From e501bee2ff74c1f58b66dd7ec4307ce04b4358d3 Mon Sep 17 00:00:00 2001 From: Jorgen Evens Date: Wed, 10 Aug 2022 10:16:38 +0200 Subject: [PATCH] feat(s3): provide credentials using secrets - Compatible with `minio.existingSecret` in the minio chart. --- .../charts/alerts/templates/deployment.yaml | 14 ++++++++++++++ .../charts/assets/templates/deployment.yaml | 14 ++++++++++++++ .../charts/assist/templates/deployment.yaml | 14 ++++++++++++++ .../charts/chalice/templates/deployment.yaml | 14 ++++++++++++++ .../charts/frontend/templates/deployment.yaml | 14 ++++++++++++++ .../charts/http/templates/deployment.yaml | 14 ++++++++++++++ .../charts/peers/templates/deployment.yaml | 7 +++++++ .../charts/storage/templates/deployment.yaml | 14 ++++++++++++++ .../charts/utilities/templates/report-cron.yaml | 14 ++++++++++++++ .../utilities/templates/sessions-cleaner-cron.yaml | 14 ++++++++++++++ .../charts/utilities/templates/telemetry-cron.yaml | 14 ++++++++++++++ 11 files changed, 147 insertions(+) diff --git a/scripts/helmcharts/openreplay/charts/alerts/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/alerts/templates/deployment.yaml index 55f81f410..ac01dbdac 100644 --- a/scripts/helmcharts/openreplay/charts/alerts/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/alerts/templates/deployment.yaml @@ -75,9 +75,23 @@ spec: value: '{{ .Values.global.s3.endpoint }}' {{- end}} - name: S3_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: S3_SECRET + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: AWS_DEFAULT_REGION value: '{{ .Values.global.s3.region }}' - name: EMAIL_HOST diff --git a/scripts/helmcharts/openreplay/charts/assets/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/assets/templates/deployment.yaml index 47a79be24..350054599 100644 --- a/scripts/helmcharts/openreplay/charts/assets/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/assets/templates/deployment.yaml @@ -44,9 +44,23 @@ spec: {{- end}} env: - name: AWS_ACCESS_KEY_ID + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: AWS_SECRET_ACCESS_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: S3_BUCKET_ASSETS value: {{ .Values.global.s3.assetsBucket }} - name: LICENSE_KEY diff --git a/scripts/helmcharts/openreplay/charts/assist/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/assist/templates/deployment.yaml index eb6ada0da..e153e50c3 100644 --- a/scripts/helmcharts/openreplay/charts/assist/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/assist/templates/deployment.yaml @@ -56,9 +56,23 @@ spec: value: '{{ .Values.global.s3.endpoint }}' {{- end}} - name: S3_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: S3_SECRET + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: REDIS_URL value: {{ .Values.global.redis.redisHost }} {{- range $key, $val := .Values.env }} diff --git a/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml index a9f1c02e9..30b02b563 100644 --- a/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml @@ -85,9 +85,23 @@ spec: value: '{{ .Values.global.s3.endpoint }}' {{- end}} - name: S3_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: S3_SECRET + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: AWS_DEFAULT_REGION value: '{{ .Values.global.s3.region }}' - name: sessions_region diff --git a/scripts/helmcharts/openreplay/charts/frontend/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/frontend/templates/deployment.yaml index 7ee425824..c41dc1313 100644 --- a/scripts/helmcharts/openreplay/charts/frontend/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/frontend/templates/deployment.yaml @@ -44,9 +44,23 @@ spec: {{- end}} env: - name: AWS_ACCESS_KEY_ID + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: AWS_SECRET_ACCESS_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: AWS_REGION value: '{{ .Values.global.s3.region }}' - name: LICENSE_KEY diff --git a/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml index 5a835e3fe..6322ab754 100644 --- a/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml @@ -44,9 +44,23 @@ spec: {{- end}} env: - name: AWS_ACCESS_KEY_ID + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: AWS_SECRET_ACCESS_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: AWS_REGION value: '{{ .Values.global.s3.region }}' - name: LICENSE_KEY diff --git a/scripts/helmcharts/openreplay/charts/peers/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/peers/templates/deployment.yaml index cef60a000..2cbd395d9 100644 --- a/scripts/helmcharts/openreplay/charts/peers/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/peers/templates/deployment.yaml @@ -46,7 +46,14 @@ spec: - name: ASSIST_KEY value: {{ .Values.global.assistKey }} - name: S3_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} {{- range $key, $val := .Values.env }} - name: {{ $key }} value: '{{ $val }}' diff --git a/scripts/helmcharts/openreplay/charts/storage/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/storage/templates/deployment.yaml index 321bf0745..6a60e3ab3 100644 --- a/scripts/helmcharts/openreplay/charts/storage/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/storage/templates/deployment.yaml @@ -44,9 +44,23 @@ spec: {{- end}} env: - name: AWS_ACCESS_KEY_ID + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: AWS_SECRET_ACCESS_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: AWS_ENDPOINT value: '{{ .Values.global.s3.endpoint }}' - name: AWS_REGION_WEB diff --git a/scripts/helmcharts/openreplay/charts/utilities/templates/report-cron.yaml b/scripts/helmcharts/openreplay/charts/utilities/templates/report-cron.yaml index 96e17acf5..17fa52720 100644 --- a/scripts/helmcharts/openreplay/charts/utilities/templates/report-cron.yaml +++ b/scripts/helmcharts/openreplay/charts/utilities/templates/report-cron.yaml @@ -48,9 +48,23 @@ spec: value: '{{ .Values.global.s3.endpoint }}' {{- end}} - name: S3_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: S3_SECRET + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: AWS_DEFAULT_REGION value: '{{ .Values.global.s3.region }}' - name: sessions_region diff --git a/scripts/helmcharts/openreplay/charts/utilities/templates/sessions-cleaner-cron.yaml b/scripts/helmcharts/openreplay/charts/utilities/templates/sessions-cleaner-cron.yaml index 74e65b281..49bc8cfed 100644 --- a/scripts/helmcharts/openreplay/charts/utilities/templates/sessions-cleaner-cron.yaml +++ b/scripts/helmcharts/openreplay/charts/utilities/templates/sessions-cleaner-cron.yaml @@ -48,9 +48,23 @@ spec: value: '{{ .Values.global.s3.endpoint }}' {{- end}} - name: S3_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: S3_SECRET + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: AWS_DEFAULT_REGION value: '{{ .Values.global.s3.region }}' - name: sessions_region diff --git a/scripts/helmcharts/openreplay/charts/utilities/templates/telemetry-cron.yaml b/scripts/helmcharts/openreplay/charts/utilities/templates/telemetry-cron.yaml index 8b81ee057..b9044664f 100644 --- a/scripts/helmcharts/openreplay/charts/utilities/templates/telemetry-cron.yaml +++ b/scripts/helmcharts/openreplay/charts/utilities/templates/telemetry-cron.yaml @@ -48,9 +48,23 @@ spec: value: '{{ .Values.global.s3.endpoint }}' {{- end}} - name: S3_KEY + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: access-key + {{- else }} value: {{ .Values.global.s3.accessKey }} + {{- end }} - name: S3_SECRET + {{- if .Values.global.s3.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.global.s3.existingSecret }} + key: secret-key + {{- else }} value: {{ .Values.global.s3.secretKey }} + {{- end }} - name: AWS_DEFAULT_REGION value: '{{ .Values.global.s3.region }}' - name: sessions_region