From 299b7b91165b6679c1426bcfb6b0c079e23a0632 Mon Sep 17 00:00:00 2001 From: Rafael Sarmiento Date: Mon, 5 Aug 2024 16:59:13 +0200 Subject: [PATCH 1/2] proxy auth token to external secret --- chart/f7t4jhub/templates/deployment-hub.yaml | 18 +++++++++++++----- chart/f7t4jhub/templates/deployment-proxy.yaml | 8 ++++++++ chart/f7t4jhub/templates/external-secret.yaml | 6 +++++- chart/f7t4jhub/templates/secret.yaml | 2 ++ 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/chart/f7t4jhub/templates/deployment-hub.yaml b/chart/f7t4jhub/templates/deployment-hub.yaml index 2ec85d6..c4fb6ca 100644 --- a/chart/f7t4jhub/templates/deployment-hub.yaml +++ b/chart/f7t4jhub/templates/deployment-hub.yaml @@ -56,11 +56,6 @@ spec: secretKeyRef: name: {{ .Release.Name }}-secret key: authTokenUrl - - name: CONFIGPROXY_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secret - key: configProxyAuthToken {{- if .Values.vault.keycloak.enabled }} - name: KC_CLIENT_ID valueFrom: @@ -73,6 +68,19 @@ spec: name: {{ .Release.Name }}-common-secrets key: kc_client_secret {{- end }} + {{- if .Values.vault.configProxyAuthToken.enabled }} + - name: CONFIGPROXY_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-common-secrets + key: configProxyAuthToken + {{- else }} + - name: CONFIGPROXY_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secret + key: configProxyAuthToken + {{- end }} volumeMounts: - name: db-pvc mountPath: /home/juhu diff --git a/chart/f7t4jhub/templates/deployment-proxy.yaml b/chart/f7t4jhub/templates/deployment-proxy.yaml index f8c8828..cf20bfc 100644 --- a/chart/f7t4jhub/templates/deployment-proxy.yaml +++ b/chart/f7t4jhub/templates/deployment-proxy.yaml @@ -30,8 +30,16 @@ spec: ports: - containerPort: {{ .Values.network.appPort }} env: + {{- if .Values.vault.configProxyAuthToken.enabled }} + - name: CONFIGPROXY_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-common-secrets + key: configProxyAuthToken + {{- else }} - name: CONFIGPROXY_AUTH_TOKEN valueFrom: secretKeyRef: name: {{ .Release.Name }}-secret key: configProxyAuthToken + {{- end }} diff --git a/chart/f7t4jhub/templates/external-secret.yaml b/chart/f7t4jhub/templates/external-secret.yaml index f21aa88..9382f8e 100644 --- a/chart/f7t4jhub/templates/external-secret.yaml +++ b/chart/f7t4jhub/templates/external-secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.vault.keycloak.enabled }} +{{- if or .Values.vault.keycloak.enabled .Values.vault.configProxyAuthToken.secretPath }} apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: @@ -20,4 +20,8 @@ spec: remoteRef: key: {{ .Values.vault.keycloak.secretPath }} property: kc_client_id + - secretKey: configProxyAuthToken + remoteRef: + key: {{ .Values.vault.configProxyAuthToken.secretPath }} + property: config_proxy_auth_token {{- end }} diff --git a/chart/f7t4jhub/templates/secret.yaml b/chart/f7t4jhub/templates/secret.yaml index b4ca01b..5e005f1 100644 --- a/chart/f7t4jhub/templates/secret.yaml +++ b/chart/f7t4jhub/templates/secret.yaml @@ -13,4 +13,6 @@ type: Opaque stringData: firecrestUrl: {{ .Values.setup.firecrestUrl }} authTokenUrl: {{ .Values.setup.authTokenUrl}} + {{- if not .Values.vault.configProxyAuthToken.enabled }} configProxyAuthToken: {{ $token }} + {{- end }} From 7fad7f5bb4b5ebb7b798242e9a6b60ee9895a19c Mon Sep 17 00:00:00 2001 From: Rafael Sarmiento Date: Mon, 5 Aug 2024 17:09:17 +0200 Subject: [PATCH 2/2] proxy auth token to external secret --- chart/Chart.yaml | 4 ++-- chart/f7t4jhub/Chart.yaml | 2 +- chart/values.yaml | 8 ++++++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 63af7df..892a165 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: f7t4jhub description: A Helm chart to Deploy JupyterHub with the FirecREST Spawner type: application -version: 0.7.0 +version: 0.8.0 appVersion: "4.1.5" dependencies: - name: f7t4jhub - version: 0.7.0 + version: 0.8.0 repository: "file://./f7t4jhub" - name: reloader version: v1.0.51 diff --git a/chart/f7t4jhub/Chart.yaml b/chart/f7t4jhub/Chart.yaml index a7a03af..9b4fd6f 100644 --- a/chart/f7t4jhub/Chart.yaml +++ b/chart/f7t4jhub/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: f7t4jhub description: A Helm chart to Deploy JupyterHub with the FirecREST Spawner type: application -version: 0.7.0 +version: 0.8.0 appVersion: "4.1.5" diff --git a/chart/values.yaml b/chart/values.yaml index 4677eb1..d317af8 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -62,6 +62,14 @@ f7t4jhub: # Secret path in Vault (replace with your own secret path) secretPath: 'secret/path/containers' + # proxy authentication token + configProxyAuthToken: + # Enable or disable Vault integration + enabled: false + + # Secret path in Vault (replace with your own secret path) + secretPath: 'secret/path/proxy' + metricbeat: # Enable or disable annotations for metric beat monitoring enabled: false