Skip to content

Commit

Permalink
collapses secretes to generate smaller secret files
Browse files Browse the repository at this point in the history
  • Loading branch information
@nickzelei
nickzelei committed Dec 12, 2024
1 parent 9cb5188 commit a74d997
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 98 deletions.
36 changes: 0 additions & 36 deletions backend/charts/api/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,113 +74,85 @@ DB_SSL_DISABLE: {{ .Values.db.disableSsl | quote}}
{{- if .Values.db.options }}
DB_OPTIONS: {{ .Values.db.options | quote}}
{{- end }}

{{- if .Values.host }}
HOST: {{ .Values.host | quote}}
{{- end }}

PORT: {{ .Values.containerPort | quote }}

{{- if .Values.otel.enabled }}
OTEL_EXPORTER_OTLP_PORT: {{ .Values.otel.otlpPort | quote }} # sends to gRPC receiver
{{- end }}

{{- if .Values.nucleusEnv }}
NUCLEUS_ENV: {{ .Values.nucleusEnv }}
{{- end }}

{{- if .Values.shutdownTimeoutSeconds }}
SHUTDOWN_TIMEOUT_SECONDS: {{ .Values.shutdownTimeoutSeconds | quote }}
{{- end }}

{{- if and .Values.auth .Values.auth.enabled }}
AUTH_ENABLED: {{ .Values.auth.enabled | default "false" | quote }}
{{- end }}

{{- if and .Values.auth .Values.auth.baseUrl }}
AUTH_BASEURL: {{ .Values.auth.baseUrl }}
{{- end }}

{{- if and .Values.auth .Values.auth.expectedIss }}
AUTH_EXPECTED_ISS: {{ .Values.auth.expectedIss }}
{{- end }}

{{- if and .Values.auth .Values.auth.audience }}
AUTH_AUDIENCE: {{ .Values.auth.audience }}
{{- end }}

{{- if and .Values.auth .Values.auth.clientMap }}
AUTH_CLIENTID_SECRET: {{ .Values.auth.clientMap | toJson | quote }}
{{- end }}

{{- if and .Values.auth .Values.auth.cliClientId }}
AUTH_CLI_CLIENT_ID: {{ .Values.auth.cliClientId }}
{{- end }}

{{- if and .Values.auth .Values.auth.cliAudience }}
AUTH_CLI_AUDIENCE: {{ .Values.auth.cliAudience }}
{{- end }}

{{- if and .Values.auth .Values.auth.signatureAlgorithm }}
AUTH_SIGNATURE_ALGORITHM: {{ .Values.auth.signatureAlgorithm }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.url }}
TEMPORAL_URL: {{ .Values.temporal.url }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.certificate .Values.temporal.certificate.keyFilePath }}
TEMPORAL_CERT_KEY_PATH: {{ .Values.temporal.certificate.keyFilePath }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.certificate .Values.temporal.certificate.certFilePath }}
TEMPORAL_CERT_PATH: {{ .Values.temporal.certificate.certFilePath }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.certificate .Values.temporal.certificate.keyContents }}
TEMPORAL_CERT_KEY: {{ .Values.temporal.certificate.keyContents }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.certificate .Values.temporal.certificate.certContents }}
TEMPORAL_CERT: {{ .Values.temporal.certificate.certContents }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.defaultNamespace }}
TEMPORAL_DEFAULT_NAMESPACE: {{ .Values.temporal.defaultNamespace }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.defaultSyncJobQueue }}
TEMPORAL_DEFAULT_SYNCJOB_QUEUE: {{ .Values.temporal.defaultSyncJobQueue }}
{{- end }}

{{- if and .Values.auth .Values.auth.api .Values.auth.api.clientId }}
AUTH_API_CLIENT_ID: {{ .Values.auth.api.clientId }}
{{- end }}

{{- if and .Values.auth .Values.auth.api .Values.auth.api.clientSecret }}
AUTH_API_CLIENT_SECRET: {{ .Values.auth.api.clientSecret }}
{{- end }}

{{- if and .Values.auth .Values.auth.api .Values.auth.api.baseUrl }}
AUTH_API_BASEURL: {{ .Values.auth.api.baseUrl }}
{{- end }}

{{- if and .Values.auth .Values.auth.api .Values.auth.api.provider }}
AUTH_API_PROVIDER: {{ .Values.auth.api.provider }}
{{- end }}

NEOSYNC_CLOUD: {{ .Values.neosyncCloud.enabled | default "false" | quote }}
{{- if .Values.neosyncCloud.enabled }}
NEOSYNC_CLOUD_ALLOWED_WORKER_API_KEYS: {{ join "," .Values.neosyncCloud.workerApiKeys }}
{{- end }}

KUBERNETES_ENABLED: {{ .Values.kubernetes.enabled | default "true" | quote }}
KUBERNETES_NAMESPACE: {{ .Values.kubernetes.namespace | default .Release.Namespace }}

{{- if and .Values.kubernetes .Values.kubernetes.workerAppName }}
KUBERNETES_WORKER_APP_NAME: {{ .Values.kubernetes.workerAppName }}
{{- end }}

{{- if and .Values.protometrics .Values.protometrics.enabled }}
METRICS_SERVICE_ENABLED: {{ .Values.protometrics.enabled | default "false" | quote }}
{{- end }}
Expand All @@ -190,28 +162,21 @@ METRICS_URL: {{ .Values.protometrics.url | quote }}
{{- if and .Values.protometrics .Values.protometrics.apiKey }}
METRICS_API_KEY: {{ .Values.protometrics.apiKey | quote }}
{{- end }}

{{- if and .Values.runLogs .Values.runLogs.enabled }}

RUN_LOGS_ENABLED: {{ .Values.runLogs.enabled | toString | quote }}
RUN_LOGS_TYPE: {{ .Values.runLogs.type | quote }}

{{- if eq .Values.runLogs.type "k8s-pods" }}
RUN_LOGS_PODCONFIG_WORKER_NAMESPACE: {{ default .Release.Namespace .Values.runLogs.podConfig.workerNamespace | quote }}
RUN_LOGS_PODCONFIG_WORKER_APPNAME: {{ .Values.runLogs.podConfig.workerAppName | quote }}
{{- end }}

{{- if eq .Values.runLogs.type "loki" }}
RUN_LOGS_LOKICONFIG_BASEURL: {{ .Values.runLogs.lokiConfig.baseUrl | quote }}
RUN_LOGS_LOKICONFIG_LABELSQUERY: {{ .Values.runLogs.lokiConfig.labelsQuery | quote }}

{{- if .Values.runLogs.lokiConfig.keepLabels }}
RUN_LOGS_LOKICONFIG_KEEPLABELS: {{ .Values.runLogs.lokiConfig.keepLabels | join "," | quote }}
{{- end }}
{{- end }} # ends loki check

{{- end }} # ends runLogs.enabled check

{{- if and .Values.ee .Values.ee.license }}
EE_LICENSE: {{ .Values.ee.license | quote }}
{{- end }}
Expand All @@ -230,7 +195,6 @@ DB_SSL_DISABLE: {{ .Values.migrations.db.disableSsl | quote}}
{{- if .Values.migrations.db.options }}
DB_MIGRATIONS_OPTIONS: {{ .Values.migrations.db.options | quote}}
{{- end }}

DB_SCHEMA_DIR: {{ .Values.migrations.db.schemaDir }}
DB_MIGRATIONS_TABLE: {{ .Values.migrations.db.migrationsTableName }}
DB_MIGRATIONS_TABLE_QUOTED: {{ .Values.migrations.db.migrationsTableQuoted | quote }}
Expand Down
59 changes: 18 additions & 41 deletions frontend/apps/web/charts/app/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,102 +68,79 @@ Generate the stringData section for environment variables
{{- if .Values.host }}
HOSTNAME: {{ .Values.host | quote}}
{{- end }}

PORT: {{ .Values.containerPort | quote }}

{{- if .Values.otel.enabled }}
OTEL_EXPORTER_OTLP_PORT: {{ .Values.otel.otlpPort | quote }} # sends to gRPC receiver
{{- end }}

{{- if .Values.nucleusEnv }}
NUCLEUS_ENV: {{ .Values.nucleusEnv }}
{{- end }}

{{- if .Values.shutdownTimeoutSeconds }}
SHUTDOWN_TIMEOUT_SECONDS: {{ .Values.shutdownTimeoutSeconds | quote }}
{{- end }}

{{- if .Values.neosyncApi.url }}
NEOSYNC_API_BASE_URL: {{ .Values.neosyncApi.url }}
{{- end }}

NEXTAUTH_SECRET: {{ .Values.nextAuthSecret }}

{{ if .Values.nextAuthUrl }}
{{- if .Values.nextAuthUrl }}
NEXTAUTH_URL: {{ .Values.nextAuthUrl }}
{{- end }}

{{ if .Values.auth.clientId }}
{{- if .Values.auth.clientId }}
AUTH_CLIENT_ID: {{ .Values.auth.clientId }}
{{- end }}
{{ if .Values.auth.clientSecret }}
{{- if .Values.auth.clientSecret }}
AUTH_CLIENT_SECRET: {{ .Values.auth.clientSecret }}
{{- end }}

{{ if .Values.auth.issuer }}
{{- if .Values.auth.issuer }}
AUTH_ISSUER: {{ .Values.auth.issuer }}
{{- end }}
{{ if .Values.auth.expectedIssuer }}
{{- if .Values.auth.expectedIssuer }}
AUTH_EXPECTED_ISSUER: {{ .Values.auth.expectedIssuer }}
{{- end }}
{{ if .Values.auth.authorizeUrl }}
{{- if .Values.auth.authorizeUrl }}
AUTH_AUTHORIZE_URL: {{ .Values.auth.authorizeUrl }}
{{- end }}
{{ if .Values.auth.userinfoUrl }}
{{- if .Values.auth.userinfoUrl }}
AUTH_USERINFO_URL: {{ .Values.auth.userinfoUrl }}
{{- end }}
{{ if .Values.auth.tokenUrl }}
{{- if .Values.auth.tokenUrl }}
AUTH_TOKEN_URL: {{ .Values.auth.tokenUrl }}
{{- end }}
{{ if .Values.auth.logoutUrl }}
{{- if .Values.auth.logoutUrl }}
AUTH_LOGOUT_URL: {{ .Values.auth.logoutUrl }}
{{- end}}

{{ if .Values.auth.scope }}
{{- if .Values.auth.scope }}
AUTH_SCOPE: {{ .Values.auth.scope }}
{{- end }}
{{ if .Values.auth.audience }}
{{- if .Values.auth.audience }}
AUTH_AUDIENCE: {{ .Values.auth.audience }}
{{- end }}

{{ if .Values.auth.providerId }}
{{- if .Values.auth.providerId }}
AUTH_PROVIDER_ID: {{ .Values.auth.providerId }}
{{- end }}
{{ if .Values.auth.providerName }}
{{- if .Values.auth.providerName }}
AUTH_PROVIDER_NAME: {{ .Values.auth.providerName }}
{{- end }}

{{ if .Values.nextPublic.appBaseUrl }}
{{- if .Values.nextPublic.appBaseUrl }}
NEXT_PUBLIC_APP_BASE_URL: {{ .Values.nextPublic.appBaseUrl }}
{{- end }}

AUTH_ENABLED: {{ .Values.auth.enabled | default "false" | quote }}

AUTH_TRUST_HOST: {{ .Values.auth.trustHost | default "true" | quote }}

NEOSYNC_ANALYTICS_ENABLED: {{ .Values.analytics.enabled | default "true" | quote }}

{{ if and .Values.posthog .Values.posthog.key }}
{{- if and .Values.posthog .Values.posthog.key }}
POSTHOG_KEY: {{ .Values.posthog.key }}
{{- end }}

{{ if and .Values.posthog .Values.posthog.host }}
{{- if and .Values.posthog .Values.posthog.host }}
POSTHOG_HOST: {{ .Values.posthog.host }}
{{- end }}

{{ if and .Values.koala .Values.koala.key }}
{{- if and .Values.koala .Values.koala.key }}
KOALA_KEY: {{ .Values.koala.key }}
{{- end }}

NEOSYNC_CLOUD: {{ .Values.neosyncCloud.enabled | default "false" | quote }}

ENABLE_RUN_LOGS: {{ .Values.enableRunLogs | default "false" | quote }}

{{ if and .Values.protometrics .Values.protometrics.enabled }}
{{- if and .Values.protometrics .Values.protometrics.enabled }}
METRICS_SERVICE_ENABLED: {{ .Values.protometrics.enabled | default "false" | quote }}
{{- end }}

GCP_CS_CONNECTIONS_DISABLED: {{ .Values.disableGcpCloudStorageConnections | default "false" | quote }}

JOBHOOKS_ENABLED: {{ .Values.jobHooks.enabled | default "false" | quote }}
{{- end -}}
21 changes: 0 additions & 21 deletions worker/charts/worker/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,85 +68,64 @@ Generate the stringData section for environment variables
{{- if .Values.host }}
HOST: {{ .Values.host | quote}}
{{- end }}

{{- if .Values.containerPort }}
PORT: {{ .Values.containerPort | quote }}
{{- end }}

{{- if .Values.otel.enabled }}
OTEL_EXPORTER_OTLP_PORT: {{ .Values.otel.otlpPort | quote }} # sends to gRPC receiver
{{- end }}

{{- if .Values.nucleusEnv }}
NUCLEUS_ENV: {{ .Values.nucleusEnv }}
{{- end }}

{{- if .Values.shutdownTimeoutSeconds }}
SHUTDOWN_TIMEOUT_SECONDS: {{ .Values.shutdownTimeoutSeconds | quote }}
{{- end }}

{{- if .Values.temporal.url }}
TEMPORAL_URL: {{ .Values.temporal.url }}
{{- end }}

{{- if .Values.temporal.namespace }}
TEMPORAL_NAMESPACE: {{ .Values.temporal.namespace }}
{{- end }}

{{- if .Values.temporal.taskQueue }}
TEMPORAL_TASK_QUEUE: {{ .Values.temporal.taskQueue }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.certificate .Values.temporal.certificate.keyFilePath }}
TEMPORAL_CERT_KEY_PATH: {{ .Values.temporal.certificate.keyFilePath }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.certificate .Values.temporal.certificate.certFilePath }}
TEMPORAL_CERT_PATH: {{ .Values.temporal.certificate.certFilePath }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.certificate .Values.temporal.certificate.keyContents }}
TEMPORAL_CERT_KEY: {{ .Values.temporal.certificate.keyContents }}
{{- end }}

{{- if and .Values.temporal .Values.temporal.certificate .Values.temporal.certificate.certContents }}
TEMPORAL_CERT: {{ .Values.temporal.certificate.certContents }}
{{- end }}

{{- if and .Values.neosync .Values.neosync.url }}
NEOSYNC_URL: {{ .Values.neosync.url }}
{{- end }}

{{- if and .Values.neosync .Values.neosync.apiKey }}
NEOSYNC_API_KEY: {{ .Values.neosync.apiKey }}
{{- end }}

{{- if .Values.redis.url }}
REDIS_URL: {{ .Values.redis.url }}
{{- end }}

{{- if .Values.redis.kind }}
REDIS_KIND: {{ .Values.redis.kind }}
{{- end }}

{{- if .Values.redis.master }}
REDIS_MASTER: {{ .Values.redis.master }}
{{- end }}

REDIS_TLS_ENABLED: {{ .Values.redis.tls.enabled | default "false" | quote }}
REDIS_TLS_SKIP_CERT_VERIFY: {{ .Values.redis.tls.skipCertVerify | default "false" | quote }}
REDIS_TLS_ENABLE_RENEGOTIATION: {{ .Values.redis.tls.enableRenegotiation | default "false" | quote }}

{{- if and .Values.redis .Values.redis.tls .Values.redis.tls.rootCertAuthority }}
REDIS_TLS_ROOT_CERT_AUTHORITY: {{ .Values.redis.tls.rootCertAuthority }}
{{- end }}

{{- if and .Values.redis .Values.redis.tls .Values.redis.tls.rootCertAuthorityFile }}
REDIS_TLS_ROOT_CERT_AUTHORITY_FILE: {{ .Values.redis.tls.rootCertAuthorityFile }}
{{- end }}

NEOSYNC_CLOUD: {{ .Values.neosyncCloud.enabled | default "false" | quote }}

{{- if and .Values.ee .Values.ee.license }}
EE_LICENSE: {{ .Values.ee.license | quote }}
{{- end }}
Expand Down

0 comments on commit a74d997

Please sign in to comment.