Skip to content

Commit

Permalink
Adds secrets checksum, updated kubetail-* manifest values files (#60)
Browse files Browse the repository at this point in the history
  • Loading branch information
@amorey
amorey authored Sep 24, 2024
1 parent b9b3e75 commit 8ca4d59
Show file tree
Hide file tree
Showing 6 changed files with 25 additions and 24 deletions.
2 changes: 1 addition & 1 deletion charts/kubetail/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ keywords:
- private
- realtime
type: application
version: 0.7.0-rc2
version: 0.7.0-rc3
appVersion: "0.7.0-rc4"
home: https://github.com/kubetail-org/kubetail
maintainers:
Expand Down
13 changes: 13 additions & 0 deletions charts/kubetail/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,19 @@ Server Secret name
{{ if .Values.kubetail.server.secret.name }}{{ .Values.kubetail.server.secret.name }}{{ else }}{{ include "kubetail.fullname" . }}-server{{ end }}
{{- end }}

{{/*
Server Secret data
*/}}
{{- define "kubetail.server.secretData" -}}
{{- $currentValsRef := dict "data" dict -}}
{{- $currentResource := (lookup "v1" "Secret" (include "kubetail.namespace" .) (include "kubetail.server.secretName" .)) -}}
{{- if $currentResource -}}
{{- $_ := set $currentValsRef "data" (index $currentResource "data") -}}
{{- end -}}
KUBETAIL_SERVER_CSRF_SECRET: {{ .Values.kubetail.secrets.KUBETAIL_SERVER_CSRF_SECRET | default $currentValsRef.data.KUBETAIL_SERVER_CSRF_SECRET | default ((randAlphaNum 32) | b64enc | quote) }}
KUBETAIL_SERVER_SESSION_SECRET: {{ .Values.kubetail.secrets.KUBETAIL_SERVER_SESSION_SECRET | default $currentValsRef.data.KUBETAIL_SERVER_SESSION_SECRET | default ((randAlphaNum 32) | b64enc | quote) }}
{{- end }}

{{/*
Server Service name
*/}}
Expand Down
4 changes: 4 additions & 0 deletions charts/kubetail/templates/server/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{{- $dep := index .Values "kubetail" "server" "deployment" -}}
{{- $podTmpl := index .Values "kubetail" "server" "podTemplate" }}
{{- $container := index .Values "kubetail" "server" "container" -}}
{{- $secret := index .Values "kubetail" "server" "secret" -}}
kind: Deployment
apiVersion: apps/v1
metadata:
Expand All @@ -25,6 +26,9 @@ spec:
annotations:
{{- include "kubetail.annotations" (list $ $podTmpl.annotations) | indent 8 }}
checksum/config: {{ include "kubetail.server.config" . | sha256sum | quote }}
{{- if $secret.enabled }}
checksum/secret: {{ include "kubetail.server.secretData" . | sha256sum | quote }}
{{- end }}
spec:
automountServiceAccountToken: true
{{- if eq .Values.kubetail.authMode "cluster" }}
Expand Down
8 changes: 1 addition & 7 deletions charts/kubetail/templates/server/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,5 @@ metadata:
{{- include "kubetail.annotations" (list $ $secret.annotations) | indent 4 }}
type: Opaque
data:
{{- $currentValsRef := dict "data" dict }}
{{- $currentResource := (lookup "v1" "Secret" (include "kubetail.namespace" .) (include "kubetail.server.secretName" .)) }}
{{- if $currentResource }}
{{- $_ := set $currentValsRef "data" (index $currentResource "data") }}
{{- end }}
KUBETAIL_SERVER_CSRF_SECRET: {{ .Values.kubetail.secrets.KUBETAIL_SERVER_CSRF_SECRET | default $currentValsRef.data.KUBETAIL_SERVER_CSRF_SECRET | default ((randAlphaNum 32) | b64enc | quote) }}
KUBETAIL_SERVER_SESSION_SECRET: {{ .Values.kubetail.secrets.KUBETAIL_SERVER_SESSION_SECRET | default $currentValsRef.data.KUBETAIL_SERVER_SESSION_SECRET | default ((randAlphaNum 32) | b64enc | quote) }}
{{- include "kubetail.server.secretData" . | nindent 2 }}
{{- end }}
11 changes: 3 additions & 8 deletions hack/kubetail-values-clusterauth.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,6 @@ namespaceOverride: kubetail
kubetail:
authMode: cluster

config: |
session:
secret: REPLACEME
csrf:
secret: REPLACEME
secret:
enabled: false
secrets:
KUBETAIL_SERVER_CSRF_SECRET: "cmVwbGFjZW1l"
KUBETAIL_SERVER_SESSION_SECRET: "cmVwbGFjZW1l"
11 changes: 3 additions & 8 deletions hack/kubetail-values-tokenauth.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,6 @@ namespaceOverride: kubetail
kubetail:
authMode: token

config: |
session:
secret: REPLACEME
csrf:
secret: REPLACEME
secret:
enabled: false
secrets:
KUBETAIL_SERVER_CSRF_SECRET: "cmVwbGFjZW1l"
KUBETAIL_SERVER_SESSION_SECRET: "cmVwbGFjZW1l"

0 comments on commit 8ca4d59

Please sign in to comment.