From dae2d3240c9b11b6009f7a709f53d038e393291a Mon Sep 17 00:00:00 2001 From: Manuel Ganter Date: Tue, 2 Dec 2025 13:46:07 +0100 Subject: [PATCH 1/8] added existing edge connect secret --- charts/garm/templates/deployment.yaml | 4 ++++ charts/garm/templates/secrets.yaml | 4 +++- charts/garm/values.yaml | 5 +++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/garm/templates/deployment.yaml b/charts/garm/templates/deployment.yaml index 297518c..513d430 100644 --- a/charts/garm/templates/deployment.yaml +++ b/charts/garm/templates/deployment.yaml @@ -55,7 +55,11 @@ spec: secretName: {{ include "garm.fullname" . }}-config - name: edge-connect-creds secret: + {{- if .Values.credentials.edgeConnect.existingSecretName }} + secretName: {{ .Values.credentials.edgeConnect.existingSecretName | quote }} + {{- else }} secretName: {{ include "garm.fullname" . }}-edge-connect-creds + {{- end }} - name: garm-data persistentVolumeClaim: claimName: {{ include "garm.fullname" . }} \ No newline at end of file diff --git a/charts/garm/templates/secrets.yaml b/charts/garm/templates/secrets.yaml index 060217d..12acd21 100644 --- a/charts/garm/templates/secrets.yaml +++ b/charts/garm/templates/secrets.yaml @@ -86,6 +86,7 @@ stringData: [cloudlet] name = {{ .Values.providerConfig.edgeConnect.cloudlet.name | quote }} organization = {{ .Values.providerConfig.edgeConnect.cloudlet.organization | quote }} +{{- if not .Values.credentials.edgeConnect.existingSecretName }} --- apiVersion: v1 kind: Secret @@ -98,4 +99,5 @@ metadata: stringData: creds.toml: | username = "{{ required "Edge Connect username is required" .Values.credentials.edgeConnect.username }}" - password = "{{ required "Edge Connect password is required" .Values.credentials.edgeConnect.password }}" \ No newline at end of file + password = "{{ required "Edge Connect password is required" .Values.credentials.edgeConnect.password }}" +{{- end }} diff --git a/charts/garm/values.yaml b/charts/garm/values.yaml index 6f90e09..484cf2a 100644 --- a/charts/garm/values.yaml +++ b/charts/garm/values.yaml @@ -118,8 +118,9 @@ credentials: # password: "changeme-generate-strong-password" email: "admin@example.com" edgeConnect: - username: "" # Required - password: "" # Required + existingSecretName: null + username: "" # Required if existingSecretName not specified + password: "" # Required if existingSecretName not specified gitea: url: "https://garm-provider-test.t09.de" # Required From 04339b0efcc7a34794e611c4196abf2df1843558 Mon Sep 17 00:00:00 2001 From: Manuel Ganter Date: Tue, 2 Dec 2025 14:56:26 +0100 Subject: [PATCH 2/8] added lookup for garm db password and jwtSecret to prevent regeneration --- charts/garm/templates/_credentials.tpl | 20 +++++++++----------- charts/garm/values.yaml | 3 --- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/charts/garm/templates/_credentials.tpl b/charts/garm/templates/_credentials.tpl index cc41a51..e93bd03 100644 --- a/charts/garm/templates/_credentials.tpl +++ b/charts/garm/templates/_credentials.tpl @@ -33,24 +33,22 @@ Get Gitea token - either user-provided or generated {{- end -}} {{- end -}} -{{/* -Get JWT secret - either user-provided or generated -*/}} {{- define "garm.jwtSecret" -}} -{{- if .Values.garm.jwtAuth.secret -}} -{{- .Values.garm.jwtAuth.secret -}} +{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}} +{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).jwt_auth.secret) -}} +{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}} +{{ $another.jwt_auth.secret }} {{- else -}} {{- include "garm.randomString" . -}} {{- end -}} {{- end -}} -{{/* -Get database passphrase - either user-provided or generated -*/}} {{- define "garm.dbPassphrase" -}} -{{- if .Values.garm.database.passphrase -}} -{{- .Values.garm.database.passphrase -}} +{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}} +{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).database.passphrase) -}} +{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}} +{{ $another.database.passphrase }} {{- else -}} {{- include "garm.randomString" . -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/garm/values.yaml b/charts/garm/values.yaml index 484cf2a..2e3629f 100644 --- a/charts/garm/values.yaml +++ b/charts/garm/values.yaml @@ -52,8 +52,6 @@ garm: disableAuth: false jwtAuth: - # You should change this in production - # secret: "changeme-use-a-secure-random-string" timeToLive: "8760h" apiserver: @@ -65,7 +63,6 @@ garm: database: backend: sqlite3 - # passphrase: "changeme-use-a-secure-random-string" sqlite3: dbFile: "/garm/garm.db" From 1663fd5359bac20c04a463b29c85f3b2b41d7a84 Mon Sep 17 00:00:00 2001 From: "manuel.ganter" Date: Mon, 8 Dec 2025 10:05:53 +0000 Subject: [PATCH 3/8] added defualt as default flavor --- charts/garm/templates/secrets.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/garm/templates/secrets.yaml b/charts/garm/templates/secrets.yaml index 12acd21..d4dd939 100644 --- a/charts/garm/templates/secrets.yaml +++ b/charts/garm/templates/secrets.yaml @@ -82,6 +82,7 @@ stringData: edge_connect_url = {{ .Values.providerConfig.edgeConnect.edgeConnectUrl | quote }} log_file = "/garm/provider.log" credentials_file = "/etc/garm-creds/creds.toml" + default_flavor = "defualt" [cloudlet] name = {{ .Values.providerConfig.edgeConnect.cloudlet.name | quote }} From b433505582275e3b3420e5a3ff9fb91ead6a8ae3 Mon Sep 17 00:00:00 2001 From: "Patrick.Sy" Date: Mon, 15 Dec 2025 15:32:19 +0000 Subject: [PATCH 4/8] Update charts/garm/templates/secrets.yaml Changed default flavor to EU.small for edge --- charts/garm/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/garm/templates/secrets.yaml b/charts/garm/templates/secrets.yaml index d4dd939..9848454 100644 --- a/charts/garm/templates/secrets.yaml +++ b/charts/garm/templates/secrets.yaml @@ -82,7 +82,7 @@ stringData: edge_connect_url = {{ .Values.providerConfig.edgeConnect.edgeConnectUrl | quote }} log_file = "/garm/provider.log" credentials_file = "/etc/garm-creds/creds.toml" - default_flavor = "defualt" + default_flavor = "EU.small" [cloudlet] name = {{ .Values.providerConfig.edgeConnect.cloudlet.name | quote }} From d7fcd61de0d774124b190085b075570c7e7368ad Mon Sep 17 00:00:00 2001 From: Martin McCaffery Date: Fri, 19 Dec 2025 17:07:08 +0100 Subject: [PATCH 5/8] base64 encode edge provider config toml --- charts/garm/edge-connect-provider-config.toml | 10 ++++++++++ charts/garm/templates/secrets.yaml | 12 +----------- 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 charts/garm/edge-connect-provider-config.toml diff --git a/charts/garm/edge-connect-provider-config.toml b/charts/garm/edge-connect-provider-config.toml new file mode 100644 index 0000000..6dabe4a --- /dev/null +++ b/charts/garm/edge-connect-provider-config.toml @@ -0,0 +1,10 @@ + organization = {{ .Values.providerConfig.edgeConnect.organization | quote }} + region = {{ .Values.providerConfig.edgeConnect.region | quote }} + edge_connect_url = {{ .Values.providerConfig.edgeConnect.edgeConnectUrl | quote }} + log_file = "/garm/provider.log" + credentials_file = "/etc/garm-creds/creds.toml" + default_flavor = "EU.small" + + [cloudlet] + name = {{ .Values.providerConfig.edgeConnect.cloudlet.name | quote }} + organization = {{ .Values.providerConfig.edgeConnect.cloudlet.organization | quote }} diff --git a/charts/garm/templates/secrets.yaml b/charts/garm/templates/secrets.yaml index 9848454..5784191 100644 --- a/charts/garm/templates/secrets.yaml +++ b/charts/garm/templates/secrets.yaml @@ -76,17 +76,7 @@ stringData: flavors: {{- toYaml .Values.providerConfig.k8s.flavors | nindent 6 }} - edge-connect-provider-config.toml: | - organization = {{ .Values.providerConfig.edgeConnect.organization | quote }} - region = {{ .Values.providerConfig.edgeConnect.region | quote }} - edge_connect_url = {{ .Values.providerConfig.edgeConnect.edgeConnectUrl | quote }} - log_file = "/garm/provider.log" - credentials_file = "/etc/garm-creds/creds.toml" - default_flavor = "EU.small" - - [cloudlet] - name = {{ .Values.providerConfig.edgeConnect.cloudlet.name | quote }} - organization = {{ .Values.providerConfig.edgeConnect.cloudlet.organization | quote }} + edge-connect-provider-config.toml: {{ tpl (.Files.Get "../edge-connect-provider-config.toml") . | b64enc }} {{- if not .Values.credentials.edgeConnect.existingSecretName }} --- apiVersion: v1 From d63917dfc7521d53c921d7f2419529f70154cd24 Mon Sep 17 00:00:00 2001 From: Martin McCaffery Date: Mon, 22 Dec 2025 10:01:54 +0100 Subject: [PATCH 6/8] Update config toml to new format, parameterise defaultFlavor --- charts/garm/edge-connect-provider-config.toml | 10 ---------- charts/garm/templates/secrets.yaml | 14 +++++++++++++- charts/garm/values.yaml | 1 + 3 files changed, 14 insertions(+), 11 deletions(-) delete mode 100644 charts/garm/edge-connect-provider-config.toml diff --git a/charts/garm/edge-connect-provider-config.toml b/charts/garm/edge-connect-provider-config.toml deleted file mode 100644 index 6dabe4a..0000000 --- a/charts/garm/edge-connect-provider-config.toml +++ /dev/null @@ -1,10 +0,0 @@ - organization = {{ .Values.providerConfig.edgeConnect.organization | quote }} - region = {{ .Values.providerConfig.edgeConnect.region | quote }} - edge_connect_url = {{ .Values.providerConfig.edgeConnect.edgeConnectUrl | quote }} - log_file = "/garm/provider.log" - credentials_file = "/etc/garm-creds/creds.toml" - default_flavor = "EU.small" - - [cloudlet] - name = {{ .Values.providerConfig.edgeConnect.cloudlet.name | quote }} - organization = {{ .Values.providerConfig.edgeConnect.cloudlet.organization | quote }} diff --git a/charts/garm/templates/secrets.yaml b/charts/garm/templates/secrets.yaml index 5784191..16fb40f 100644 --- a/charts/garm/templates/secrets.yaml +++ b/charts/garm/templates/secrets.yaml @@ -76,7 +76,19 @@ stringData: flavors: {{- toYaml .Values.providerConfig.k8s.flavors | nindent 6 }} - edge-connect-provider-config.toml: {{ tpl (.Files.Get "../edge-connect-provider-config.toml") . | b64enc }} + edge-connect-provider-config.toml: | + log_file = "/garm/provider.log" + credentials_file = "/etc/garm-creds/creds.toml" + + [edge_connect] + organization = {{ .Values.providerConfig.edgeConnect.organization | quote }} + region = {{ .Values.providerConfig.edgeConnect.region | quote }} + url = {{ .Values.providerConfig.edgeConnect.edgeConnectUrl | quote }} + default_flavor = {{ .Values.providerConfig.edgeConnect.defaultFlavor | quote }} + + [edge_connect.cloudlet] + name = {{ .Values.providerConfig.edgeConnect.cloudlet.name | quote }} + organization = {{ .Values.providerConfig.edgeConnect.cloudlet.organization | quote }} {{- if not .Values.credentials.edgeConnect.existingSecretName }} --- apiVersion: v1 diff --git a/charts/garm/values.yaml b/charts/garm/values.yaml index 2e3629f..6d0f162 100644 --- a/charts/garm/values.yaml +++ b/charts/garm/values.yaml @@ -103,6 +103,7 @@ providerConfig: organization: "edp-developer-framework" region: "EU" edgeConnectUrl: "https://hub.apps.edge.platform.mg3.mdb.osc.live" + defaultFlavor: "EU.small" cloudlet: name: "Munich" organization: "TelekomOP" From 8e6647a86fe225037abacbb8271fefe45e038d51 Mon Sep 17 00:00:00 2001 From: "martin.mccaffery" Date: Mon, 22 Dec 2025 09:11:35 +0000 Subject: [PATCH 7/8] Update garm image version to provider-ec-43 --- charts/garm/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/garm/values.yaml b/charts/garm/values.yaml index 6d0f162..561c2a5 100644 --- a/charts/garm/values.yaml +++ b/charts/garm/values.yaml @@ -4,7 +4,7 @@ fullnameOverride: "" image: repository: edp.buildth.ing/devfw-cicd/garm - tag: provider-ec-40 + tag: provider-ec-43 pullPolicy: Always replicaCount: 1 From b46e1d03b5ab58558d5677e2df0c20b970e9ac3d Mon Sep 17 00:00:00 2001 From: Martin McCaffery Date: Mon, 22 Dec 2025 10:29:24 +0100 Subject: [PATCH 8/8] Prevent garm db passphrase regeneration on redeployment --- charts/garm/templates/_credentials.tpl | 7 +++---- charts/garm/templates/secrets.yaml | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/charts/garm/templates/_credentials.tpl b/charts/garm/templates/_credentials.tpl index e93bd03..c899cfc 100644 --- a/charts/garm/templates/_credentials.tpl +++ b/charts/garm/templates/_credentials.tpl @@ -44,10 +44,9 @@ Get Gitea token - either user-provided or generated {{- end -}} {{- define "garm.dbPassphrase" -}} -{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}} -{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).database.passphrase) -}} -{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}} -{{ $another.database.passphrase }} +{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-db-credentials" ( include "garm.fullname" . )) -}} +{{- if and $secret (index $secret.data "passphrase" | b64dec) -}} +{{- (index $secret.data "passphrase" | b64dec) -}} {{- else -}} {{- include "garm.randomString" . -}} {{- end -}} diff --git a/charts/garm/templates/secrets.yaml b/charts/garm/templates/secrets.yaml index 16fb40f..044a1ef 100644 --- a/charts/garm/templates/secrets.yaml +++ b/charts/garm/templates/secrets.yaml @@ -14,6 +14,22 @@ stringData: GARM_URL: {{ printf "https://%s" (index .Values.ingress.hosts 0).host | quote }} GIT_URL: {{ .Values.credentials.gitea.url | quote }} --- +{{- $secretName := printf "%s%s" (include "garm.fullname" .) "-db-credentials" -}} +{{- $secretExists := lookup "v1" "Secret" .Release.Namespace $secretName -}} + +{{- if not $secretExists -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" +stringData: + passphrase: {{- include "garm.randomString" . -}} +{{- end -}} +--- apiVersion: v1 kind: Secret metadata: