Skip to content

Commit b29c14f

Browse files
duanhongyiduanhongyi
committed
feat(charts): reuses the value from an existing secret and config
1 parent 8e19d33 commit b29c14f

4 files changed

Lines changed: 23 additions & 16 deletions

File tree

charts/controller/templates/controller-celery-deloyment.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -43,9 +43,9 @@ spec:
4343
- name: drycc-controller-celery-{{$key}}
4444
image: {{$.Values.imageRegistry}}/{{$.Values.imageOrg}}/controller:{{$.Values.imageTag}}
4545
imagePullPolicy: {{$.Values.imagePullPolicy}}
46-
{{- if .Values.diagnosticMode.enabled }}
47-
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }}
48-
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }}
46+
{{- if $.Values.diagnosticMode.enabled }}
47+
command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 10 }}
48+
args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 10 }}
4949
{{- else }}
5050
args:
5151
- /bin/bash

charts/controller/templates/controller-secret-creds.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,5 +26,5 @@ data:
2626
{{- if (.Values.passportSecret) }}
2727
passport-secret: {{ .Values.passportSecret | b64enc }}
2828
{{- end }}
29-
django-secret-key: {{ randAscii 64 | b64enc }}
30-
deploy-hook-secret-key: {{ randAscii 64 | b64enc }}
29+
django-secret-key: {{ (include "common.secrets.lookup" (dict "secret" "controller-creds" "key" "django-secret-key" "defaultValue" (randAscii 64) "context" $)) }}
30+
deploy-hook-secret-key: {{ (include "common.secrets.lookup" (dict "secret" "controller-creds" "key" "deploy-hook-secret-key" "defaultValue" (randAscii 64) "context" $)) }}

charts/controller/templates/controller-webhook-deloyment.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -57,14 +57,14 @@ spec:
5757
name: https
5858
{{- end }}
5959
volumeMounts:
60-
- name: drycc-controller-webhook-cert
60+
- name: controller-webhook-cert
6161
mountPath: /etc/controller/webhook/cert
6262
{{- include "controller.limits" . | indent 8 }}
6363
{{- include "controller.envs" . | indent 8 }}
6464
volumes:
65-
- name: drycc-controller-webhook-cert
65+
- name: controller-webhook-cert
6666
secret:
67-
secretName: drycc-controller-webhook-cert
67+
secretName: controller-webhook-cert
6868
items:
6969
- key: token
7070
path: token

charts/controller/templates/controller-webhook-register.yaml

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,13 @@
1-
{{- $token := randAlphaNum 128 | lower }}
2-
{{- $ca := genCA "controller-webhook-ca" 3650 }}
1+
2+
{{- $token := (include "common.secrets.lookup" (dict "secret" "controller-webhook-cert" "key" "token" "defaultValue" (randAlphaNum 128 | lower) "context" $)) }}
33
{{- $altName1 := printf "drycc-controller-webhook.%s" .Release.Namespace }}
44
{{- $altName2 := printf "drycc-controller-webhook.%s.svc" .Release.Namespace }}
5+
{{- $ca := genCA "controller-webhook-ca" 3650 }}
56
{{- $cert := genSignedCert "drycc-controller-webhook" nil (list $altName1 $altName2) 3650 $ca }}
7+
{{- $ca_crt := (include "common.secrets.lookup" (dict "secret" "controller-webhook-cert" "key" "ca.crt" "defaultValue" $ca.Cert "context" $)) }}
8+
{{- $ca_key := (include "common.secrets.lookup" (dict "secret" "controller-webhook-cert" "key" "ca.key" "defaultValue" $ca.Key "context" $)) }}
9+
{{- $tls_crt := (include "common.secrets.lookup" (dict "secret" "controller-webhook-cert" "key" "tls.crt" "defaultValue" $cert.Cert "context" $)) }}
10+
{{- $tls_key := (include "common.secrets.lookup" (dict "secret" "controller-webhook-cert" "key" "tls.key" "defaultValue" $cert.Key "context" $)) }}
611
apiVersion: admissionregistration.k8s.io/v1
712
kind: MutatingWebhookConfiguration
813
metadata:
@@ -12,11 +17,11 @@ webhooks:
1217
sideEffects: None
1318
admissionReviewVersions: ["v1"]
1419
clientConfig:
15-
caBundle: {{ b64enc $ca.Cert }}
20+
caBundle: {{ $ca_crt }}
1621
service:
1722
name: drycc-controller-webhook
1823
namespace: "{{ .Release.Namespace }}"
19-
path: "{{ printf "/v2/webhooks/%s/" $token }}"
24+
path: "{{ printf "/v2/webhooks/%s/" ($token | b64dec) }}"
2025
port: 8443
2126
failurePolicy: Fail
2227
objectSelector:
@@ -36,12 +41,14 @@ webhooks:
3641
apiVersion: v1
3742
kind: Secret
3843
metadata:
39-
name: drycc-controller-webhook-cert
44+
name: controller-webhook-cert
4045
labels:
4146
release: "{{ .Release.Name }}"
4247
heritage: "{{ .Release.Service }}"
4348
type: Opaque
4449
data:
45-
token: {{ b64enc $token }}
46-
tls.crt: {{ b64enc $cert.Cert }}
47-
tls.key: {{ b64enc $cert.Key }}
50+
token: {{ $token }}
51+
ca.crt: {{ $ca_crt }}
52+
ca.key: {{ $ca_key }}
53+
tls.crt: {{ $tls_crt }}
54+
tls.key: {{ $tls_key }}

0 commit comments

Comments
 (0)