Skip to content

Commit

Permalink
Merge pull request #63 from ndustrialio/allow-templated-secrets
Browse files Browse the repository at this point in the history 
feat: allow templated secrets
  • Loading branch information
@mgagliardo91
mgagliardo91 authored Nov 17, 2022
2 parents fb0cd45 + 53b4384 commit a93b7ea
Show file tree
Hide file tree
Showing 10 changed files with 78 additions and 66 deletions.
8 changes: 8 additions & 0 deletions examples/deployment/cert-manager.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ datadog:
openmetrics:
enabled: false

templateName: test
externalSecrets:
- path: staging/files-api
secret: my-custom-secret-name
Expand All @@ -56,5 +57,12 @@ externalSecrets:
- name: another_key
sourceKey: staging/iot-api
sourceProp: another_vault_key
- secret: my-templated-secret-{{ .Values.templateName }}
template: |
MY_KEY: {{ "{{ .my_key }}" | quote }}
properties:
- name: my_key
sourceKey: staging/files-api
sourceProp: vault_key

tenant: test-tenant
4 changes: 2 additions & 2 deletions ndustrial/cronjob/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@ maintainers:
- email: devops@ndustrial.io
name: DevOps
# Please make sure that version and appVersion are always the same.
version: 0.1.26
appVersion: 0.1.26
version: 0.1.27
appVersion: 0.1.27
29 changes: 15 additions & 14 deletions ndustrial/cronjob/templates/externalsecrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
{{- if .Values.externalSecrets }}
{{- range .Values.externalSecrets }}
{{- if .path }}
{{- $_ := set . "secret" (default (printf "%s" .path | replace "/" "-" | trunc 63) .secret) }}
{{- $externalSecret := merge (dict "template" .template) (fromYaml (tpl (toYaml (omit . "template" )) $)) -}}
{{- if $externalSecret.path }}
{{- $_ := set $externalSecret "secret" (default (printf "%s" $externalSecret.path | replace "/" "-" | trunc 63) $externalSecret.secret) }}
{{- else }}
{{- $_ := set . "secret" (required "A secret is required when not passing path." .secret) }}
{{- $_ := set . "properties" (required "A property list is required when not passing path." .properties) }}
{{- $_ := set $externalSecret "secret" (required "A secret is required when not passing path." $externalSecret.secret) }}
{{- $_ := set $externalSecret "properties" (required "A property list is required when not passing path." $externalSecret.properties) }}
{{- end }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ .secret }}
name: {{ $externalSecret.secret }}
labels: {{- include "nio-common.labels.standard" $ | nindent 4 }}
ndustrial.io/component: statefulset
{{- if $.Values.labels }}
Expand All @@ -21,22 +22,22 @@ metadata:
spec:
refreshInterval: "5m"
secretStoreRef:
name: {{ default "vault-backend" .provider }}
kind: {{ default "ClusterSecretStore" .storeKind }}
name: {{ default "vault-backend" $externalSecret.provider }}
kind: {{ default "ClusterSecretStore" $externalSecret.storeKind }}
target:
name: {{ .secret }}
{{- if .template }}
name: {{ $externalSecret.secret }}
{{- if $externalSecret.template }}
template:
data: {{- tpl .template $ | nindent 8 -}}
data: {{- tpl $externalSecret.template $ | nindent 8 -}}
{{- end }}
{{- if .path }}
{{- if $externalSecret.path }}
dataFrom:
- extract:
key: {{ .path }}
key: {{ $externalSecret.path }}
{{- end }}
{{- if .properties }}
{{- if $externalSecret.properties }}
data:
{{- range .properties }}
{{- range $externalSecret.properties }}
- secretKey: {{ .name }}
remoteRef:
key: {{ .sourceKey }}
Expand Down
4 changes: 2 additions & 2 deletions ndustrial/daemonset/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- email: devops@ndustrial.io
name: DevOps
# Please make sure that version and appVersion are always the same.
version: 0.1.4
appVersion: 0.1.4
version: 0.1.5
appVersion: 0.1.5
29 changes: 15 additions & 14 deletions ndustrial/daemonset/templates/externalsecrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
{{- if .Values.externalSecrets }}
{{- range .Values.externalSecrets }}
{{- if .path }}
{{- $_ := set . "secret" (default (printf "%s" .path | replace "/" "-" | trunc 63) .secret) }}
{{- $externalSecret := merge (dict "template" .template) (fromYaml (tpl (toYaml (omit . "template" )) $)) -}}
{{- if $externalSecret.path }}
{{- $_ := set $externalSecret "secret" (default (printf "%s" $externalSecret.path | replace "/" "-" | trunc 63) $externalSecret.secret) }}
{{- else }}
{{- $_ := set . "secret" (required "A secret is required when not passing path." .secret) }}
{{- $_ := set . "properties" (required "A property list is required when not passing path." .properties) }}
{{- $_ := set $externalSecret "secret" (required "A secret is required when not passing path." $externalSecret.secret) }}
{{- $_ := set $externalSecret "properties" (required "A property list is required when not passing path." $externalSecret.properties) }}
{{- end }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ .secret }}
name: {{ $externalSecret.secret }}
labels: {{- include "nio-common.labels.standard" $ | nindent 4 }}
ndustrial.io/component: statefulset
{{- if $.Values.labels }}
Expand All @@ -21,22 +22,22 @@ metadata:
spec:
refreshInterval: "5m"
secretStoreRef:
name: {{ default "vault-backend" .provider }}
kind: {{ default "ClusterSecretStore" .storeKind }}
name: {{ default "vault-backend" $externalSecret.provider }}
kind: {{ default "ClusterSecretStore" $externalSecret.storeKind }}
target:
name: {{ .secret }}
{{- if .template }}
name: {{ $externalSecret.secret }}
{{- if $externalSecret.template }}
template:
data: {{- tpl .template $ | nindent 8 -}}
data: {{- tpl $externalSecret.template $ | nindent 8 -}}
{{- end }}
{{- if .path }}
{{- if $externalSecret.path }}
dataFrom:
- extract:
key: {{ .path }}
key: {{ $externalSecret.path }}
{{- end }}
{{- if .properties }}
{{- if $externalSecret.properties }}
data:
{{- range .properties }}
{{- range $externalSecret.properties }}
- secretKey: {{ .name }}
remoteRef:
key: {{ .sourceKey }}
Expand Down
4 changes: 2 additions & 2 deletions ndustrial/deployment/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- email: devops@ndustrial.io
name: DevOps
# Please make sure that version and appVersion are always the same.
version: 0.1.42
appVersion: 0.1.42
version: 0.1.43
appVersion: 0.1.43
29 changes: 15 additions & 14 deletions ndustrial/deployment/templates/externalsecrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
{{- if .Values.externalSecrets }}
{{- range .Values.externalSecrets }}
{{- if .path }}
{{- $_ := set . "secret" (default (printf "%s" .path | replace "/" "-" | trunc 63) .secret) }}
{{- $externalSecret := merge (dict "template" .template) (fromYaml (tpl (toYaml (omit . "template" )) $)) -}}
{{- if $externalSecret.path }}
{{- $_ := set $externalSecret "secret" (default (printf "%s" $externalSecret.path | replace "/" "-" | trunc 63) $externalSecret.secret) }}
{{- else }}
{{- $_ := set . "secret" (required "A secret is required when not passing path." .secret) }}
{{- $_ := set . "properties" (required "A property list is required when not passing path." .properties) }}
{{- $_ := set $externalSecret "secret" (required "A secret is required when not passing path." $externalSecret.secret) }}
{{- $_ := set $externalSecret "properties" (required "A property list is required when not passing path." $externalSecret.properties) }}
{{- end }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ .secret }}
name: {{ $externalSecret.secret }}
labels: {{- include "nio-common.labels.standard" $ | nindent 4 }}
ndustrial.io/component: statefulset
{{- if $.Values.labels }}
Expand All @@ -21,22 +22,22 @@ metadata:
spec:
refreshInterval: "5m"
secretStoreRef:
name: {{ default "vault-backend" .provider }}
kind: {{ default "ClusterSecretStore" .storeKind }}
name: {{ default "vault-backend" $externalSecret.provider }}
kind: {{ default "ClusterSecretStore" $externalSecret.storeKind }}
target:
name: {{ .secret }}
{{- if .template }}
name: {{ $externalSecret.secret }}
{{- if $externalSecret.template }}
template:
data: {{- tpl .template $ | nindent 8 -}}
data: {{- tpl $externalSecret.template $ | nindent 8 -}}
{{- end }}
{{- if .path }}
{{- if $externalSecret.path }}
dataFrom:
- extract:
key: {{ .path }}
key: {{ $externalSecret.path }}
{{- end }}
{{- if .properties }}
{{- if $externalSecret.properties }}
data:
{{- range .properties }}
{{- range $externalSecret.properties }}
- secretKey: {{ .name }}
remoteRef:
key: {{ .sourceKey }}
Expand Down
4 changes: 2 additions & 2 deletions ndustrial/nio-api/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- email: devops@ndustrial.io
name: DevOps
# Please make sure that version and appVersion are always the same.
version: 1.0.5
appVersion: 1.0.5
version: 1.0.6
appVersion: 1.0.6
4 changes: 2 additions & 2 deletions ndustrial/statefulset/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,5 @@ maintainers:
- email: devops@ndustrial.io
name: DevOps
# Please make sure that version and appVersion are always the same.
version: 0.1.37
appVersion: 0.1.37
version: 0.1.38
appVersion: 0.1.38
29 changes: 15 additions & 14 deletions ndustrial/statefulset/templates/externalsecrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
{{- if .Values.externalSecrets }}
{{- range .Values.externalSecrets }}
{{- if .path }}
{{- $_ := set . "secret" (default (printf "%s" .path | replace "/" "-" | trunc 63) .secret) }}
{{- $externalSecret := merge (dict "template" .template) (fromYaml (tpl (toYaml (omit . "template" )) $)) -}}
{{- if $externalSecret.path }}
{{- $_ := set $externalSecret "secret" (default (printf "%s" $externalSecret.path | replace "/" "-" | trunc 63) $externalSecret.secret) }}
{{- else }}
{{- $_ := set . "secret" (required "A secret is required when not passing path." .secret) }}
{{- $_ := set . "properties" (required "A property list is required when not passing path." .properties) }}
{{- $_ := set $externalSecret "secret" (required "A secret is required when not passing path." $externalSecret.secret) }}
{{- $_ := set $externalSecret "properties" (required "A property list is required when not passing path." $externalSecret.properties) }}
{{- end }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ .secret }}
name: {{ $externalSecret.secret }}
labels: {{- include "nio-common.labels.standard" $ | nindent 4 }}
ndustrial.io/component: statefulset
{{- if $.Values.labels }}
Expand All @@ -21,22 +22,22 @@ metadata:
spec:
refreshInterval: "5m"
secretStoreRef:
name: {{ default "vault-backend" .provider }}
kind: {{ default "ClusterSecretStore" .storeKind }}
name: {{ default "vault-backend" $externalSecret.provider }}
kind: {{ default "ClusterSecretStore" $externalSecret.storeKind }}
target:
name: {{ .secret }}
{{- if .template }}
name: {{ $externalSecret.secret }}
{{- if $externalSecret.template }}
template:
data: {{- tpl .template $ | nindent 8 -}}
data: {{- tpl $externalSecret.template $ | nindent 8 -}}
{{- end }}
{{- if .path }}
{{- if $externalSecret.path }}
dataFrom:
- extract:
key: {{ .path }}
key: {{ $externalSecret.path }}
{{- end }}
{{- if .properties }}
{{- if $externalSecret.properties }}
data:
{{- range .properties }}
{{- range $externalSecret.properties }}
- secretKey: {{ .name }}
remoteRef:
key: {{ .sourceKey }}
Expand Down

0 comments on commit a93b7ea

Please sign in to comment.