From c91d7f376c68ffa9bda0591aa0a4c321b525e509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Thu, 27 Jun 2024 16:27:16 +0200 Subject: [PATCH] [vrt] make env-config.js a secret (#189) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * make env-config.js a secret Signed-off-by: André Bauer * fix Signed-off-by: André Bauer * mount Signed-off-by: André Bauer * disup Signed-off-by: André Bauer --------- Signed-off-by: André Bauer --- .github/ct.yaml | 2 +- charts/visual-regression-tracker/Chart.yaml | 2 +- .../files/env-config.js | 5 +++++ .../templates/_helpers.tpl | 12 +++++++++++- .../templates/auth-proxy-deployment.yaml | 4 ++-- .../templates/configmap.yaml | 6 ------ .../templates/secrets.yaml | 12 ++++++++++++ .../templates/statefulset.yaml | 19 ++++++------------- charts/visual-regression-tracker/values.yaml | 4 ++++ 9 files changed, 42 insertions(+), 24 deletions(-) create mode 100644 charts/visual-regression-tracker/files/env-config.js diff --git a/.github/ct.yaml b/.github/ct.yaml index 75295ae..d951a5e 100644 --- a/.github/ct.yaml +++ b/.github/ct.yaml @@ -5,4 +5,4 @@ check-version-increment: true debug: true helm-extra-args: --timeout 600s target-branch: main -upgrade: true +# upgrade: true diff --git a/charts/visual-regression-tracker/Chart.yaml b/charts/visual-regression-tracker/Chart.yaml index 0e00e46..c5e93e2 100644 --- a/charts/visual-regression-tracker/Chart.yaml +++ b/charts/visual-regression-tracker/Chart.yaml @@ -6,7 +6,7 @@ sources: - https://github.com/Visual-Regression-Tracker/Visual-Regression-Tracker - https://github.com/kokuwaio/helm-charts/tree/main/charts/visual-regression-tracker type: application -version: 4.0.2 +version: 4.1.0 appVersion: "5.0.4" maintainers: - name: monotek diff --git a/charts/visual-regression-tracker/files/env-config.js b/charts/visual-regression-tracker/files/env-config.js new file mode 100644 index 0000000..ec0a959 --- /dev/null +++ b/charts/visual-regression-tracker/files/env-config.js @@ -0,0 +1,5 @@ +window._env_ = { + REACT_APP_API_URL: "{{ .Values.vrtConfig.reactAppApi.protocol }}://{{ .Values.authProxy.basicAuth.username }}:{{ .Values.authProxy.basicAuth.password }}@{{ .Values.vrtConfig.reactAppApi.url }}", + PORT: "{{ .Values.vrtComponents.ui.service.port }}", + VRT_VERSION: "{{ .Chart.AppVersion }}", +} diff --git a/charts/visual-regression-tracker/templates/_helpers.tpl b/charts/visual-regression-tracker/templates/_helpers.tpl index 6c31884..9cf57d1 100644 --- a/charts/visual-regression-tracker/templates/_helpers.tpl +++ b/charts/visual-regression-tracker/templates/_helpers.tpl @@ -105,7 +105,6 @@ vrt secret name {{- end -}} {{- end -}} - {{/* vrt auth proxy secret name */}} @@ -116,3 +115,14 @@ vrt auth proxy secret name {{ template "visual-regression-tracker.fullname" . }}-{{ .Values.secrets.authProxy.secretName }} {{- end -}} {{- end -}} + +{{/* +vrt env secret name +*/}} +{{- define "visual-regression-tracker.envSecretName" -}} +{{- if .Values.secrets.envConfig.useExisting -}} +{{ .Values.secrets.envConfig.secretName }} +{{- else -}} +{{ template "visual-regression-tracker.fullname" . }}-{{ .Values.secrets.envConfig.secretName }} +{{- end -}} +{{- end -}} diff --git a/charts/visual-regression-tracker/templates/auth-proxy-deployment.yaml b/charts/visual-regression-tracker/templates/auth-proxy-deployment.yaml index 2cb0dc7..6a9e48c 100644 --- a/charts/visual-regression-tracker/templates/auth-proxy-deployment.yaml +++ b/charts/visual-regression-tracker/templates/auth-proxy-deployment.yaml @@ -37,9 +37,9 @@ spec: - -c - /tmp/htpass - {{ .Values.authProxy.basicAuth.username }} - - $(AUTH_SECRET) + - $(BASIC_AUTH_SECRET) env: - - name: AUTH_SECRET + - name: BASIC_AUTH_SECRET valueFrom: secretKeyRef: name: {{ template "visual-regression-tracker.authProxySecretName" . }} diff --git a/charts/visual-regression-tracker/templates/configmap.yaml b/charts/visual-regression-tracker/templates/configmap.yaml index fe26488..c140488 100644 --- a/charts/visual-regression-tracker/templates/configmap.yaml +++ b/charts/visual-regression-tracker/templates/configmap.yaml @@ -9,9 +9,3 @@ data: #!/bin/sh # dummy file which replaces env-config.js creation to be able to use rofs cat env-config.js - env-config.js: | - window._env_ = { - REACT_APP_API_URL: "{{ .Values.vrtConfig.reactAppApiUrl }}", - PORT: "{{ .Values.vrtComponents.ui.service.port }}", - VRT_VERSION: "{{ .Chart.AppVersion }}", - } diff --git a/charts/visual-regression-tracker/templates/secrets.yaml b/charts/visual-regression-tracker/templates/secrets.yaml index d5c0c3d..c0941d0 100644 --- a/charts/visual-regression-tracker/templates/secrets.yaml +++ b/charts/visual-regression-tracker/templates/secrets.yaml @@ -46,3 +46,15 @@ type: Opaque data: {{ .Values.secrets.defaults.secretKey }}: {{ tpl (.Files.Get "files/seed.ts") $ | b64enc }} {{ end }} +{{ if and (or .Values.authProxy.basicAuth.username .Values.authProxy.basicAuth.password) (not .Values.secrets.envConfig.useExisting) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "visual-regression-tracker.envSecretName" . }} + labels: + {{- include "visual-regression-tracker.labels" . | nindent 4 }} +type: Opaque +data: + {{ .Values.secrets.envConfig.secretKey }}: {{ tpl (.Files.Get "files/env-config.js") $ | b64enc }} +{{ end }} diff --git a/charts/visual-regression-tracker/templates/statefulset.yaml b/charts/visual-regression-tracker/templates/statefulset.yaml index 9b3aab1..fb309d2 100644 --- a/charts/visual-regression-tracker/templates/statefulset.yaml +++ b/charts/visual-regression-tracker/templates/statefulset.yaml @@ -120,16 +120,6 @@ spec: - name: {{ template "visual-regression-tracker.fullname" . }} mountPath: /imageUploads - name: {{ .Chart.Name }}-ui - env: - - name: BASIC_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "visual-regression-tracker.authProxySecretName" . }} - key: {{ .Values.secrets.authProxy.secretKey }} - - name: REACT_APP_API_URL - value: "{{ .Values.vrtConfig.reactAppApi.protocol }}://{{ .Values.authProxy.basicAuth.username }}:$(BASIC_AUTH_PASSWORD)@{{ .Values.vrtConfig.reactAppApi.url }}" - - name: VRT_VERSION - value: "{{ .Chart.AppVersion }}" image: "{{ .Values.vrtComponents.ui.image.repository }}:{{ .Values.vrtComponents.ui.image.tag }}" imagePullPolicy: {{ .Values.vrtComponents.ui.image.pullPolicy }} ports: @@ -150,9 +140,9 @@ spec: securityContext: {{- toYaml .Values.vrtComponents.ui.securityContext | nindent 12 }} volumeMounts: - - name: env-config + - name: env mountPath: /usr/share/nginx/html/static/imageUploads - - name: env-config + - name: env mountPath: /usr/share/nginx/html/env.sh subPath: env.sh - name: env-config @@ -179,10 +169,13 @@ spec: {{- toYaml .Values.topologySpreadConstraints | nindent 8 }} {{- end }} volumes: - - name: env-config + - name: env configMap: name: {{ include "visual-regression-tracker.fullname" . }}-env-config defaultMode: 0777 + - name: env-config + secret: + secretName: {{ include "visual-regression-tracker.fullname" . }}-env-config - name: tmp {{- toYaml .Values.vrtComponents.ui.tmpDirVolume | nindent 10 }} - name: vrt diff --git a/charts/visual-regression-tracker/values.yaml b/charts/visual-regression-tracker/values.yaml index 7c86b8b..6be0a0b 100644 --- a/charts/visual-regression-tracker/values.yaml +++ b/charts/visual-regression-tracker/values.yaml @@ -264,6 +264,10 @@ secrets: useExisting: false secretKey: seed.ts secretName: vrt + envConfig: + useExisting: false + secretKey: env-config.js + secretName: env-config elasticsearch: useExisting: false secretKey: es-pass