diff --git a/crd-docs/crd/kiali.io_kialis.yaml b/crd-docs/crd/kiali.io_kialis.yaml index b03dc1a1..89a44a09 100644 --- a/crd-docs/crd/kiali.io_kialis.yaml +++ b/crd-docs/crd/kiali.io_kialis.yaml @@ -712,7 +712,7 @@ spec: description: "When true and if `auth.type` is `bearer`, Kiali Service Account token will be used for the API calls to Prometheus (in this case, `auth.token` config is ignored)." type: boolean username: - description: "Username to be used when making requests to Prometheus with `basic` authentication." + description: "Username to be used when making requests to Prometheus with `basic` authentication. May refer to a secret." type: string cache_duration: description: "Prometheus caching duration expressed in seconds." @@ -780,7 +780,7 @@ spec: description: "When true and if `auth.type` is `bearer`, Kiali Service Account token will be used for the API calls to Grafana (in this case, `auth.token` config is ignored)." type: boolean username: - description: "Username to be used when making requests to Grafana with `basic` authentication." + description: "Username to be used when making requests to Grafana with `basic` authentication. May refer to a secret." type: string dashboards: description: "A list of Grafana dashboards that Kiali can link to." @@ -938,7 +938,7 @@ spec: description: "When true and if `auth.type` is `bearer`, Kiali Service Account token will be used for the API calls to Prometheus (in this case, `auth.token` config is ignored)." type: boolean username: - description: "Username to be used when making requests to Prometheus with `basic` authentication." + description: "Username to be used when making requests to Prometheus with `basic` authentication. May refer to a secret." type: string cache_duration: description: "Prometheus caching duration expressed in seconds." @@ -1006,7 +1006,7 @@ spec: description: "When true and if `auth.type` is `bearer`, Kiali Service Account token will be used for the API calls to the Tracing server (in this case, `auth.token` config is ignored)." type: boolean username: - description: "Username to be used when making requests to the Tracing server with `basic` authentication." + description: "Username to be used when making requests to the Tracing server with `basic` authentication. May refer to a secret." type: string custom_headers: description: "A set of name/value settings that will be passed as headers when requests are sent to the Tracing backend." diff --git a/roles/default/kiali-deploy/tasks/main.yml b/roles/default/kiali-deploy/tasks/main.yml index 3a3d9edd..c096b853 100644 --- a/roles/default/kiali-deploy/tasks/main.yml +++ b/roles/default/kiali-deploy/tasks/main.yml @@ -591,6 +591,11 @@ {# Initialize #} {% set d = {} %} + {# Prepare the secret volume for prometheus username #} + {% if kiali_vars.external_services.prometheus.auth.username | regex_search('secret:.+:.+') %} + {% set d = d | combine({'prometheus-username': {'secret_name': kiali_vars.external_services.prometheus.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.prometheus.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + {# Prepare the secret volume for prometheus password #} {% if kiali_vars.external_services.prometheus.auth.password | regex_search('secret:.+:.+') %} {% set d = d | combine({'prometheus-password': {'secret_name': kiali_vars.external_services.prometheus.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.prometheus.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %} @@ -601,6 +606,11 @@ {% set d = d | combine({'prometheus-token': {'secret_name': kiali_vars.external_services.prometheus.auth.token | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.prometheus.auth.token | regex_replace('secret:.+:(.+)', '\\1') }}) %} {% endif %} + {# Prepare the secret volume for tracing username #} + {% if kiali_vars.external_services.tracing.enabled|bool == True and kiali_vars.external_services.tracing.auth.username | regex_search('secret:.+:.+') %} + {% set d = d | combine({'tracing-username': {'secret_name': kiali_vars.external_services.tracing.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.tracing.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + {# Prepare the secret volume for tracing password #} {% if kiali_vars.external_services.tracing.enabled|bool == True and kiali_vars.external_services.tracing.auth.password | regex_search('secret:.+:.+') %} {% set d = d | combine({'tracing-password': {'secret_name': kiali_vars.external_services.tracing.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.tracing.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %} @@ -611,6 +621,11 @@ {% set d = d | combine({'tracing-token': {'secret_name': kiali_vars.external_services.tracing.auth.token | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.tracing.auth.token | regex_replace('secret:.+:(.+)', '\\1') }}) %} {% endif %} + {# Prepare the secret volume for grafana username #} + {% if kiali_vars.external_services.grafana.enabled|bool == True and kiali_vars.external_services.grafana.auth.username | regex_search('secret:.+:.+') %} + {% set d = d | combine({'grafana-username': {'secret_name': kiali_vars.external_services.grafana.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.grafana.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + {# Prepare the secret volume for grafana password #} {% if kiali_vars.external_services.grafana.enabled|bool == True and kiali_vars.external_services.grafana.auth.password | regex_search('secret:.+:.+') %} {% set d = d | combine({'grafana-password': {'secret_name': kiali_vars.external_services.grafana.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.grafana.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %} @@ -626,6 +641,21 @@ {% set d = d | combine({'login-token-signing-key': {'secret_name': kiali_vars.login_token.signing_key | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.login_token.signing_key | regex_replace('secret:.+:(.+)', '\\1') }}) %} {% endif %} + {# Prepare the secret volume for customdashboards prometheus username #} + {% if kiali_vars.external_services.custom_dashboards.prometheus.auth.username | regex_search('secret:.+:.+') %} + {% set d = d | combine({'customdashboards-prometheus-username': {'secret_name': kiali_vars.external_services.custom_dashboards.prometheus.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.custom_dashboards.prometheus.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + + {# Prepare the secret volume for customdashboards prometheus password #} + {% if kiali_vars.external_services.custom_dashboards.prometheus.auth.password | regex_search('secret:.+:.+') %} + {% set d = d | combine({'customdashboards-prometheus-password': {'secret_name': kiali_vars.external_services.custom_dashboards.prometheus.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.custom_dashboards.prometheus.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + + {# Prepare the secret volume for customdashboards prometheus token #} + {% if kiali_vars.external_services.custom_dashboards.prometheus.auth.token | regex_search('secret:.+:.+') %} + {% set d = d | combine({'customdashboards-prometheus-token': {'secret_name': kiali_vars.external_services.custom_dashboards.prometheus.auth.token | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.custom_dashboards.prometheus.auth.token | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + {# Set the yaml to the new dict #} {{ d | to_nice_yaml }} set_fact: