truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-13 17:52:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

move to remembered secrets for safety

Browse Source
This commit is contained in:
Stavros kois
2022-11-03 11:09:36 +02:00
parent d95846be07
commit f87a48405e
2 changed files with 23 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
test/minio/1.7.0/templates/logsearchapi-secret.yaml
View File

@@ -1,18 +1,25 @@
{{ if .Values.logsearchapi.enabled }}
{{ $logSearchValues := (. | mustDeepCopy) }}
{{ $_ := set $logSearchValues "common" (dict "nameSuffix" (include "logsearchapi.nameSuffix" .)) }}
{{ $auditToken := randAlphaNum 32 | b64enc }}
{{ $queryToken := randAlphaNum 32 | b32enc }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "logsearchapi.secretName" . }}
data:
{{/*
Those are passed to environment variables, which sets everything on startup
There is no need to remember previously created secrets.
*/}}
{{ $auditToken := randAlphaNum 32 }}
auditToken: {{ $auditToken | b64enc }}
queryToken: {{ randAlphaNum 32 | b64enc }}
{{ with (lookup "v1" "Secret" .Release.Namespace (include "logsearchapi.secretName")) }}
{{ $auditToken = (index .data "auditToken") }}
{{ end }}
auditToken: {{ $auditToken }}
{{ with (lookup "v1" "Secret" .Release.Namespace (include "logsearchapi.secretName")) }}
{{ $queryToken = (index .data "queryToken") }}
{{ end }}
queryToken: {{ $queryToken }}
logQueryURL: {{ (printf "http://%v:8080" (include "common.names.fullname" $logSearchValues)) | b64enc }}
webhookURL: {{ (printf "http://%v:8080/api/ingest?token=%v" (include "common.names.fullname" $logSearchValues) $auditToken) | b64enc }}
webhookURL: {{ (printf "http://%v:8080/api/ingest?token=%v" (include "common.names.fullname" $logSearchValues) ($auditToken | b64dec)) | b64enc }}
{{ end }}

14
test/minio/1.7.0/templates/postgres-secret.yaml
View File

@@ -1,20 +1,22 @@
{{ if .Values.logsearchapi.enabled }}
{{ $dbPass := randAlphaNum 32 | b64enc }}
{{ $pgValues := (. | mustDeepCopy) }}
{{ $_ := set $pgValues "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }}
{{ $dbPass := randAlphaNum 32 | b64enc }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "postgres.secretName" . }}
data:
db_user: {{ include "postgres.dbUser" . | b64enc }}
db_name: {{ include "postgres.dbName" . | b64enc }}
{{ with (lookup "v1" "Secret" .Release.Namespace (include "postgres.secretName" .)) }}
{{ $dbPass = (index .data "db_password") }}
db_password: {{ $dbPass }}
{{ else }}
db_password: {{ $dbPass }}
{{ end }}
db_password: {{ $dbPass }}
db_user: {{ include "postgres.dbUser" . | b64enc }}
db_name: {{ include "postgres.dbName" . | b64enc }}
postgresURL: {{ printf "postgres://%v:%v@%v:5432/%v?sslmode=disable" (include "postgres.dbUser" .) ($dbPass | b64dec) (include "common.names.fullname" $pgValues) (include "postgres.dbName" .) | b64enc }}
postgresHost: {{ printf "%v" (include "common.names.fullname" $pgValues) | b64enc }}
{{ end }}