Skip to content

Commit

Permalink
feat: add AWS secret manager support (#494)
Browse files Browse the repository at this point in the history
  • Loading branch information
@moabu
moabu authored Dec 8, 2022
1 parent bd2de9a commit 35c8010
Show file tree
Hide file tree
Showing 15 changed files with 431 additions and 8 deletions.
10 changes: 5 additions & 5 deletions pygluu/kubernetes/templates/helm/gluu/README.md
View file

Large diffs are not rendered by default.

31 changes: 31 additions & 0 deletions pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,17 @@ spec:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
name: aws-shared-credential-file
subPath: aws_shared_credential_file
- mountPath: {{ .Values.global.cnAwsConfigFile }}
name: aws-config-file
subPath: aws_config_file
- mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }}
name: aws-secrets-replica-regions
subPath: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
mountPath: "/etc/gluu/conf/sql_password"
Expand Down Expand Up @@ -129,6 +140,26 @@ spec:
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- name: aws-shared-credential-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_shared_credential_file
path: aws_shared_credential_file
- name: aws-config-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_config_file
path: aws_config_file
- name: aws-secrets-replica-regions
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_secrets_replica_regions
path: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
secret:
Expand Down
31 changes: 31 additions & 0 deletions pygluu/kubernetes/templates/helm/gluu/charts/config/templates/load-init-config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,26 @@ spec:
volumes:
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- name: aws-shared-credential-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_shared_credential_file
path: aws_shared_credential_file
- name: aws-config-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_config_file
path: aws_config_file
- name: aws-secrets-replica-regions
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_secrets_replica_regions
path: aws_secrets_replica_regions
{{- end }}
- name: {{ include "config.fullname" . }}-mount-gen-file
secret:
Expand All @@ -63,6 +83,17 @@ spec:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
name: aws-shared-credential-file
subPath: aws_shared_credential_file
- mountPath: {{ .Values.global.cnAwsConfigFile }}
name: aws-config-file
subPath: aws_config_file
- mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }}
name: aws-secrets-replica-regions
subPath: aws_secrets_replica_regions
{{- end }}
- mountPath: /opt/config-init/db/generate.json
name: {{ include "config.fullname" . }}-mount-gen-file
subPath: generate.json
Expand Down
27 changes: 27 additions & 0 deletions pygluu/kubernetes/templates/helm/gluu/charts/config/templates/secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,33 @@ type: Opaque
data:
couchbase_superuser_password: {{ .Values.configmap.gluuCouchbaseSuperUserPass | b64enc }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-aws-config-creds
labels:
{{ include "config.labels" . | indent 4 }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | indent 4 }}
{{- end }}
type: Opaque
stringData:
aws_shared_credential_file: |-
[{{ .Values.configmap.cnAwsProfile | quote }}]
aws_access_key_id = {{ .Values.configmap.cnAwsAccessKeyId }}
aws_secret_access_key = {{ .Values.configmap.cnAwsSecretAccessKey }}
aws_config_file: |-
[{{ .Values.configmap.cnAwsProfile | quote }}]
region = {{ .Values.configmap.cnAwsDefaultRegion | quote }}
aws_secrets_replica_regions: |-
{{ .Values.configmap.cnAwsSecretsReplicaRegions | toJson }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.gluuPersistenceType "spanner") }}
---
apiVersion: v1
Expand Down
31 changes: 31 additions & 0 deletions pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,17 @@ spec:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
name: aws-shared-credential-file
subPath: aws_shared_credential_file
- mountPath: {{ .Values.global.cnAwsConfigFile }}
name: aws-config-file
subPath: aws_config_file
- mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }}
name: aws-secrets-replica-regions
subPath: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
mountPath: "/etc/gluu/conf/sql_password"
Expand Down Expand Up @@ -90,6 +101,26 @@ spec:
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- name: aws-shared-credential-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_shared_credential_file
path: aws_shared_credential_file
- name: aws-config-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_config_file
path: aws_config_file
- name: aws-secrets-replica-regions
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_secrets_replica_regions
path: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
secret:
Expand Down
31 changes: 31 additions & 0 deletions pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,17 @@ spec:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
name: aws-shared-credential-file
subPath: aws_shared_credential_file
- mountPath: {{ .Values.global.cnAwsConfigFile }}
name: aws-config-file
subPath: aws_config_file
- mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }}
name: aws-secrets-replica-regions
subPath: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
mountPath: "/etc/gluu/conf/sql_password"
Expand Down Expand Up @@ -122,6 +133,26 @@ spec:
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- name: aws-shared-credential-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_shared_credential_file
path: aws_shared_credential_file
- name: aws-config-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_config_file
path: aws_config_file
- name: aws-secrets-replica-regions
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_secrets_replica_regions
path: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
secret:
Expand Down
31 changes: 31 additions & 0 deletions pygluu/kubernetes/templates/helm/gluu/charts/oxauth-key-rotation/templates/cronjobs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,17 @@ spec:
{{- include "oxauth-key-rotation.usr-secret-envs" . | indent 16 }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
name: aws-shared-credential-file
subPath: aws_shared_credential_file
- mountPath: {{ .Values.global.cnAwsConfigFile }}
name: aws-config-file
subPath: aws_config_file
- mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }}
name: aws-secrets-replica-regions
subPath: aws_secrets_replica_regions
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.gluuPersistenceType "spanner") }}
- mountPath: {{ .Values.global.cnGoogleApplicationCredentials }}
name: google-sa
Expand Down Expand Up @@ -98,6 +109,26 @@ spec:
{{- with .Values.volumes }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- name: aws-shared-credential-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_shared_credential_file
path: aws_shared_credential_file
- name: aws-config-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_config_file
path: aws_config_file
- name: aws-secrets-replica-regions
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_secrets_replica_regions
path: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
secret:
Expand Down
31 changes: 31 additions & 0 deletions pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,17 @@ spec:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
name: aws-shared-credential-file
subPath: aws_shared_credential_file
- mountPath: {{ .Values.global.cnAwsConfigFile }}
name: aws-config-file
subPath: aws_config_file
- mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }}
name: aws-secrets-replica-regions
subPath: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
mountPath: "/etc/gluu/conf/sql_password"
Expand Down Expand Up @@ -127,6 +138,26 @@ spec:
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- name: aws-shared-credential-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_shared_credential_file
path: aws_shared_credential_file
- name: aws-config-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_config_file
path: aws_config_file
- name: aws-secrets-replica-regions
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_secrets_replica_regions
path: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
secret:
Expand Down
31 changes: 31 additions & 0 deletions pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,17 @@ spec:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
name: aws-shared-credential-file
subPath: aws_shared_credential_file
- mountPath: {{ .Values.global.cnAwsConfigFile }}
name: aws-config-file
subPath: aws_config_file
- mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }}
name: aws-secrets-replica-regions
subPath: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
mountPath: "/etc/gluu/conf/sql_password"
Expand Down Expand Up @@ -116,6 +127,26 @@ spec:
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- name: aws-shared-credential-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_shared_credential_file
path: aws_shared_credential_file
- name: aws-config-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_config_file
path: aws_config_file
- name: aws-secrets-replica-regions
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_secrets_replica_regions
path: aws_secrets_replica_regions
{{- end }}
{{- if eq .Values.global.gluuPersistenceType "sql" }}
- name: sql-pass
secret:
Expand Down
31 changes: 31 additions & 0 deletions pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,17 @@ spec:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
name: aws-shared-credential-file
subPath: aws_shared_credential_file
- mountPath: {{ .Values.global.cnAwsConfigFile }}
name: aws-config-file
subPath: aws_config_file
- mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }}
name: aws-secrets-replica-regions
subPath: aws_secrets_replica_regions
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.gluuPersistenceType "spanner") }}
- mountPath: {{ .Values.global.cnGoogleApplicationCredentials }}
name: google-sa
Expand Down Expand Up @@ -110,6 +121,26 @@ spec:
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- name: aws-shared-credential-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_shared_credential_file
path: aws_shared_credential_file
- name: aws-config-file
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_config_file
path: aws_config_file
- name: aws-secrets-replica-regions
secret:
secretName: {{ .Release.Name }}-aws-config-creds
items:
- key: aws_secrets_replica_regions
path: aws_secrets_replica_regions
{{- end }}
{{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.gluuPersistenceType "spanner") }}
- name: google-sa
secret:
Expand Down
Loading

0 comments on commit 35c8010

Please sign in to comment.