diff --git a/charts/garm/templates/_credentials.tpl b/charts/garm/templates/_credentials.tpl index c899cfc..cc41a51 100644 --- a/charts/garm/templates/_credentials.tpl +++ b/charts/garm/templates/_credentials.tpl @@ -33,21 +33,24 @@ Get Gitea token - either user-provided or generated {{- end -}} {{- end -}} +{{/* +Get JWT secret - either user-provided or generated +*/}} {{- define "garm.jwtSecret" -}} -{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}} -{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).jwt_auth.secret) -}} -{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}} -{{ $another.jwt_auth.secret }} +{{- if .Values.garm.jwtAuth.secret -}} +{{- .Values.garm.jwtAuth.secret -}} {{- else -}} {{- include "garm.randomString" . -}} {{- end -}} {{- end -}} +{{/* +Get database passphrase - either user-provided or generated +*/}} {{- define "garm.dbPassphrase" -}} -{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-db-credentials" ( include "garm.fullname" . )) -}} -{{- if and $secret (index $secret.data "passphrase" | b64dec) -}} -{{- (index $secret.data "passphrase" | b64dec) -}} +{{- if .Values.garm.database.passphrase -}} +{{- .Values.garm.database.passphrase -}} {{- else -}} {{- include "garm.randomString" . -}} {{- end -}} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/garm/templates/deployment.yaml b/charts/garm/templates/deployment.yaml index 513d430..297518c 100644 --- a/charts/garm/templates/deployment.yaml +++ b/charts/garm/templates/deployment.yaml @@ -55,11 +55,7 @@ spec: secretName: {{ include "garm.fullname" . }}-config - name: edge-connect-creds secret: - {{- if .Values.credentials.edgeConnect.existingSecretName }} - secretName: {{ .Values.credentials.edgeConnect.existingSecretName | quote }} - {{- else }} secretName: {{ include "garm.fullname" . }}-edge-connect-creds - {{- end }} - name: garm-data persistentVolumeClaim: claimName: {{ include "garm.fullname" . }} \ No newline at end of file diff --git a/charts/garm/templates/secrets.yaml b/charts/garm/templates/secrets.yaml index 044a1ef..060217d 100644 --- a/charts/garm/templates/secrets.yaml +++ b/charts/garm/templates/secrets.yaml @@ -14,22 +14,6 @@ stringData: GARM_URL: {{ printf "https://%s" (index .Values.ingress.hosts 0).host | quote }} GIT_URL: {{ .Values.credentials.gitea.url | quote }} --- -{{- $secretName := printf "%s%s" (include "garm.fullname" .) "-db-credentials" -}} -{{- $secretExists := lookup "v1" "Secret" .Release.Namespace $secretName -}} - -{{- if not $secretExists -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-5" -stringData: - passphrase: {{- include "garm.randomString" . -}} -{{- end -}} ---- apiVersion: v1 kind: Secret metadata: @@ -93,19 +77,15 @@ stringData: {{- toYaml .Values.providerConfig.k8s.flavors | nindent 6 }} edge-connect-provider-config.toml: | + organization = {{ .Values.providerConfig.edgeConnect.organization | quote }} + region = {{ .Values.providerConfig.edgeConnect.region | quote }} + edge_connect_url = {{ .Values.providerConfig.edgeConnect.edgeConnectUrl | quote }} log_file = "/garm/provider.log" credentials_file = "/etc/garm-creds/creds.toml" - [edge_connect] - organization = {{ .Values.providerConfig.edgeConnect.organization | quote }} - region = {{ .Values.providerConfig.edgeConnect.region | quote }} - url = {{ .Values.providerConfig.edgeConnect.edgeConnectUrl | quote }} - default_flavor = {{ .Values.providerConfig.edgeConnect.defaultFlavor | quote }} - - [edge_connect.cloudlet] + [cloudlet] name = {{ .Values.providerConfig.edgeConnect.cloudlet.name | quote }} organization = {{ .Values.providerConfig.edgeConnect.cloudlet.organization | quote }} -{{- if not .Values.credentials.edgeConnect.existingSecretName }} --- apiVersion: v1 kind: Secret @@ -118,5 +98,4 @@ metadata: stringData: creds.toml: | username = "{{ required "Edge Connect username is required" .Values.credentials.edgeConnect.username }}" - password = "{{ required "Edge Connect password is required" .Values.credentials.edgeConnect.password }}" -{{- end }} + password = "{{ required "Edge Connect password is required" .Values.credentials.edgeConnect.password }}" \ No newline at end of file diff --git a/charts/garm/values.yaml b/charts/garm/values.yaml index 561c2a5..6f90e09 100644 --- a/charts/garm/values.yaml +++ b/charts/garm/values.yaml @@ -4,7 +4,7 @@ fullnameOverride: "" image: repository: edp.buildth.ing/devfw-cicd/garm - tag: provider-ec-43 + tag: provider-ec-40 pullPolicy: Always replicaCount: 1 @@ -52,6 +52,8 @@ garm: disableAuth: false jwtAuth: + # You should change this in production + # secret: "changeme-use-a-secure-random-string" timeToLive: "8760h" apiserver: @@ -63,6 +65,7 @@ garm: database: backend: sqlite3 + # passphrase: "changeme-use-a-secure-random-string" sqlite3: dbFile: "/garm/garm.db" @@ -103,7 +106,6 @@ providerConfig: organization: "edp-developer-framework" region: "EU" edgeConnectUrl: "https://hub.apps.edge.platform.mg3.mdb.osc.live" - defaultFlavor: "EU.small" cloudlet: name: "Munich" organization: "TelekomOP" @@ -116,9 +118,8 @@ credentials: # password: "changeme-generate-strong-password" email: "admin@example.com" edgeConnect: - existingSecretName: null - username: "" # Required if existingSecretName not specified - password: "" # Required if existingSecretName not specified + username: "" # Required + password: "" # Required gitea: url: "https://garm-provider-test.t09.de" # Required