Skip to content

Commit

Permalink
Merge pull request #131 from OSGP/SMHE-2086-conditional-keystore-secrets
Browse files Browse the repository at this point in the history
Enable Overwriting of Certificate Keystore Password Secret via Sealed Secrets
  • Loading branch information
angelosleebos authored Sep 17, 2024
2 parents 59b477d + 077a512 commit be4f9c2
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 3 deletions.
2 changes: 1 addition & 1 deletion charts/gxf/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: gxf
description: Generic GXF Helm chart
version: '1.8.1'
version: '1.8.2'
icon: https://artwork.lfenergy.org/projects/grid-exchange-fabric/abbrev/color/grid-exchange-fabric-abbrev-color.png
maintainers:
- name: OSGP
Expand Down
8 changes: 7 additions & 1 deletion charts/gxf/templates/certificate-keystore-secret.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
{{- if .Values.keystore.generateSecret -}}
apiVersion: v1
kind: Secret
kind: Secret
metadata:
name: {{ .Release.Name }}-keystore-password
annotations:
{{- if .Values.keystore.managedBySealedSecrets }}
sealedsecrets.bitnami.com/managed: "true"
{{- end }}
type: Opaque
data:
keystore-password: {{ $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-keystore-password" .Release.Name) }}
Expand All @@ -10,3 +15,4 @@ data:
{{- else -}}
{{- randAlphaNum 32 | b64enc | quote -}}
{{- end -}}
{{- end }}
2 changes: 1 addition & 1 deletion charts/gxf/templates/certificate.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ spec:
pkcs12:
create: true
passwordSecretRef:
name: {{ $.Release.Name }}-keystore-password
name: {{ $.Values.keystore.secretName | default (printf "%s-keystore-password" $.Release.Name) }}
key: keystore-password
---
{{- end }}
4 changes: 4 additions & 0 deletions charts/gxf/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -114,3 +114,7 @@ certificates: []
# commonName: example.com
# dnsNames:
# - example.com
keystore:
generateSecret: false # Set to true if you want to generate a new secret
sealedSecretsManaged: false # Set to false if the annotation should not be added
keystoreSecretName: ""

0 comments on commit be4f9c2

Please sign in to comment.