From 57223d49ed070480a58dfe42bc1cda00e022b12e Mon Sep 17 00:00:00 2001 From: Kartik Shah Date: Wed, 16 Aug 2023 23:13:08 +0530 Subject: [PATCH] chore: add svix secret env var --- charts/galoy/templates/api-deployment.yaml | 5 +++++ charts/galoy/templates/galoy-cronjob.yaml | 6 ++++++ charts/galoy/templates/galoy-secrets.yaml | 14 ++++++++++++-- charts/galoy/templates/trigger-deployment.yaml | 6 ++++++ charts/galoy/templates/websocket-deployment.yaml | 6 ++++++ charts/galoy/values.yaml | 8 ++++++++ dev/galoy/main.tf | 10 ++++++++++ 7 files changed, 53 insertions(+), 2 deletions(-) diff --git a/charts/galoy/templates/api-deployment.yaml b/charts/galoy/templates/api-deployment.yaml index e91a6f6914..6458b8c3a3 100644 --- a/charts/galoy/templates/api-deployment.yaml +++ b/charts/galoy/templates/api-deployment.yaml @@ -75,6 +75,11 @@ spec: value: {{ .Values.tracing.otelExporterOtlpEndpoint | quote }} - name: TRACING_SERVICE_NAME value: "{{ .Values.tracing.prefix }}-{{ template "galoy.api.fullname" . }}" + - name: SVIX_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.galoy.svixExistingSecret.name }} + key: {{ .Values.galoy.svixExistingSecret.secret_key }} {{/* Databases */}} {{ include "galoy.mongodb.env" . | indent 8 }} {{ include "galoy.redis.env" . | indent 8 }} diff --git a/charts/galoy/templates/galoy-cronjob.yaml b/charts/galoy/templates/galoy-cronjob.yaml index 773a615cc5..ac0fd972dd 100644 --- a/charts/galoy/templates/galoy-cronjob.yaml +++ b/charts/galoy/templates/galoy-cronjob.yaml @@ -69,6 +69,12 @@ spec: {{ include "galoy.appcheck.env" . | indent 12 }} + - name: SVIX_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.galoy.svixExistingSecret.name }} + key: {{ .Values.galoy.svixExistingSecret.secret_key }} + {{ if .Values.galoy.trigger.backups.dropbox.enabled }} - name: DROPBOX_ACCESS_TOKEN valueFrom: diff --git a/charts/galoy/templates/galoy-secrets.yaml b/charts/galoy/templates/galoy-secrets.yaml index 3146b3d0cb..fc7d71866a 100644 --- a/charts/galoy/templates/galoy-secrets.yaml +++ b/charts/galoy/templates/galoy-secrets.yaml @@ -98,8 +98,18 @@ data: {{ .Values.galoy.twilioExistingSecret.verify_service_id }}: {{ .Values.secrets.twilioVerifyServiceId | toString | b64enc }} {{ .Values.galoy.twilioExistingSecret.account_sid_key }}: {{ .Values.secrets.twilioAccountSid | toString | b64enc }} {{ .Values.galoy.twilioExistingSecret.auth_token_key }}: {{ .Values.secrets.twilioAuthToken | toString | b64enc }} - - +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.galoy.svixExistingSecret.name }} + labels: + app: {{ template "galoy.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "twilio" +type: Opaque +data: + {{ .Values.galoy.svixExistingSecret.secret_key }}: {{ .Values.secrets.svixSecretKey | toString | b64enc }} --- apiVersion: v1 diff --git a/charts/galoy/templates/trigger-deployment.yaml b/charts/galoy/templates/trigger-deployment.yaml index 0362a3f365..2022bf79bb 100644 --- a/charts/galoy/templates/trigger-deployment.yaml +++ b/charts/galoy/templates/trigger-deployment.yaml @@ -119,6 +119,12 @@ spec: value: "/tmp/service-account.json" {{ end }} + - name: SVIX_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.galoy.svixExistingSecret.name }} + key: {{ .Values.galoy.svixExistingSecret.secret_key }} + {{ if .Values.galoy.trigger.probes.enabled }} livenessProbe: httpGet: diff --git a/charts/galoy/templates/websocket-deployment.yaml b/charts/galoy/templates/websocket-deployment.yaml index 86393d4de6..a293bb007b 100644 --- a/charts/galoy/templates/websocket-deployment.yaml +++ b/charts/galoy/templates/websocket-deployment.yaml @@ -98,6 +98,12 @@ spec: - name: PRICE_HOST value: {{ .Values.price.realtime.host | quote }} + - name: SVIX_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.galoy.svixExistingSecret.name }} + key: {{ .Values.galoy.svixExistingSecret.secret_key }} + {{ if .Values.galoy.websocket.firebaseNotifications.enabled }} - name: GOOGLE_APPLICATION_CREDENTIALS value: "/tmp/firebase-service-account/service-account.json" diff --git a/charts/galoy/values.yaml b/charts/galoy/values.yaml index 7989be0753..8d455014e4 100644 --- a/charts/galoy/values.yaml +++ b/charts/galoy/values.yaml @@ -493,6 +493,12 @@ galoy: auth_token_key: TWILIO_AUTH_TOKEN ## Mattermost webhook url mattermostWebhookUrl: "" + ## Svix secret + svixExistingSecret: + # Secret Name + name: svix-secret + # Svix secret + secret_key: svix-secret # Configuration values for the mongodb dependency. # Ref: https://artifacthub.io/packages/helm/bitnami/mongodb/ # @@ -618,6 +624,8 @@ secrets: ## Secret for Galoy app kratosMasterUserPassword: kratosCallbackApiKey: + ## Secret for Svix + svixSecretKey: ## Tracing details ## tracing: diff --git a/dev/galoy/main.tf b/dev/galoy/main.tf index 6081247420..29bc748de4 100644 --- a/dev/galoy/main.tf +++ b/dev/galoy/main.tf @@ -275,6 +275,16 @@ resource "kubernetes_secret" "kratos_master_user_password" { } } +resource "kubernetes_secret" "svix_secret" { + metadata { + name = "svix-secret" + namespace = kubernetes_namespace.galoy.metadata[0].name + } + data = { + "svix-secret" = "dummy" + } +} + resource "helm_release" "galoy" { name = "galoy" chart = "${path.module}/../../charts/galoy"