Skip to content

Commit

Permalink
feat: switch to minio operator, add lookup to object store secret (#175)
Browse files Browse the repository at this point in the history
## Description
- switch to minio operator|
- add lookup to object store secret

## Related Issue

Fixes #
<!-- or -->
Relates to #

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-package-mattermost/blob/main/CONTRIBUTING.md#developer-workflow)
followed

---------

Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>

Release-As: v10.2.0-uds.1
  • Loading branch information
zachariahmiller authored Dec 4, 2024
1 parent c51210b commit 242616d
Show file tree
Hide file tree
Showing 11 changed files with 54 additions and 80 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ build/
.DS_Store
*.tar.zst
zarf-sbom
oscal-assessment-results.yaml

# Tests
node_modules/
.playwright/
bundle/uds-config-previous.yaml
41 changes: 21 additions & 20 deletions bundle/uds-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,26 @@ metadata:
# x-release-please-end

packages:
- name: dev-namespace
path: ../
ref: 0.1.0

- name: dev-minio
repository: ghcr.io/defenseunicorns/packages/uds/dev-minio
ref: 0.0.2
- name: minio-operator
repository: ghcr.io/defenseunicorns/packages/uds/minio-operator
ref: 6.0.4-uds.2-upstream
overrides:
minio-operator:
uds-minio-config:
values:
# Test helm overrides to provision app specific buckets, policies and creds
- path: apps
value:
- name: mattermost
namespace: mattermost
bucketNames:
- uds-mattermost-dev
policy: ""
copyPassword:
enabled: true
secretName: "mattermost-minio"
secretIDKey: "access_key"
secretPasswordKey: "secret_key"

- name: postgres-operator
repository: ghcr.io/defenseunicorns/packages/uds/postgres-operator
Expand All @@ -40,13 +53,6 @@ packages:
ingress:
- remoteNamespace: mattermost

- name: dev-secrets
path: ../
ref: 0.1.0
exports:
- name: ACCESS_KEY
- name: SECRET_KEY

- name: mattermost-plugins
path: ../
# x-release-please-start-version
Expand All @@ -58,19 +64,14 @@ packages:
# x-release-please-start-version
ref: 10.2.0-uds.0
# x-release-please-end
imports:
- name: ACCESS_KEY
package: dev-secrets
- name: SECRET_KEY
package: dev-secrets
overrides:
mattermost:
uds-mattermost-config:
values:
- path: "objectStorage.secure"
value: "false"
- path: "objectStorage.endpoint"
value: "minio.dev-minio.svc.cluster.local:9000"
value: "uds-minio-hl.minio.svc.cluster.local:9000"
- path: "objectStorage.bucket"
value: "uds-mattermost-dev"
mattermost-enterprise-edition:
Expand Down
5 changes: 0 additions & 5 deletions bundle/uds-config.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,2 @@
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

variables:
dev-minio:
buckets: |
- name: uds-mattermost-dev
20 changes: 18 additions & 2 deletions chart/templates/mattermost-object-store.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,26 @@ metadata:
namespace: {{ .Release.Namespace }}
type: Opaque
stringData:

{{- $awsAccessKey := "" }}
{{- $awsSecretKey := "" }}

{{- $secret := lookup "v1" "Secret" .Values.objectStorage.secretRef.secretNamespace .Values.objectStorage.secretRef.secretName }}
{{- if and $secret (index $secret.data .Values.objectStorage.secretRef.secretIDKey) }}
{{- $awsAccessKey = (index $secret.data .Values.objectStorage.secretRef.secretIDKey | b64dec) }}
{{- else }}
{{- $awsAccessKey = .Values.objectStorage.accessKey | quote }}
{{- end }}

{{- if and $secret (index $secret.data .Values.objectStorage.secretRef.secretPasswordKey) }}
{{- $awsSecretKey = (index $secret.data .Values.objectStorage.secretRef.secretPasswordKey | b64dec) }}
{{- else }}
{{- $awsSecretKey = .Values.objectStorage.secretKey | quote }}
{{- end }}
MM_FILESETTINGS_DRIVERNAME: amazons3
MM_FILESETTINGS_AMAZONS3SSL: "{{ .Values.objectStorage.secure | toString }}"
MM_FILESETTINGS_AMAZONS3ACCESSKEYID: "{{ .Values.objectStorage.accessKey }}"
MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: "{{ .Values.objectStorage.secretKey }}"
MM_FILESETTINGS_AMAZONS3ACCESSKEYID: {{ $awsAccessKey }}
MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: {{ $awsSecretKey }}
MM_FILESETTINGS_AMAZONS3BUCKET: "{{ .Values.objectStorage.bucket }}"
MM_FILESETTINGS_AMAZONS3ENDPOINT: "{{ .Values.objectStorage.endpoint }}"
MM_FILESETTINGS_AMAZONS3REGION: "{{ .Values.objectStorage.region }}"
8 changes: 7 additions & 1 deletion chart/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,12 @@ objectStorage:
secretKey: ""
bucket: "mattermost"
endpoint: "s3.amazonaws.com"
secretRef:
enabled: true # Set to true to use secret reference
secretNamespace: "mattermost"
secretName: "mattermost-minio"
secretIDKey: "access_key"
secretPasswordKey: "secret_key"
region: "us-west-1"

postgres:
Expand Down Expand Up @@ -64,7 +70,7 @@ storage:
internal: true
selector:
app: minio
namespace: dev-minio
namespace: minio
port: 9000

# custom:
Expand Down
3 changes: 3 additions & 0 deletions common/zarf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ components:
name: mattermost
namespace: mattermost
condition: "'{.status.phase}'=Ready"
- cmd: ./zarf tools kubectl -n mattermost rollout restart deployment
description: Restart Mattermost Deployment so pods cycle on upgrades
- cmd: ./zarf tools kubectl -n mattermost rollout status deploy
- description: Mattermost to be Healthy
wait:
cluster:
Expand Down
25 changes: 0 additions & 25 deletions src/dev-secrets/zarf.yaml

This file was deleted.

7 changes: 0 additions & 7 deletions src/namespace/ns.yaml

This file was deleted.

16 changes: 0 additions & 16 deletions src/namespace/zarf.yaml

This file was deleted.

5 changes: 3 additions & 2 deletions tasks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,11 @@ tasks:
actions:
- task: upgrade:create-latest-tag-bundle
with:
# TODO: (@ZMILLER) remove zarf package create on next release
dep_commands: "./uds run dependencies:create && ./uds zarf package create plugins/ --confirm --no-progress"
dep_commands: "./uds run dependencies:create && cp bundle/uds-config.yaml ../bundle/uds-config-previous.yaml"
- task: setup:k3d-test-cluster
- task: deploy:test-bundle
with:
config: bundle/uds-config-previous.yaml
- task: compliance:validate
- task: create-dev-package
- task: create-deploy-test-bundle
Expand Down
2 changes: 0 additions & 2 deletions tasks/dependencies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,4 @@ tasks:
- name: create
description: Create the Dependency Zarf Package
actions:
- cmd: ./uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture="${UDS_ARCH}"
- cmd: ./uds zarf package create src/namespace/ --confirm --no-progress --architecture="${UDS_ARCH}"
- cmd: ./uds zarf package create plugins/ --confirm --no-progress

0 comments on commit 242616d

Please sign in to comment.