Skip to content

Commit

Permalink
chore(KIEM): move auth token to K8s secret
Browse files Browse the repository at this point in the history
Signed-off-by: Rudraksh Pareek <[email protected]>
  • Loading branch information
DelusionalOptimist committed Aug 27, 2024
1 parent 19edd10 commit 8fb5584
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 5 deletions.
11 changes: 9 additions & 2 deletions kiem-job/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,19 @@ spec:
name: accuknox-kiem-cronjob
resources: {}
env:
- name: AUTH_TOKEN
valueFrom:
secretKeyRef:
key: AUTH_TOKEN
{{- if (.Values.accuknox.secretName | empty) }}
name: kiem-job-auth-token
{{- else }}
name: {{ .Values.accuknox.secretName }}
{{- end }}
- name: URL
value: {{ .Values.accuknox.URL }}
- name: TENANT_ID
value: {{ .Values.accuknox.tenantID | quote }}
- name: AUTH_TOKEN
value: {{ .Values.accuknox.authToken }}
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
- name: LABEL_NAME
Expand Down
13 changes: 10 additions & 3 deletions kiem-job/templates/job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,19 @@ spec:
name: accuknox-kiem-job
resources: {}
env:
- name: AUTH_TOKEN
valueFrom:
secretKeyRef:
key: AUTH_TOKEN
{{- if (.Values.accuknox.secretName | empty) }}
name: kiem-job-auth-token
{{- else }}
name: {{ .Values.accuknox.secretName }}
{{- end }}
- name: URL
value: {{ .Values.accuknox.URL }}
- name: TENANT_ID
value: {{ .Values.accuknox.tenantID | quote }}
- name: AUTH_TOKEN
value: {{ .Values.accuknox.authToken }}
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
- name: LABEL_NAME
Expand All @@ -42,4 +49,4 @@ spec:
- name: datapath
emptyDir: {}
restartPolicy: OnFailure
serviceAccount: kiem-service-account
serviceAccount: kiem-service-account
10 changes: 10 additions & 0 deletions kiem-job/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{{- if (.Values.accuknox.secretName | empty) }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: kiem-job-auth-token
namespace: {{ .Release.Namespace }}
data:
AUTH_TOKEN: {{ .Values.accuknox.authToken | b64enc }}
{{- end }}
1 change: 1 addition & 0 deletions kiem-job/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@ accuknox:
cronTab: "30 9 * * *"
clusterName: ""
label: ""
secretName: ""

0 comments on commit 8fb5584

Please sign in to comment.