Skip to content

Commit

Permalink
feat(TKC-2844): allow to specify/auto-generate master password for cr…
Browse files Browse the repository at this point in the history
…edentials storage (#238)
  • Loading branch information
rangoo94 authored Nov 22, 2024
1 parent dc40d31 commit 57ca5e8
Show file tree
Hide file tree
Showing 7 changed files with 47 additions and 0 deletions.
4 changes: 4 additions & 0 deletions charts/testkube-cloud-api/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,10 @@ A Helm chart for Testkube Cloud API
| global.certManager.issuerRef | string | `""` | Certificate Issuer ref (only used if `provider` is set to `cert-manager`) |
| global.certificateProvider | string | `""` | TLS provider (possible values: "", "cert-manager") |
| global.containerSecurityContext | object | `{}` | Global security Context for all containers |
| global.credentials.masterPassword.secretKeyRef | object | `{"key":"password","name":""}` | Reference to the master password stored in the Secret |
| global.credentials.masterPassword.secretKeyRef.key | string | `"password"` | Secret key |
| global.credentials.masterPassword.secretKeyRef.name | string | `""` | Secret name |
| global.credentials.masterPassword.value | string | `""` | Plain-text master password |
| global.customCaSecretKey | string | `"ca.crt"` | Custom CA to use as a trusted CA during TLS connections. Specify a key for the secret specified under customCaSecretRef. |
| global.customCaSecretRef | string | `""` | Custom CA to use as a trusted CA during TLS connections. Specify a secret with the PEM encoded CA under the key specified by customCaSecretKey. |
| global.dex.issuer | string | `""` | Global Dex issuer url |
Expand Down
9 changes: 9 additions & 0 deletions charts/testkube-cloud-api/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,15 @@ spec:
- name: OUTPUTS_BUCKET
value: "{{ $outputsBucket }}"
{{- $minioEndpoint := .Values.global.storage.endpoint | default .Values.api.minio.endpoint }}
- name: CREDENTIALS_MASTER_PASSWORD
{{- if .Values.global.credentials.masterPassword.secretKeyRef.name }}
valueFrom:
secretKeyRef:
key: {{ .Values.global.credentials.masterPassword.secretKeyRef.key | default "password" }}
name: {{ .Values.global.credentials.masterPassword.secretKeyRef.name }}
{{- else }}
value: "{{ .Values.global.credentials.masterPassword.value }}"
{{- end }}
- name: MINIO_ENDPOINT
value: "{{ tpl $minioEndpoint . }}"
{{- $minioRegion := .Values.global.storage.region | default .Values.api.minio.region }}
Expand Down
13 changes: 13 additions & 0 deletions charts/testkube-cloud-api/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,19 @@ global:
endpoint: ""
# -- Toggle whether to use HTTPS when connecting to the public S3 server
secure: null
## -- Configuration for the encrypted Credentials storage
credentials:
## -- Master password to use for deriving encryption key
masterPassword:
# -- Reference to the master password stored in the Secret
secretKeyRef:
# -- Secret name
name: ""
# -- Secret key
key: "password"
# -- Plain-text master password
value: ""

tls: {}
# -- Toggle whether to globally skip certificate verification
#skipVerify: false
Expand Down
4 changes: 4 additions & 0 deletions charts/testkube-enterprise/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,10 @@ A Helm chart for Testkube Enterprise
| global.certManager.issuerRef | string | `""` | Certificate Issuer ref (only used if `provider` is set to `cert-manager`) |
| global.certificateProvider | string | `"cert-manager"` | TLS certificate provider. Set to "cert-manager" for integration with cert-manager or leave empty for other methods |
| global.containerSecurityContext | object | `{}` | Global security Context for all containers. |
| global.credentials.masterPassword.secretKeyRef | object | `{"key":"password","name":""}` | Reference to the master password stored in the Secret |
| global.credentials.masterPassword.secretKeyRef.key | string | `"password"` | Secret key |
| global.credentials.masterPassword.secretKeyRef.name | string | `""` | Secret name |
| global.credentials.masterPassword.value | string | `""` | Plain-text master password |
| global.customCaSecretKey | string | `"ca.crt"` | Custom CA to use as a trusted CA during TLS connections. Specify a key for the secret specified under customCaSecretRef. |
| global.customCaSecretRef | string | `""` | Custom CA to use as a trusted CA during TLS connections. Specify a secret with the PEM encoded CA under the key specified by customCaSecretKey. |
| global.dex.issuer | string | `""` | Global Dex issuer url which is configured both in Dex and API |
Expand Down
4 changes: 4 additions & 0 deletions charts/testkube-enterprise/profiles/values.demo.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ global:
secure: false
credsSecretRef: testkube-minio-credentials
secure: false
credentials:
masterPassword:
secretKeyRef:
name: testkube-credentials-master

sharedSecretGenerator:
enabled: true
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,4 +50,5 @@ data:
# TestKube Default Agent Token
generate_secret_if_needed "testkube-default-agent-token" --from-literal=agent-token=tkcagnt_$(gen_random 'a-f0-9' 16)
generate_secret_if_needed "testkube-minio-credentials" --from-literal=root-user=testkube-enterprise --from-literal=root-password=$(gen_random 'a-zA-Z0-9' 16) --from-literal=token=""
generate_secret_if_needed "testkube-credentials-master" --from-literal=password=$(gen_random 'a-zA-Z0-9' 32)
{{- end}}
12 changes: 12 additions & 0 deletions charts/testkube-enterprise/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,18 @@ global:
endpoint: ""
# -- Toggle whether to use HTTPS when connecting to the public S3 server
secure: null
## -- Configuration for the encrypted Credentials storage
credentials:
## -- Master password to use for deriving encryption key
masterPassword:
# -- Reference to the master password stored in the Secret
secretKeyRef:
# -- Secret name
name: ""
# -- Secret key
key: "password"
# -- Plain-text master password
value: ""
tls: {}
# -- Toggle whether to globally skip certificate verification
#skipVerify: true
Expand Down

0 comments on commit 57ca5e8

Please sign in to comment.