From 31fa266ceb4d313fb743f1394c524d7e3cb06e57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Capucho?= Date: Mon, 4 Aug 2025 19:09:39 +0100 Subject: [PATCH] feat: Allow specifying existing secrets in helm chart --- .../helm/openslice/templates/_helpers.tpl | 51 +++++++++++++++++++ .../openslice/templates/artemis-secret.yaml | 2 + .../helm/openslice/templates/artemis.yaml | 4 +- .../helm/openslice/templates/bugzilla.yaml | 2 +- .../helm/openslice/templates/centrallog.yaml | 2 +- .../helm/openslice/templates/cridge.yaml | 2 +- .../openslice/templates/keycloak-secret.yaml | 2 + .../helm/openslice/templates/keycloak.yaml | 8 +-- .../helm/openslice/templates/manoclient.yaml | 2 +- .../helm/openslice/templates/mcp-server.yaml | 4 +- .../helm/openslice/templates/metrico.yaml | 4 +- .../templates/mysql-keycloak-secret.yaml | 2 + .../templates/mysql-metrico-secret.yaml | 2 + .../templates/mysql-portal-secret.yaml | 4 +- .../openslice/templates/mysql-secret.yaml | 2 + .../helm/openslice/templates/mysql.yaml | 10 ++-- .../helm/openslice/templates/oasapi.yaml | 4 +- kubernetes/helm/openslice/templates/osom.yaml | 2 +- .../helm/openslice/templates/osportalapi.yaml | 4 +- .../helm/openslice/templates/osscapi.yaml | 4 +- kubernetes/helm/openslice/values.yaml | 48 +++++++++++++++-- 21 files changed, 135 insertions(+), 30 deletions(-) diff --git a/kubernetes/helm/openslice/templates/_helpers.tpl b/kubernetes/helm/openslice/templates/_helpers.tpl index 89f9f71..fa5e591 100644 --- a/kubernetes/helm/openslice/templates/_helpers.tpl +++ b/kubernetes/helm/openslice/templates/_helpers.tpl @@ -60,3 +60,54 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Secrets +*/}} +{{- define "openslice.secrets.activemq" -}} +{{- if .Values.oscreds.activemq.existingSecret }} +{{- .Values.oscreds.activemq.existingSecret }} +{{- else }} +{{- include "openslice.fullname" . }}-artemis-secret +{{- end }} +{{- end }} + +{{- define "openslice.secrets.mysql" -}} +{{- if .Values.oscreds.mysql.existingSecret }} +{{- .Values.oscreds.mysql.existingSecret }} +{{- else }} +{{- include "openslice.fullname" . }}-mysql-secrets +{{- end }} +{{- end }} + +{{- define "openslice.secrets.keycloak.mysql" -}} +{{- if .Values.oscreds.mysql.keycloak.existingMySQLSecret }} +{{- .Values.oscreds.mysql.keycloak.existingMySQLSecret }} +{{- else }} +{{- include "openslice.fullname" . }}-mysql-keycloak-secrets +{{- end }} +{{- end }} + +{{- define "openslice.secrets.keycloak.admin" -}} +{{- if .Values.oscreds.mysql.keycloak.existingSecret }} +{{- .Values.oscreds.mysql.keycloak.existingSecret }} +{{- else }} +{{- include "openslice.fullname" . }}-keycloak-secret +{{- end }} +{{- end }} + +{{- define "openslice.secrets.portal.mysql" -}} +{{- if .Values.oscreds.mysql.portal.existingSecret }} +{{- .Values.oscreds.mysql.portal.existingSecret }} +{{- else }} +{{- include "openslice.fullname" . }}-mysql-portal-secrets +{{- end }} +{{- end }} + +{{- define "openslice.secrets.metrico.mysql" -}} +{{- if .Values.oscreds.mysql.metrico.existingSecret }} +{{- .Values.oscreds.mysql.metrico.existingSecret }} +{{- else }} +{{- include "openslice.fullname" . }}-mysql-metrico-secrets +{{- end }} +{{- end }} diff --git a/kubernetes/helm/openslice/templates/artemis-secret.yaml b/kubernetes/helm/openslice/templates/artemis-secret.yaml index 21c97d0..cceefc2 100644 --- a/kubernetes/helm/openslice/templates/artemis-secret.yaml +++ b/kubernetes/helm/openslice/templates/artemis-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.oscreds.activemq.existingSecret -}} apiVersion: v1 kind: Secret metadata: @@ -11,3 +12,4 @@ metadata: data: username: {{ .Values.oscreds.activemq.user | b64enc }} password: {{ .Values.oscreds.activemq.password | b64enc }} +{{- end -}} diff --git a/kubernetes/helm/openslice/templates/artemis.yaml b/kubernetes/helm/openslice/templates/artemis.yaml index 2f4cc1f..17e18a0 100644 --- a/kubernetes/helm/openslice/templates/artemis.yaml +++ b/kubernetes/helm/openslice/templates/artemis.yaml @@ -32,12 +32,12 @@ spec: - name: ARTEMIS_USER valueFrom: secretKeyRef: - name: {{ include "openslice.fullname" . }}-artemis-secret + name: {{ include "openslice.secrets.activemq" . }} key: username - name: ARTEMIS_PASSWORD valueFrom: secretKeyRef: - name: {{ include "openslice.fullname" . }}-artemis-secret + name: {{ include "openslice.secrets.activemq" . }} key: password resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/kubernetes/helm/openslice/templates/bugzilla.yaml b/kubernetes/helm/openslice/templates/bugzilla.yaml index 1e63a6d..09323cf 100644 --- a/kubernetes/helm/openslice/templates/bugzilla.yaml +++ b/kubernetes/helm/openslice/templates/bugzilla.yaml @@ -55,7 +55,7 @@ spec: volumes: - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/centrallog.yaml b/kubernetes/helm/openslice/templates/centrallog.yaml index e3c4b0e..e61dc66 100644 --- a/kubernetes/helm/openslice/templates/centrallog.yaml +++ b/kubernetes/helm/openslice/templates/centrallog.yaml @@ -53,7 +53,7 @@ spec: volumes: - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/cridge.yaml b/kubernetes/helm/openslice/templates/cridge.yaml index 45dc6f3..bb32c67 100644 --- a/kubernetes/helm/openslice/templates/cridge.yaml +++ b/kubernetes/helm/openslice/templates/cridge.yaml @@ -56,5 +56,5 @@ spec: secretName: {{ include "openslice.fullname" . }}-kubeconfig - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} {{- end }} diff --git a/kubernetes/helm/openslice/templates/keycloak-secret.yaml b/kubernetes/helm/openslice/templates/keycloak-secret.yaml index 1795c04..c6b7d4f 100644 --- a/kubernetes/helm/openslice/templates/keycloak-secret.yaml +++ b/kubernetes/helm/openslice/templates/keycloak-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.oscreds.mysql.keycloak.existingSecret -}} apiVersion: v1 kind: Secret metadata: @@ -10,3 +11,4 @@ metadata: name: {{ include "openslice.fullname" . }}-keycloak-secret data: admin-password: {{ .Values.oscreds.mysql.keycloak.adminpassword | b64enc }} +{{- end -}} diff --git a/kubernetes/helm/openslice/templates/keycloak.yaml b/kubernetes/helm/openslice/templates/keycloak.yaml index d0f469c..843f1df 100644 --- a/kubernetes/helm/openslice/templates/keycloak.yaml +++ b/kubernetes/helm/openslice/templates/keycloak.yaml @@ -41,24 +41,24 @@ spec: - name: DB_DATABASE valueFrom: secretKeyRef: - name: {{ include "openslice.fullname" . }}-mysql-keycloak-secrets + name: {{ include "openslice.secrets.keycloak.mysql" . }} key: database - name: DB_PASSWORD valueFrom: secretKeyRef: - name: {{ include "openslice.fullname" . }}-mysql-keycloak-secrets + name: {{ include "openslice.secrets.keycloak.mysql" . }} key: password - name: DB_USER valueFrom: secretKeyRef: - name: {{ include "openslice.fullname" . }}-mysql-keycloak-secrets + name: {{ include "openslice.secrets.keycloak.mysql" . }} key: username - name: KEYCLOAK_USER value: admin - name: KEYCLOAK_PASSWORD valueFrom: secretKeyRef: - name: {{ include "openslice.fullname" . }}-keycloak-secret + name: {{ include "openslice.secrets.keycloak.admin" . }} key: admin-password - name: JDBC_PARAMS value: useSSL=false diff --git a/kubernetes/helm/openslice/templates/manoclient.yaml b/kubernetes/helm/openslice/templates/manoclient.yaml index 46d75ae..c773eba 100644 --- a/kubernetes/helm/openslice/templates/manoclient.yaml +++ b/kubernetes/helm/openslice/templates/manoclient.yaml @@ -53,7 +53,7 @@ spec: volumes: - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/mcp-server.yaml b/kubernetes/helm/openslice/templates/mcp-server.yaml index b5bb331..8db6f33 100644 --- a/kubernetes/helm/openslice/templates/mcp-server.yaml +++ b/kubernetes/helm/openslice/templates/mcp-server.yaml @@ -70,10 +70,10 @@ spec: volumes: - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} - name: mysql-portal-secrets secret: - secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets + secretName: {{ include "openslice.secrets.portal.mysql" . }} --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/metrico.yaml b/kubernetes/helm/openslice/templates/metrico.yaml index b5d1aa4..d894b50 100644 --- a/kubernetes/helm/openslice/templates/metrico.yaml +++ b/kubernetes/helm/openslice/templates/metrico.yaml @@ -60,8 +60,8 @@ spec: volumes: - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} - name: mysql-metrico-secrets secret: - secretName: {{ include "openslice.fullname" . }}-mysql-metrico-secrets + secretName: {{ include "openslice.secrets.metrico.mysql" . }} {{- end }} diff --git a/kubernetes/helm/openslice/templates/mysql-keycloak-secret.yaml b/kubernetes/helm/openslice/templates/mysql-keycloak-secret.yaml index eae26f4..3f3035c 100644 --- a/kubernetes/helm/openslice/templates/mysql-keycloak-secret.yaml +++ b/kubernetes/helm/openslice/templates/mysql-keycloak-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.oscreds.mysql.keycloak.existingMySQLSecret -}} apiVersion: v1 kind: Secret metadata: @@ -12,3 +13,4 @@ data: username: {{ .Values.oscreds.mysql.keycloak.username | default "keycloak" | b64enc }} password: {{ .Values.oscreds.mysql.keycloak.password | default "password" | b64enc }} database: {{ .Values.oscreds.mysql.keycloak.database | default "keycloak" | b64enc }} +{{- end -}} diff --git a/kubernetes/helm/openslice/templates/mysql-metrico-secret.yaml b/kubernetes/helm/openslice/templates/mysql-metrico-secret.yaml index 3aa8df0..4685b05 100644 --- a/kubernetes/helm/openslice/templates/mysql-metrico-secret.yaml +++ b/kubernetes/helm/openslice/templates/mysql-metrico-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.oscreds.mysql.metrico.existingSecret -}} apiVersion: v1 kind: Secret metadata: @@ -12,3 +13,4 @@ data: username: {{ .Values.oscreds.mysql.metrico.username | default "metricouser" | b64enc }} password: {{ .Values.oscreds.mysql.metrico.password | default "12345" | b64enc }} database: {{ .Values.oscreds.mysql.metrico.database | default "metricodb" | b64enc }} +{{- end -}} diff --git a/kubernetes/helm/openslice/templates/mysql-portal-secret.yaml b/kubernetes/helm/openslice/templates/mysql-portal-secret.yaml index 58bff02..99afd54 100644 --- a/kubernetes/helm/openslice/templates/mysql-portal-secret.yaml +++ b/kubernetes/helm/openslice/templates/mysql-portal-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.oscreds.mysql.portal.existingSecret -}} apiVersion: v1 kind: Secret metadata: @@ -11,4 +12,5 @@ metadata: data: username: {{ .Values.oscreds.mysql.portal.username | default "portaluser" | b64enc }} password: {{ .Values.oscreds.mysql.portal.password | default "12345" | b64enc }} - database: {{ .Values.oscreds.mysql.openslicedb | default "osdb" | b64enc }} + database: {{ .Values.oscreds.mysql.portal.database | default "osdb" | b64enc }} +{{- end -}} diff --git a/kubernetes/helm/openslice/templates/mysql-secret.yaml b/kubernetes/helm/openslice/templates/mysql-secret.yaml index a17dc36..9db23d4 100644 --- a/kubernetes/helm/openslice/templates/mysql-secret.yaml +++ b/kubernetes/helm/openslice/templates/mysql-secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.oscreds.mysql.existingSecret -}} apiVersion: v1 kind: Secret metadata: @@ -10,3 +11,4 @@ metadata: name: {{ include "openslice.fullname" . }}-mysql-secrets data: root-password: {{ .Values.oscreds.mysql.password | default "letmein" | b64enc }} +{{- end -}} diff --git a/kubernetes/helm/openslice/templates/mysql.yaml b/kubernetes/helm/openslice/templates/mysql.yaml index 7f9585f..e0cc23d 100644 --- a/kubernetes/helm/openslice/templates/mysql.yaml +++ b/kubernetes/helm/openslice/templates/mysql.yaml @@ -37,7 +37,7 @@ spec: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: - name: {{ include "openslice.fullname" . }}-mysql-secrets + name: {{ include "openslice.secrets.mysql" . }} key: root-password resources: {{- toYaml .Values.resources | nindent 12 }} @@ -88,16 +88,16 @@ spec: defaultMode: 0755 - name: mysql-secrets secret: - secretName: {{ include "openslice.fullname" . }}-mysql-secrets + secretName: {{ include "openslice.secrets.mysql" . }} - name: mysql-portal-secrets secret: - secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets + secretName: {{ include "openslice.secrets.portal.mysql" . }} - name: mysql-keycloak-secrets secret: - secretName: {{ include "openslice.fullname" . }}-mysql-keycloak-secrets + secretName: {{ include "openslice.secrets.keycloak.mysql" . }} - name: mysql-metrico-secrets secret: - secretName: {{ include "openslice.fullname" . }}-mysql-metrico-secrets + secretName: {{ include "openslice.secrets.metrico.mysql" . }} --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/oasapi.yaml b/kubernetes/helm/openslice/templates/oasapi.yaml index 3cb458c..fa143dc 100644 --- a/kubernetes/helm/openslice/templates/oasapi.yaml +++ b/kubernetes/helm/openslice/templates/oasapi.yaml @@ -85,10 +85,10 @@ spec: volumes: - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} - name: mysql-portal-secrets secret: - secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets + secretName: {{ include "openslice.secrets.portal.mysql" . }} --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/osom.yaml b/kubernetes/helm/openslice/templates/osom.yaml index f5a1617..31a8ab9 100644 --- a/kubernetes/helm/openslice/templates/osom.yaml +++ b/kubernetes/helm/openslice/templates/osom.yaml @@ -54,7 +54,7 @@ spec: volumes: - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/osportalapi.yaml b/kubernetes/helm/openslice/templates/osportalapi.yaml index afe161a..5f77364 100644 --- a/kubernetes/helm/openslice/templates/osportalapi.yaml +++ b/kubernetes/helm/openslice/templates/osportalapi.yaml @@ -88,10 +88,10 @@ spec: claimName: {{ include "openslice.fullname" . }}-osportalapi-claim0 - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} - name: mysql-portal-secrets secret: - secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets + secretName: {{ include "openslice.secrets.portal.mysql" . }} --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/osscapi.yaml b/kubernetes/helm/openslice/templates/osscapi.yaml index 2b3be8e..e292335 100644 --- a/kubernetes/helm/openslice/templates/osscapi.yaml +++ b/kubernetes/helm/openslice/templates/osscapi.yaml @@ -92,10 +92,10 @@ spec: claimName: {{ include "openslice.fullname" . }}-osscapi-claim0 - name: artemis-secrets secret: - secretName: {{ include "openslice.fullname" . }}-artemis-secret + secretName: {{ include "openslice.secrets.activemq" . }} - name: mysql-portal-secrets secret: - secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets + secretName: {{ include "openslice.secrets.portal.mysql" . }} --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/values.yaml b/kubernetes/helm/openslice/values.yaml index 405de62..546672a 100644 --- a/kubernetes/helm/openslice/values.yaml +++ b/kubernetes/helm/openslice/values.yaml @@ -99,22 +99,64 @@ rooturl: ~ # This is the ingress LB IP or domain - ex. http://openslice.com:port oscreds: activemq: + # The name of an existing secret to use for the activemq broker. + # + # The secret requires the following keys: + # - `username` the broker user + # - `password` the broker password + existingSecret: "" + user: artemis password: artemis mysql: - username: root + # The name of an existing secret to use for the mysql root user. + # + # The secret requires the following keys: + # - `root-password` containing the mysql root password. + existingSecret: "" + password: letmein - openslicedb: osdb - keycloak: + + keycloak: + # The name of an existing secret to use for the mysql keycloak user. + # + # The secret requires the following keys: + # - `username` the database user + # - `password` the database user's password + # - `database` the database to use for keycloak + existingMySQLSecret: "" + + # The name of an existing secret to use for keycloak. + # + # The secret requires the following keys: + # - `admin-password` the adminstrator password for keycloak + existingSecret: "" + database: keycloak username: keycloak password: password adminpassword: Pa55w0rd portal: + # The name of an existing secret to use for the mysql portal user. + # + # The secret requires the following keys: + # - `username` the database user + # - `password` the database user's password + # - `database` the database to use for the portal + existingSecret: "" + database: osdb username: portaluser password: "12345" metrico: + # The name of an existing secret to use for the mysql metrico user. + # + # The secret requires the following keys: + # - `username` the database user + # - `password` the database user's password + # - `database` the database to use for metrico + existingSecret: "" + database: metricodb username: metricouser password: "12345" -- GitLab