From e26f235f7b855badb5acf1f44a180e9b34be0e84 Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Tue, 16 Apr 2024 11:08:33 +0545 Subject: [PATCH 1/4] feat: randomly generate admin password --- chart/templates/deployment.yaml | 5 ++++- chart/templates/secrets.yaml | 12 +++++++++++- chart/values.yaml | 6 +++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 55568328..730c5ccd 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -45,7 +45,10 @@ spec: name: {{ .Values.db.jwtSecretKeyRef.name }} key: {{ .Values.db.jwtSecretKeyRef.key }} - name: ADMIN_PASSWORD - value: {{ .Values.adminPassword }} + valueFrom: + secretKeyRef: + name: {{ .Values.adminPassword.secretKeyRef.name }} + key: {{ .Values.adminPassword.secretKeyRef.key }} envFrom: - secretRef: name: {{ .Values.smtp.secretRef.name }} diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml index 1c3d95a5..a3dbd94f 100644 --- a/chart/templates/secrets.yaml +++ b/chart/templates/secrets.yaml @@ -44,9 +44,19 @@ stringData: SSLMODE: {{ $sslmode | quote }} DB_URL: {{ (print "postgres://" $user ":" $password "@" $postgresHost "/" $database "?sslmode=" $sslmode ) | quote }} DATABASE: {{ $database | quote }} - {{- end }} +{{- if .Values.adminPassword.secretKeyRef.create }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.adminPassword.secretKeyRef.name }} +type: Opaque +stringData: + password: {{ randAlphaNum 12 }} +{{- end}} + {{- if eq .Values.authProvider "kratos" }} --- apiVersion: v1 diff --git a/chart/values.yaml b/chart/values.yaml index 2e3d5a9c..6358abe8 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -133,7 +133,11 @@ smtp: # SMTP_PORT: # SMTP_USER: # SMTP_PASSWORD: -adminPassword: admin +adminPassword: + secretKeyRef: + create: true # set to false if you want to pass in an existing secret + name: mission-control-admin-password + key: password canary-checker: image: type: full From 384967c6a86fe72d2311cad732fc5fefef263554 Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Tue, 16 Apr 2024 11:12:51 +0545 Subject: [PATCH 2/4] chore: fix comment spacing --- chart/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index 6358abe8..1e754861 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -135,7 +135,8 @@ smtp: # SMTP_PASSWORD: adminPassword: secretKeyRef: - create: true # set to false if you want to pass in an existing secret + # set to false if you want to pass in an existing secret + create: true name: mission-control-admin-password key: password canary-checker: From 5b883028804376280f69077473cd11508bfd87c0 Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Mon, 22 Apr 2024 11:24:25 +0545 Subject: [PATCH 3/4] fix: use existing secret --- chart/templates/secrets.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml index a3dbd94f..792761bc 100644 --- a/chart/templates/secrets.yaml +++ b/chart/templates/secrets.yaml @@ -29,6 +29,16 @@ {{- $kratosSecret := ((lookup "v1" "Secret" .Release.Namespace (include "kratos-im.secretname" .)).data | default dict) -}} {{- $kratosDSN := (print "postgres://" $user ":" $password "@" $host "/" $database) -}} +## Admin Password +{{- $adminPasswordSecretInj := ( lookup "v1" "Secret" .Release.Namespace "mission-control-password" ) | default dict}} +{{- $adminpasswordSecretInjData := ( get $adminPasswordSecretInj "data" ) | default dict }} + +{{- $adminPasswordSecret := ( lookup "v1" "Secret" .Release.Namespace .Values.adminPassword.secretKeyRef.name ) | default dict}} +{{- $adminpasswordSecretData := ( get $adminPasswordSecret "data" ) | default dict }} + +{{- $adminPassword := (( get $adminpasswordSecretInjData "password") | b64dec ) | default (( get $adminpasswordSecretData "password") | b64dec ) | default ( randAlphaNum 12 ) }} +### + {{- if .Values.db.create }} --- apiVersion: v1 @@ -54,7 +64,7 @@ metadata: name: {{ .Values.adminPassword.secretKeyRef.name }} type: Opaque stringData: - password: {{ randAlphaNum 12 }} + password: {{$adminPassword | quote}} {{- end}} {{- if eq .Values.authProvider "kratos" }} From 00f199b810e2851c78a14fb4edb8eb309051480b Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Mon, 22 Apr 2024 18:35:01 +0545 Subject: [PATCH 4/4] fix: admin password --- chart/templates/secrets.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml index 792761bc..8d40c6d4 100644 --- a/chart/templates/secrets.yaml +++ b/chart/templates/secrets.yaml @@ -30,13 +30,10 @@ {{- $kratosDSN := (print "postgres://" $user ":" $password "@" $host "/" $database) -}} ## Admin Password -{{- $adminPasswordSecretInj := ( lookup "v1" "Secret" .Release.Namespace "mission-control-password" ) | default dict}} -{{- $adminpasswordSecretInjData := ( get $adminPasswordSecretInj "data" ) | default dict }} - {{- $adminPasswordSecret := ( lookup "v1" "Secret" .Release.Namespace .Values.adminPassword.secretKeyRef.name ) | default dict}} {{- $adminpasswordSecretData := ( get $adminPasswordSecret "data" ) | default dict }} -{{- $adminPassword := (( get $adminpasswordSecretInjData "password") | b64dec ) | default (( get $adminpasswordSecretData "password") | b64dec ) | default ( randAlphaNum 12 ) }} +{{- $adminPassword := (( get $adminpasswordSecretData "password") | b64dec ) | default ( randAlphaNum 12 ) }} ### {{- if .Values.db.create }}