From 52d1c090a813f63ae3ec660492f7835d3f264613 Mon Sep 17 00:00:00 2001 From: Stavros Foteinopoulos Date: Tue, 6 Aug 2024 11:30:31 +0300 Subject: [PATCH] Support external-secrets conditionally to push-proxy (#465) Signed-off-by: Stavros Foteinopoulos --- charts/mattermost-push-proxy/Chart.yaml | 2 +- .../templates/external_secrets.yaml | 22 +++++++++++++++++++ .../templates/secrets.yaml | 19 +++++++++++----- charts/mattermost-push-proxy/values.yaml | 7 ++++++ 4 files changed, 43 insertions(+), 7 deletions(-) create mode 100644 charts/mattermost-push-proxy/templates/external_secrets.yaml diff --git a/charts/mattermost-push-proxy/Chart.yaml b/charts/mattermost-push-proxy/Chart.yaml index 8b83841c..efc51f11 100644 --- a/charts/mattermost-push-proxy/Chart.yaml +++ b/charts/mattermost-push-proxy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 description: Mattermost Push Proxy server name: mattermost-push-proxy type: application -version: 0.11.3 +version: 0.12.0 appVersion: 6.1.0 keywords: - mattermost diff --git a/charts/mattermost-push-proxy/templates/external_secrets.yaml b/charts/mattermost-push-proxy/templates/external_secrets.yaml new file mode 100644 index 00000000..9a1598f2 --- /dev/null +++ b/charts/mattermost-push-proxy/templates/external_secrets.yaml @@ -0,0 +1,22 @@ +{{- if .Values.externalSecrets.enabled -}} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ include "mattermost-push-proxy.name" . }}-aws-secret + labels: + app.kubernetes.io/name: {{ include "mattermost-push-proxy.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "mattermost-push-proxy.chart" . }} +spec: + refreshInterval: {{ .Values.externalSecrets.refreshInterval }} + secretStoreRef: + name: {{ .Values.externalSecrets.secretStoreName }} + kind: {{ .Values.externalSecrets.secretStoreKind }} + target: + name: {{ include "mattermost-push-proxy.name" . }}-secret + creationPolicy: Owner + data: + {{- with .Values.externalSecrets.data }} + {{- toYaml $.Values.externalSecrets.data | nindent 2 }} + {{- end }} diff --git a/charts/mattermost-push-proxy/templates/secrets.yaml b/charts/mattermost-push-proxy/templates/secrets.yaml index c79084a9..12944fc5 100644 --- a/charts/mattermost-push-proxy/templates/secrets.yaml +++ b/charts/mattermost-push-proxy/templates/secrets.yaml @@ -1,3 +1,5 @@ +# Conditionally create the Apple certs secret if externalSecrets are not enabled +{{- if not .Values.externalSecrets.enabled }} apiVersion: v1 kind: Secret metadata: @@ -8,11 +10,15 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "mattermost-push-proxy.chart" . }} data: - apple_auth_key: {{ default "" .Values.applePushSettings.authKey | b64enc | quote }} - apple_cert: {{ default "" .Values.applePushSettings.apple.privateCert | b64enc | quote }} - apple_rn_cert: {{ default "" .Values.applePushSettings.apple_rn.privateCert | b64enc | quote }} - apple_rnbeta_cert: {{ default "" .Values.applePushSettings.apple_rnbeta.privateCert | b64enc | quote }} + apple_auth_key: {{ .Values.applePushSettings.authKey | default "" | b64enc | quote }} + apple_cert: {{ .Values.applePushSettings.apple.privateCert | default "" | b64enc | quote }} + apple_rn_cert: {{ .Values.applePushSettings.apple_rn.privateCert | default "" | b64enc | quote }} + apple_rnbeta_cert: {{ .Values.applePushSettings.apple_rnbeta.privateCert | default "" | b64enc | quote }} --- +{{- end }} + +# Conditionally create the Android service files secret if externalSecrets are not enabled +{{- if not .Values.externalSecrets.enabled }} apiVersion: v1 kind: Secret metadata: @@ -23,5 +29,6 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "mattermost-push-proxy.chart" . }} data: - android_serviceFile: {{ default "" .Values.androidPushSettings.android.serviceFile | toJson | b64enc | quote }} - android_rn_serviceFile: {{ default "" .Values.androidPushSettings.android_rn.serviceFile | toJson | b64enc | quote }} + android_serviceFile: {{ .Values.androidPushSettings.android.serviceFile | default "" | toJson | b64enc | quote }} + android_rn_serviceFile: {{ .Values.androidPushSettings.android_rn.serviceFile | default "" | toJson | b64enc | quote }} +{{- end }} diff --git a/charts/mattermost-push-proxy/values.yaml b/charts/mattermost-push-proxy/values.yaml index f254d3bc..93328478 100644 --- a/charts/mattermost-push-proxy/values.yaml +++ b/charts/mattermost-push-proxy/values.yaml @@ -146,3 +146,10 @@ androidPushSettings: # When setting serviceFileLocation both serviceFile and serviceFileName needs to be set serviceFileLocation: "" serviceFileName: "" +externalSecrets: + enabled: false + refreshInterval: 1h + secretStoreName: "" + secretStoreKind: ClusterSecretStore + # Data with base64 encoded format + data: {}