{- end }} - -- name: GITLAB_WEBHOOK_URL -{{- if .Values.global.scmProviders.gitlab.webhookUrl }} - value: {{ .Values.global.scmProviders.gitlab.webhookUrl }} -{{- else }} - value: "" -{{- end }} - -- name: MAX_VIEWS -{{- if .Values.global.maxViews }} - value: {{ .Values.global.maxViews | quote }} -{{- else }} - value: "" -{{- end }} - -- name: MAX_TEAMS -{{- if .Values.global.maxTeams }} - value: {{ .Values.global.maxTeams | quote }} -{{- else }} - value: "" -{{- end }} - - -{{- $scmProviders := list }} -{{- if .Values.global.scmProviders.gitlab.url }} -{{- $scmProviders = append $scmProviders "gitlab" }} -{{- end }} -{{- if .Values.global.scmProviders.github.url }} -{{- $scmProviders = append $scmProviders "github" }} -{{- end }} -{{- if .Values.global.scmProviders.bitbucket.url }} -{{- $scmProviders = append $scmProviders "bitbucket" }} -{{- end }} - -- name: SCM_PROVIDERS - value: {{ $scmProviders | join "," }} - -- name: SOCIAL_AUTH_REDIRECT_IS_HTTPS - value: "False" - -- name: SOCIAL_AUTH_ALLOWED_REDIRECT_HOSTS -{{- if .Values.studioUi.ingress.enabled }} -{{- range $host := .Values.studioUi.ingress.hosts }} - {{- range .paths }} - value: "studio-ui.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.studioUi.service.port }},studio-backend.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.studioBackend.service.port }},http{{ if $.Values.studioUi.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}" - {{- end }} -{{- end }} -{{- else }} - value: "studio-ui.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.studioUi.service.port }},studio-backend.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.studioBackend.service.port }}" -{{- end }} - -{{- end }} \ No newline at end of file diff --git a/charts/studio/templates/_helpers.tpl b/charts/studio/templates/_helpers.tpl index fd246ae0..4babcb5c 100644 --- a/charts/studio/templates/_helpers.tpl +++ b/charts/studio/templates/_helpers.tpl @@ -118,3 +118,8 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{- define "studio.checkSum" }} +checksum/studio-cm: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +checksum/studio-ca-certificates-cm: {{ include (print $.Template.BasePath "/configmap-ca-cert.yaml") . | sha256sum }} +{{- end}} diff --git a/charts/studio/templates/configmap-ca-cert.yaml b/charts/studio/templates/configmap-ca-cert.yaml new file mode 100644 index 00000000..5760c0eb --- /dev/null +++ b/charts/studio/templates/configmap-ca-cert.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: studio-ca-certificates +data: + {{- if .Values.global.customCaCert }} + self_signed_ca.crt: | +{{ .Values.global.customCaCert | indent 4}} + {{- end }} diff --git a/charts/studio/templates/configmap.yaml b/charts/studio/templates/configmap.yaml index 5760c0eb..960ec7ae 100644 --- a/charts/studio/templates/configmap.yaml +++ b/charts/studio/templates/configmap.yaml @@ -1,9 +1,87 @@ apiVersion: v1 kind: ConfigMap metadata: - name: studio-ca-certificates + name: studio data: - {{- if .Values.global.customCaCert }} - self_signed_ca.crt: | -{{ .Values.global.customCaCert | indent 4}} + ALLOWED_HOSTS: "*" +{{/* {{- if .Values.studioBackend.ingress.enabled }}*/}} +{{/* {{- range $host := .Values.studioBackend.ingress.hosts }}*/}} +{{/* {{- range .paths }}*/}} +{{/* #*/}} +{{/* API_URL: "http{{ if $.Values.studioBackend.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}"*/}} +{{/* {{- end }}*/}} +{{/* {{- end }}*/}} +{{/* {{- else }}*/}} + API_URL: "http://studio-backend.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.studioBackend.service.port }}" +{{/* {{- end }}*/}} + +{{/* UI_URL:*/}} +{{/* {{- if .Values.studioUi.ingress.enabled }}*/}} +{{/* {{- range $host := .Values.studioUi.ingress.hosts }}*/}} +{{/* {{- range .paths }}*/}} +{{/* UI_URL: "http{{ if $.Values.studioUi.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}"*/}} +{{/* {{- end }}*/}} +{{/* {{- end }}*/}} +{{/* {{- else }}*/}} + UI_URL: "http://studio-ui.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.studioUi.service.port }}" +{{/* {{- end }}*/}} + + BITBUCKET_URL: {{.Values.global.scmProviders.bitbucket.url | default "" | quote }} + BITBUCKET_API_URL: {{ .Values.global.scmProviders.bitbucket.apiUrl | default "" | quote}} + BITBUCKET_WEBHOOK_URL: {{ .Values.global.scmProviders.bitbucket.webhookUrl | default "" | quote}} + ENABLE_BLOBVAULT: "True" + + {{- if .Values.global.blobvault.endpointUrl }} + BLOBVAULT_ENDPOINT_URL: {{ .Values.global.blobvault.endpointUrl }} + {{- else }} + BLOBVAULT_ENDPOINT_URL: "{{ .Values.minio.fullnameOverride }}.{{ .Release.Namespace }}.svc.cluster.local:9000" + {{- end }} + + {{- if .Values.global.blobvault.endpointUrlFe }} + BLOBVAULT_ENDPOINT_URL_FE: {{ .Values.global.blobvault.endpointUrlFe }} + {{- else }} + BLOBVAULT_ENDPOINT_URL_FE: "{{ .Values.minio.fullnameOverride }}.{{ .Release.Namespace }}.svc.cluster.local:9000" + {{- end }} + BLOBVAULT_BUCKET: {{.Values.global.blobvault.bucket | default "" | quote }} + {{- if .Values.global.celery.brokerUrl }} + CELERY_BROKER_URL: {{ .Values.global.celery.brokerUrl }} + {{- else }} + CELERY_BROKER_URL: "redis://{{ .Values.redis.fullnameOverride }}-master.{{ .Release.Namespace }}.svc.cluster.local:6379" + {{- end }} + {{- if .Values.global.celery.resultBackend }} + CELERY_RESULT_BACKEND: {{ .Values.global.celery.resultBackend }} + {{- else }} + CELERY_RESULT_BACKEND: "redis://{{ .Values.redis.fullnameOverride }}-master.{{ .Release.Namespace }}.svc.cluster.local:6379" + {{- end }} + {{- if .Values.global.celery.resultBackend }} + REDIS_URL: {{ .Values.global.celery.resultBackend }} + {{- else }} + REDIS_URL: "redis://{{ .Values.redis.fullnameOverride }}-master.{{ .Release.Namespace }}.svc.cluster.local:6379" + {{- end }} + GITHUB_URL: {{ .Values.global.scmProviders.github.url | default "" | quote }} + GITHUB_WEBHOOK_URL: {{ .Values.global.scmProviders.github.webhookUrl | default "" | quote }} + GITLAB_URL: {{ .Values.global.scmProviders.gitlab.url | default "" | quote}} + GITLAB_WEBHOOK_URL: {{ .Values.global.scmProviders.gitlab.webhookUrl | default "" | quote }} + MAX_VIEWS: {{ .Values.global.maxViews | default "" | quote }} + MAX_TEAMS: {{ .Values.global.maxTeams | default "" | quote }} + {{- $scmProviders := list }} + {{- if .Values.global.scmProviders.gitlab.url }} + {{- $scmProviders = append $scmProviders "gitlab" }} + {{- end }} + {{- if .Values.global.scmProviders.github.url }} + {{- $scmProviders = append $scmProviders "github" }} + {{- end }} + {{- if .Values.global.scmProviders.bitbucket.url }} + {{- $scmProviders = append $scmProviders "bitbucket" }} + {{- end }} + SCM_PROVIDERS: {{ $scmProviders | join "," | quote}} + SOCIAL_AUTH_REDIRECT_IS_HTTPS: "False" + {{- if .Values.studioUi.ingress.enabled }} + {{- range $host := .Values.studioUi.ingress.hosts }} + {{- range .paths }} + SOCIAL_AUTH_ALLOWED_REDIRECT_HOSTS: "studio-ui.{{ $.Release.Namespace | default "default" }}.svc.cluster.local:{{ $.Values.studioUi.service.port }},studio-backend.{{ $.Release.Namespace | default "default" }}.svc.cluster.local:{{ $.Values.studioBackend.service.port }},http{{ if $.Values.studioUi.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}" + {{- end }} + {{- end }} + {{- else }} + SOCIAL_AUTH_ALLOWED_REDIRECT_HOSTS: "studio-ui.{{ $.Release.Namespace | default "default" }}.svc.cluster.local:{{ $.Values.studioUi.service.port }},studio-backend.{{ $.Release.Namespace | default "default" }}.svc.cluster.local:{{ $.Values.studioBackend.service.port }}" {{- end }} diff --git a/charts/studio/templates/deployment-studio-backend.yaml b/charts/studio/templates/deployment-studio-backend.yaml index 80b2d06d..26bce578 100644 --- a/charts/studio/templates/deployment-studio-backend.yaml +++ b/charts/studio/templates/deployment-studio-backend.yaml @@ -14,7 +14,7 @@ spec: template: metadata: annotations: - checksum/studio: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- include "studio.checkSum" . | indent 8 }} {{- with .Values.studioBackend.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -53,8 +53,11 @@ spec: {{- end }} resources: {{- toYaml .Values.studioBackend.resources | nindent 12 }} - env: - {{ include "studio.envvars" . | indent 12 }} + envFrom: + - configMapRef: + name: studio + - secretRef: + name: studio {{- if .Values.global.customCaCert }} volumes: - name: studio-ca-certificates diff --git a/charts/studio/templates/deployment-studio-beat.yaml b/charts/studio/templates/deployment-studio-beat.yaml index 0e4e69b7..13904891 100644 --- a/charts/studio/templates/deployment-studio-beat.yaml +++ b/charts/studio/templates/deployment-studio-beat.yaml @@ -14,7 +14,7 @@ spec: template: metadata: annotations: - checksum/studio: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- include "studio.checkSum" . | indent 8 }} {{- with .Values.studioBeat.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -42,11 +42,15 @@ spec: resources: {{- toYaml .Values.studioBeat.resources | nindent 12 }} env: - {{ include "studio.envvars" . | indent 12 }} - name: "NO_MIGRATE_DB" value: "1" - name: "WAIT_FOR_MIGRATIONS" value: "1" + envFrom: + - configMapRef: + name: studio + - secretRef: + name: studio {{- if .Values.global.customCaCert }} volumeMounts: - name: studio-ca-certificates diff --git a/charts/studio/templates/deployment-studio-ui.yaml b/charts/studio/templates/deployment-studio-ui.yaml index 8adc3a0a..fb245b97 100644 --- a/charts/studio/templates/deployment-studio-ui.yaml +++ b/charts/studio/templates/deployment-studio-ui.yaml @@ -14,7 +14,7 @@ spec: template: metadata: annotations: - checksum/studio: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- include "studio.checkSum" . | indent 8 }} {{- with .Values.studioUi.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -50,8 +50,11 @@ spec: initialDelaySeconds: 5 periodSeconds: 25 timeoutSeconds: 10 - env: - {{ include "studio.envvars" . | indent 12 }} + envFrom: + - configMapRef: + name: studio + - secretRef: + name: studio {{- if .Values.global.customCaCert }} volumeMounts: - name: studio-ca-certificates diff --git a/charts/studio/templates/deployment-studio-worker.yaml b/charts/studio/templates/deployment-studio-worker.yaml index 9860e90c..cccbfc2b 100644 --- a/charts/studio/templates/deployment-studio-worker.yaml +++ b/charts/studio/templates/deployment-studio-worker.yaml @@ -14,7 +14,7 @@ spec: template: metadata: annotations: - checksum/studio: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- include "studio.checkSum" . | indent 8 }} {{- with .Values.studioWorker.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -42,11 +42,15 @@ spec: resources: {{- toYaml .Values.studioWorker.resources | nindent 12 }} env: - {{ include "studio.envvars" . | indent 12 }} - name: "NO_MIGRATE_DB" value: "1" - name: "WAIT_FOR_MIGRATIONS" value: "1" + envFrom: + - configMapRef: + name: studio + - secretRef: + name: studio {{- if .Values.global.customCaCert }} volumeMounts: - name: studio-ca-certificates diff --git a/charts/studio/templates/secret.yaml b/charts/studio/templates/secret.yaml new file mode 100644 index 00000000..217c93ef --- /dev/null +++ b/charts/studio/templates/secret.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Secret +metadata: + name: studio + annotations: + "helm.sh/resource-policy": "keep" + labels: + {{- include "studio.labels" . | nindent 4 }} +type: Opaque +stringData: + DATABASE_URL: "psql://{{ .Values.global.postgres.databaseUser}}:{{ .Values.global.postgres.databasePassword }}@{{ .Values.global.postgres.databaseUrl }}" + + {{- if .Values.global.scmProviders.gitlab.clientId }} + GITLAB_CLIENT_ID: {{ .Values.global.scmProviders.gitlab.clientId }} + {{- end }} + + {{- if .Values.global.scmProviders.gitlab.secretKey }} + GITLAB_SECRET_KEY: {{ .Values.global.scmProviders.gitlab.secretKey }} + {{- end }} + + {{- if .Values.global.scmProviders.gitlab.webhookSecret }} + GITLAB_WEBHOOK_SECRET: {{ .Values.global.scmProviders.gitlab.webhookSecret }} + {{- end }} + + {{- if .Values.global.scmProviders.github.clientId }} + GITHUB_APP_CLIENT_ID: {{ .Values.global.scmProviders.github.clientId }} + {{- end }} + + {{- if .Values.global.scmProviders.github.appId }} + GITHUB_APP_ID: {{ .Values.global.scmProviders.github.appId }} + {{- end }} + + {{- if .Values.global.scmProviders.github.appSecret }} + GITHUB_APP_SECRET_KEY: {{ .Values.global.scmProviders.github.appSecret }} + {{- end }} + + {{- if .Values.global.scmProviders.github.privateKey }} + GITHUB_APP_PRIVATE_KEY_PEM: {{ .Values.global.scmProviders.github.privateKey }} + {{- end }} + + {{- if .Values.global.scmProviders.github.webhookSecret }} + GITHUB_WEBHOOK_SECRET: {{ .Values.global.scmProviders.github.webhookSecret }} + {{- end }} + + # Set secretKey to existing value or generate a random one + {{- if .Values.global.secretKey }} + SECRET_KEY: {{ .Values.global.secretKey }} + {{- else }} + {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "studio") | default dict }} + {{- $secretData := (get $secretObj "data") | default dict }} + {{- $secretKey := (get $secretData "secretKey") | default (randAscii 40) }} + SECRET_KEY: {{ $secretKey | quote }} + {{- end }} + + {{- if .Values.global.blobvault.accessKeyId }} + BLOBVAULT_AWS_ACCESS_KEY_ID: {{ .Values.global.blobvault.accessKeyId }} + {{- end }} + + {{- if .Values.global.blobvault.secretAccessKeyId }} + BLOBVAULT_AWS_SECRET_ACCESS_ID: {{ .Values.global.blobvault.secretAccessKeyId }} + {{- end }} + + {{- if .Values.global.scmProviders.bitbucket.secretKey }} + BITBUCKET_SECRET_KEY: {{ .Values.global.scmProviders.bitbucket.secretKey }} + {{- end }} + + {{- if .Values.global.scmProviders.bitbucket.clientId }} + BITBUCKET_CLIENT_ID: {{ .Values.global.scmProviders.bitbucket.clientId }} + {{- end }} diff --git a/charts/studio/templates/secrets.yaml b/charts/studio/templates/secrets.yaml deleted file mode 100644 index 9395c001..00000000 --- a/charts/studio/templates/secrets.yaml +++ /dev/null @@ -1,75 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: studio - annotations: - "helm.sh/resource-policy": "keep" - labels: - {{- include "studio.labels" . | nindent 4 }} -type: Opaque -data: - {{- if .Values.global.scmProviders.gitlab.clientId }} - gitlabClientId: {{ .Values.global.scmProviders.gitlab.clientId | b64enc }} - {{- end }} - - {{- if .Values.global.scmProviders.gitlab.secretKey }} - gitlabSecretKey: {{ .Values.global.scmProviders.gitlab.secretKey | b64enc }} - {{- end }} - - {{- if .Values.global.scmProviders.gitlab.webhookSecret }} - gitlabWebhookSecret: {{ .Values.global.scmProviders.gitlab.webhookSecret | b64enc }} - {{- end }} - - {{- if .Values.global.scmProviders.github.clientId }} - githubClientId: {{ .Values.global.scmProviders.github.clientId | b64enc }} - {{- end }} - - {{- if .Values.global.scmProviders.github.appId }} - githubAppId: {{ .Values.global.scmProviders.github.appId | b64enc }} - {{- end }} - - {{- if .Values.global.scmProviders.github.appSecret }} - githubAppSecret: {{ .Values.global.scmProviders.github.appSecret | b64enc }} - {{- end }} - - {{- if .Values.global.scmProviders.github.privateKey }} - githubPrivateKey: {{ .Values.global.scmProviders.github.privateKey | b64enc }} - {{- end }} - - {{- if .Values.global.scmProviders.github.webhookSecret }} - githubWebhookSecret: {{ .Values.global.scmProviders.github.webhookSecret | b64enc }} - {{- end }} - - # Set secretKey to existing value or generate a random one - {{- if .Values.global.secretKey }} - secretKey: {{ .Values.global.secretKey | b64enc }} - {{- else }} - {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "studio") | default dict }} - {{- $secretData := (get $secretObj "data") | default dict }} - {{- $secretKey := (get $secretData "secretKey") | default (randAscii 40 | b64enc) }} - secretKey: {{ $secretKey | quote }} - {{- end }} - - {{- if .Values.global.postgres.databaseUser }} - postgresDatabaseUser: {{ .Values.global.postgres.databaseUser | b64enc }} - {{- end }} - - {{- if .Values.global.postgres.databasePassword }} - postgresDatabasePassword: {{ .Values.global.postgres.databasePassword | b64enc }} - {{- end }} - - {{- if .Values.global.blobvault.accessKeyId }} - blobvaultAccessKeyId: {{ .Values.global.blobvault.accessKeyId | b64enc }} - {{- end }} - - {{- if .Values.global.blobvault.secretAccessKeyId }} - blobvaultSecretAccessKeyId: {{ .Values.global.blobvault.secretAccessKeyId | b64enc }} - {{- end }} - - {{- if .Values.global.scmProviders.bitbucket.secretKey }} - bitbucketSecretKey: {{ .Values.global.scmProviders.bitbucket.secretKey | b64enc }} - {{- end }} - - {{- if .Values.global.scmProviders.bitbucket.clientId }} - bitbucketClientId: {{ .Values.global.scmProviders.bitbucket.clientId | b64enc }} - {{- end }} diff --git a/charts/studio/values.yaml b/charts/studio/values.yaml index 62fa1069..0ce71eb7 100644 --- a/charts/studio/values.yaml +++ b/charts/studio/values.yaml @@ -41,7 +41,7 @@ global: postgres: # -- Postgres database URL - databaseUrl: "studio-postgresql.studio.svc.cluster.local:5432/iterativeai" + databaseUrl: "studio-postgresql:5432/iterativeai" # -- Postgres database user databaseUser: "postgres" # -- Postgres database password