Skip to content

feat: add support for external secrets to the opensearch-sync service #828

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
smlx wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: add support for external secrets to the opensearch-sync service #828

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 19 additions & 9 deletions charts/lagoon-core/templates/opensearch-sync.deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,6 @@ spec:
{{- end }}
- name: API_DB_ADDRESS
value: {{ include "lagoon-core.apiDB.fullname" . }}
- name: API_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "lagoon-core.apiDB.fullname" . }}
key: API_DB_PASSWORD
- name: KEYCLOAK_BASE_URL
{{- if .Values.keycloakFrontEndURL }}
value: {{ .Values.keycloakFrontEndURL }}/
Expand All @@ -54,15 +49,29 @@ spec:
{{- end }}
- name: KEYCLOAK_CLIENT_ID
value: lagoon-opensearch-sync
- name: OPENSEARCH_BASE_URL
value: {{ required "A valid .Values.elasticsearchURL required!" .Values.elasticsearchURL | quote }}
- name: OPENSEARCH_DASHBOARDS_BASE_URL
value: {{ required "A valid .Values.kibanaURL required!" .Values.kibanaURL | quote }}
{{- if .Values.opensearchSync.externalSecrets.enabled }}
{{- range .Values.opensearchSync.externalSecrets.references }}
- name: {{ coalesce .envVar .key }}
valueFrom:
secretKeyRef:
name: {{ .name }}
key: {{ .key }}
{{- end }}
{{- else }}
- name: API_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "lagoon-core.apiDB.fullname" . }}
key: API_DB_PASSWORD
- name: KEYCLOAK_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "lagoon-core.keycloak.fullname" . }}
key: KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET
- name: OPENSEARCH_BASE_URL
value: {{ required "A valid .Values.elasticsearchURL required!" .Values.elasticsearchURL | quote }}
- name: OPENSEARCH_DASHBOARDS_BASE_URL
value: {{ required "A valid .Values.kibanaURL required!" .Values.kibanaURL | quote }}
- name: OPENSEARCH_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
Expand All @@ -73,6 +82,7 @@ spec:
secretKeyRef:
name: {{ include "lagoon-core.opensearchSync.fullname" . }}
key: OPENSEARCH_CA_CERTIFICATE
{{- end }}
{{- range $key, $val := .Values.opensearchSync.additionalEnvs }}
- name: {{ $key }}
value: {{ $val | quote }}
Expand Down
2 changes: 1 addition & 1 deletion charts/lagoon-core/templates/opensearch-sync.secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.opensearchSync.enabled -}}
{{- if and .Values.opensearchSync.enabled (not .Values.opensearchSync.externalSecrets.enabled) -}}
apiVersion: v1
kind: Secret
type: Opaque
Expand Down
15 changes: 15 additions & 0 deletions charts/lagoon-core/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1037,6 +1037,21 @@ sshPortalAPI:

opensearchSync:
enabled: false
externalSecrets:
# If externalSecrets is enabled, the chart will not template a secret.
# Instead, secrets with the given names and keys must be created externally.
enabled: false
references:
- key: API_DB_PASSWORD
name: lagoon-core-api-db-external
- key: KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET
name: lagoon-core-keycloak-external
envVar: KEYCLOAK_CLIENT_SECRET
- key: LOGSDB_ADMIN_PASSWORD
name: lagoon-core-api-external
envVar: OPENSEARCH_ADMIN_PASSWORD
- key: OPENSEARCH_CA_CERTIFICATE
name: lagoon-core-opensearch-sync-external
image:
repository: ghcr.io/uselagoon/lagoon-opensearch-sync
pullPolicy: IfNotPresent
Expand Down
Loading