Skip to content

Commit

Permalink
[vrt] make env-config.js a secret (#189)
Browse files Browse the repository at this point in the history
* make env-config.js a secret

Signed-off-by: André Bauer <andre.bauer@staffbase.com>

* fix

Signed-off-by: André Bauer <andre.bauer@staffbase.com>

* mount

Signed-off-by: André Bauer <andre.bauer@staffbase.com>

* disup

Signed-off-by: André Bauer <andre.bauer@staffbase.com>

---------

Signed-off-by: André Bauer <andre.bauer@staffbase.com>
  • Loading branch information
monotek authored Jun 27, 2024
1 parent 96f6732 commit c91d7f3
Show file tree
Hide file tree
Showing 9 changed files with 42 additions and 24 deletions.
2 changes: 1 addition & 1 deletion .github/ct.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ check-version-increment: true
debug: true
helm-extra-args: --timeout 600s
target-branch: main
upgrade: true
# upgrade: true
2 changes: 1 addition & 1 deletion charts/visual-regression-tracker/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ sources:
- https://github.com/Visual-Regression-Tracker/Visual-Regression-Tracker
- https://github.com/kokuwaio/helm-charts/tree/main/charts/visual-regression-tracker
type: application
version: 4.0.2
version: 4.1.0
appVersion: "5.0.4"
maintainers:
- name: monotek
Expand Down
5 changes: 5 additions & 0 deletions charts/visual-regression-tracker/files/env-config.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
window._env_ = {
REACT_APP_API_URL: "{{ .Values.vrtConfig.reactAppApi.protocol }}://{{ .Values.authProxy.basicAuth.username }}:{{ .Values.authProxy.basicAuth.password }}@{{ .Values.vrtConfig.reactAppApi.url }}",
PORT: "{{ .Values.vrtComponents.ui.service.port }}",
VRT_VERSION: "{{ .Chart.AppVersion }}",
}
12 changes: 11 additions & 1 deletion charts/visual-regression-tracker/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,6 @@ vrt secret name
{{- end -}}
{{- end -}}


{{/*
vrt auth proxy secret name
*/}}
Expand All @@ -116,3 +115,14 @@ vrt auth proxy secret name
{{ template "visual-regression-tracker.fullname" . }}-{{ .Values.secrets.authProxy.secretName }}
{{- end -}}
{{- end -}}

{{/*
vrt env secret name
*/}}
{{- define "visual-regression-tracker.envSecretName" -}}
{{- if .Values.secrets.envConfig.useExisting -}}
{{ .Values.secrets.envConfig.secretName }}
{{- else -}}
{{ template "visual-regression-tracker.fullname" . }}-{{ .Values.secrets.envConfig.secretName }}
{{- end -}}
{{- end -}}
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,9 @@ spec:
- -c
- /tmp/htpass
- {{ .Values.authProxy.basicAuth.username }}
- $(AUTH_SECRET)
- $(BASIC_AUTH_SECRET)
env:
- name: AUTH_SECRET
- name: BASIC_AUTH_SECRET
valueFrom:
secretKeyRef:
name: {{ template "visual-regression-tracker.authProxySecretName" . }}
Expand Down
6 changes: 0 additions & 6 deletions charts/visual-regression-tracker/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,3 @@ data:
#!/bin/sh
# dummy file which replaces env-config.js creation to be able to use rofs
cat env-config.js
env-config.js: |
window._env_ = {
REACT_APP_API_URL: "{{ .Values.vrtConfig.reactAppApiUrl }}",
PORT: "{{ .Values.vrtComponents.ui.service.port }}",
VRT_VERSION: "{{ .Chart.AppVersion }}",
}
12 changes: 12 additions & 0 deletions charts/visual-regression-tracker/templates/secrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,15 @@ type: Opaque
data:
{{ .Values.secrets.defaults.secretKey }}: {{ tpl (.Files.Get "files/seed.ts") $ | b64enc }}
{{ end }}
{{ if and (or .Values.authProxy.basicAuth.username .Values.authProxy.basicAuth.password) (not .Values.secrets.envConfig.useExisting) }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ template "visual-regression-tracker.envSecretName" . }}
labels:
{{- include "visual-regression-tracker.labels" . | nindent 4 }}
type: Opaque
data:
{{ .Values.secrets.envConfig.secretKey }}: {{ tpl (.Files.Get "files/env-config.js") $ | b64enc }}
{{ end }}
19 changes: 6 additions & 13 deletions charts/visual-regression-tracker/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -120,16 +120,6 @@ spec:
- name: {{ template "visual-regression-tracker.fullname" . }}
mountPath: /imageUploads
- name: {{ .Chart.Name }}-ui
env:
- name: BASIC_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "visual-regression-tracker.authProxySecretName" . }}
key: {{ .Values.secrets.authProxy.secretKey }}
- name: REACT_APP_API_URL
value: "{{ .Values.vrtConfig.reactAppApi.protocol }}://{{ .Values.authProxy.basicAuth.username }}:$(BASIC_AUTH_PASSWORD)@{{ .Values.vrtConfig.reactAppApi.url }}"
- name: VRT_VERSION
value: "{{ .Chart.AppVersion }}"
image: "{{ .Values.vrtComponents.ui.image.repository }}:{{ .Values.vrtComponents.ui.image.tag }}"
imagePullPolicy: {{ .Values.vrtComponents.ui.image.pullPolicy }}
ports:
Expand All @@ -150,9 +140,9 @@ spec:
securityContext:
{{- toYaml .Values.vrtComponents.ui.securityContext | nindent 12 }}
volumeMounts:
- name: env-config
- name: env
mountPath: /usr/share/nginx/html/static/imageUploads
- name: env-config
- name: env
mountPath: /usr/share/nginx/html/env.sh
subPath: env.sh
- name: env-config
Expand All @@ -179,10 +169,13 @@ spec:
{{- toYaml .Values.topologySpreadConstraints | nindent 8 }}
{{- end }}
volumes:
- name: env-config
- name: env
configMap:
name: {{ include "visual-regression-tracker.fullname" . }}-env-config
defaultMode: 0777
- name: env-config
secret:
secretName: {{ include "visual-regression-tracker.fullname" . }}-env-config
- name: tmp
{{- toYaml .Values.vrtComponents.ui.tmpDirVolume | nindent 10 }}
- name: vrt
Expand Down
4 changes: 4 additions & 0 deletions charts/visual-regression-tracker/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,10 @@ secrets:
useExisting: false
secretKey: seed.ts
secretName: vrt
envConfig:
useExisting: false
secretKey: env-config.js
secretName: env-config
elasticsearch:
useExisting: false
secretKey: es-pass
Expand Down

0 comments on commit c91d7f3

Please sign in to comment.