Merge pull request #47 from sparkfabrik/service_desk

refs/platform1984: Defaulted Variables - Avoid Secret inserting in chart for incoming mail
sparkfabrik · Mar 28, 2023 · 7703aa9 · 7703aa9
2 parents d9b9de7 + a17f7c7
commit 7703aa9
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 60 deletions.
diff --git a/README.md b/README.md
@@ -65,7 +65,7 @@ Then perform the following commands on the root folder:
 | gitlab\_enable\_omniauth | Choose whether to enable Gitlab Omniauth integration. Default to false. | `bool` | `false` | no |
 | gitlab\_enable\_registry | Choose whether to enable Gitlab Container registry. Default to false. | `bool` | `false` | no |
 | gitlab\_enable\_restore\_pv | Enable additional storage for TAR Restoration creation of any appreciable size | `bool` | `false` | no |
-| gitlab\_enable\_service\_desk | Enable Gitlab Incoming Mail Service | `bool` | `false` | no |
+| gitlab\_enable\_service\_desk | Enable Gitlab Service Desk | `bool` | `false` | no |
 | gitlab\_enable\_service\_ping | Enable Gitlab Service Ping | `bool` | `true` | no |
 | gitlab\_enable\_smtp | Setup Gitlab email address to send email. | `bool` | `false` | no |
 | gitlab\_gitaly\_disk\_size | Setup persistent disk size for gitaly data in GB. Default 100 GB | `number` | `100` | no |
@@ -80,10 +80,11 @@ Then perform the following commands on the root folder:
 | gitlab\_hpa\_min\_replicas\_shell | Set the minimum hpa pod replicas for the Gitlab Shell. | `number` | `2` | no |
 | gitlab\_hpa\_min\_replicas\_sidekiq | Set the minimum hpa pod replicas for the Gitlab sidekiq. | `number` | `1` | no |
 | gitlab\_hpa\_min\_replicas\_webservice | Set the minimum hpa pod replicas for the Gitlab webservice. | `number` | `2` | no |
-| gitlab\_incoming\_imap\_host | Imap server address for the Incoming Mail | `string` | n/a | yes |
+| gitlab\_incoming\_imap\_host | Imap server address for the Incoming Mail | `string` | `""` | no |
 | gitlab\_incoming\_imap\_port | Imap Port for the Incoming Mail Host | `number` | `993` | no |
-| gitlab\_incoming\_imap\_user | Imap server user for Incoming Mail Imap server | `string` | n/a | yes |
-| gitlab\_incoming\_mail\_address | Email Address for Incoming Mail Service | `string` | n/a | yes |
+| gitlab\_incoming\_imap\_user | Imap server user for Incoming Mail Imap server | `string` | `""` | no |
+| gitlab\_incoming\_mail\_address | Email Address for Incoming Mail Service | `string` | `""` | no |
+| gitlab\_incoming\_mail\_k8s\_secret | Kubernetes secret name for storing Incoming Mail account password | `string` | `"gitlab-incomingmail-secret"` | no |
 | gitlab\_install\_grafana | Choose whether to install a Grafana instance using the Gitlab chart. Default to false. | `bool` | `false` | no |
 | gitlab\_install\_ingress\_nginx | Choose whether to install the ingress nginx controller in the cluster. Default to true. | `bool` | `true` | no |
 | gitlab\_install\_kas | Choose whether to install the Gitlab agent server in the cluster. Default to false. | `bool` | `false` | no |
@@ -94,10 +95,11 @@ Then perform the following commands on the root folder:
 | gitlab\_namespace | Setup  the Kubernetes Namespace where to install gitlab | `string` | `"gitlab"` | no |
 | gitlab\_restore\_pv\_size | Set the size of the additional storage for Backup TAR Restoration Process | `number` | `100` | no |
 | gitlab\_schedule\_cron\_backup | Setup Cron Job for Gitlab Scheduled Backup using unix-cron string format. Default to '0 1 \* \* \*' (Everyday at 1 AM). | `string` | `"0 1 * * *"` | no |
-| gitlab\_service\_desk\_imap\_host | Imap server address for the Service Desk | `string` | n/a | yes |
+| gitlab\_service\_desk\_imap\_host | Imap server address for the Service Desk | `string` | `""` | no |
 | gitlab\_service\_desk\_imap\_port | Imap Port for the Service Desk Mail Host | `number` | `993` | no |
-| gitlab\_service\_desk\_imap\_user | Imap server user for Service Desk Imap Service | `string` | n/a | yes |
-| gitlab\_service\_desk\_mail\_address | Email Address for Service Desk Service | `string` | n/a | yes |
+| gitlab\_service\_desk\_imap\_user | Imap server user for Service Desk Imap Service | `string` | `""` | no |
+| gitlab\_service\_desk\_k8s\_secret | Kubernetes secret name for storing Service Desk Mail account password | `string` | `"gitlab-servicedesk-secret"` | no |
+| gitlab\_service\_desk\_mail\_address | Email Address for Service Desk Service | `string` | `""` | no |
 | gitlab\_smtp\_user | Setup email sender address for Gitlab smtp server to send emails. | `string` | `"user@example.com"` | no |
 | gitlab\_time\_zone | Setup timezone for gitlab containers | `string` | `"Europe/Rome"` | no |
 | gke\_cluster\_autoscaling | Setup Profile and Resources for Cluster Autoscaler - BALANCED (Default Profile) or OPTIMIZE UTILIZATION (Prioritize optimizing utilization of resources) | <pre>object({<br>    enabled             = bool<br>    autoscaling_profile = string<br>    min_cpu_cores       = number<br>    max_cpu_cores       = number<br>    min_memory_gb       = number<br>    max_memory_gb       = number<br>    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))<br>  })</pre> | <pre>{<br>  "autoscaling_profile": "BALANCED",<br>  "enabled": false,<br>  "gpu_resources": [],<br>  "max_cpu_cores": 0,<br>  "max_memory_gb": 0,<br>  "min_cpu_cores": 0,<br>  "min_memory_gb": 0<br>}</pre> | no |

diff --git a/main.tf b/main.tf
@@ -561,7 +561,7 @@ module "gitlab_incomingmail_pass" {
   region          = var.region
   secret_id       = var.gcp_existing_incomingmail_secret_name
   k8s_namespace   = var.gitlab_namespace
-  k8s_secret_name = "gitlab-incomingmail-secret"
+  k8s_secret_name = local.gitlab_incomingmail_k8ssecret
   k8s_secret_key  = "password"
 
   count      = var.gitlab_enable_incoming_mail ? 1 : 0
@@ -575,7 +575,7 @@ module "gitlab_servicedesk_pass" {
   region          = var.region
   secret_id       = var.gcp_existing_servicedesk_secret_name
   k8s_namespace   = var.gitlab_namespace
-  k8s_secret_name = "gitlab-servicedesk-secret"
+  k8s_secret_name = local.gitlab_servicedesk_k8ssecret
   k8s_secret_key  = "password"
 
   count      = var.gitlab_enable_service_desk ? 1 : 0
@@ -591,9 +591,11 @@ data "google_compute_address" "gitlab" {
 }
 
 locals {
-  gitlab_address   = var.gitlab_address_name == "" ? google_compute_address.gitlab[0].address : data.google_compute_address.gitlab[0].address
-  domain           = var.domain != "" ? var.domain : "${local.gitlab_address}.xip.io"
-  gitlab_smtp_user = var.gitlab_enable_smtp != false ? var.gitlab_smtp_user : ""
+  gitlab_address                = var.gitlab_address_name == "" ? google_compute_address.gitlab[0].address : data.google_compute_address.gitlab[0].address
+  domain                        = var.domain != "" ? var.domain : "${local.gitlab_address}.xip.io"
+  gitlab_smtp_user              = var.gitlab_enable_smtp ? var.gitlab_smtp_user : ""
+  gitlab_incomingmail_k8ssecret = var.gitlab_enable_incoming_mail ? var.gitlab_incoming_mail_k8s_secret : ""
+  gitlab_servicedesk_k8ssecret  = var.gitlab_enable_service_desk ? var.gitlab_service_desk_k8s_secret : ""
 
   monitoring_allowed_cidrs = distinct(
     concat(
@@ -605,49 +607,51 @@ locals {
   gitlab_release_helm_values = templatefile(
     "${path.module}/values.yaml",
     {
-      DOMAIN                 = local.domain
-      INGRESS_IP             = local.gitlab_address
-      DB_PRIVATE_IP          = google_sql_database_instance.gitlab_db.private_ip_address
-      REDIS_PRIVATE_IP       = google_redis_instance.gitlab.host
-      PROJECT_ID             = var.project_id
-      ENABLE_CERT_MANAGER    = var.gitlab_enable_certmanager
-      CERT_MANAGER_EMAIL     = var.certmanager_email
-      INSTALL_RUNNER         = var.gitlab_install_runner
-      INSTALL_INGRESS_NGINX  = var.gitlab_install_ingress_nginx
-      INSTALL_PROMETHEUS     = var.gitlab_install_prometheus
-      INSTALL_GRAFANA        = var.gitlab_install_grafana
-      INSTALL_KAS            = var.gitlab_install_kas
-      ENABLE_REGISTRY        = var.gitlab_enable_registry
-      ENABLE_CRON_BACKUP     = var.gitlab_enable_cron_backup
-      SCHEDULE_CRON_BACKUP   = var.gitlab_schedule_cron_backup
-      GITALY_PV_SIZE         = var.gitlab_gitaly_disk_size
-      PV_STORAGE_CLASS       = var.gke_storage_class
-      ENABLE_SMTP            = var.gitlab_enable_smtp
-      SMTP_USER              = local.gitlab_smtp_user
-      BACKUP_EXTRA           = var.gitlab_backup_extra_args
-      TIMEZONE               = var.gitlab_time_zone
-      ENABLE_OMNIAUTH        = var.gitlab_enable_omniauth
-      ENABLE_BACKUP_PV       = var.gitlab_enable_backup_pv
-      BACKUP_PV_SIZE         = var.gitlab_backup_pv_size
-      ENABLE_RESTORE_PV      = var.gitlab_enable_restore_pv
-      RESTORE_PV_SIZE        = var.gitlab_restore_pv_size
-      BACKUP_PV_SC           = var.gke_sc_gitlab_backup_disk
-      RESTORE_PV_SC          = var.gke_sc_gitlab_restore_disk
-      PV_MATCH_LABEL         = var.gke_gitaly_pv_labels
-      ENABLE_MIGRATIONS      = var.gitab_enable_migrations
-      ENABLE_PROM_EXPORTER   = var.gitab_enable_prom_exporter
-      GITALY_MAX_UNAVAILABLE = var.gitlab_gitaly_max_unavailable
-      ENABLE_SERVICE_PING    = var.gitlab_enable_service_ping
-      ENABLE_INCOMING_MAIL   = var.gitlab_enable_incoming_mail
-      INC_MAIL_ADDR          = var.gitlab_incoming_mail_address
-      INC_MAIL_IMAP_HOST     = var.gitlab_incoming_imap_host
-      INC_MAIL_IMAP_PORT     = var.gitlab_incoming_imap_port
-      INC_MAIL_USER          = var.gitlab_incoming_imap_user
-      ENABLE_SERVICE_DESK    = var.gitlab_enable_service_desk
-      SERVICE_DESK_MAIL_ADDR = var.gitlab_service_desk_mail_address
-      SERVICE_DESK_IMAP_HOST = var.gitlab_service_desk_imap_host
-      SERVICE_DESK_IMAP_PORT = var.gitlab_service_desk_imap_port
-      SERVICE_DESK_MAIL_USER = var.gitlab_service_desk_imap_user
+      DOMAIN                  = local.domain
+      INGRESS_IP              = local.gitlab_address
+      DB_PRIVATE_IP           = google_sql_database_instance.gitlab_db.private_ip_address
+      REDIS_PRIVATE_IP        = google_redis_instance.gitlab.host
+      PROJECT_ID              = var.project_id
+      ENABLE_CERT_MANAGER     = var.gitlab_enable_certmanager
+      CERT_MANAGER_EMAIL      = var.certmanager_email
+      INSTALL_RUNNER          = var.gitlab_install_runner
+      INSTALL_INGRESS_NGINX   = var.gitlab_install_ingress_nginx
+      INSTALL_PROMETHEUS      = var.gitlab_install_prometheus
+      INSTALL_GRAFANA         = var.gitlab_install_grafana
+      INSTALL_KAS             = var.gitlab_install_kas
+      ENABLE_REGISTRY         = var.gitlab_enable_registry
+      ENABLE_CRON_BACKUP      = var.gitlab_enable_cron_backup
+      SCHEDULE_CRON_BACKUP    = var.gitlab_schedule_cron_backup
+      GITALY_PV_SIZE          = var.gitlab_gitaly_disk_size
+      PV_STORAGE_CLASS        = var.gke_storage_class
+      ENABLE_SMTP             = var.gitlab_enable_smtp
+      SMTP_USER               = local.gitlab_smtp_user
+      BACKUP_EXTRA            = var.gitlab_backup_extra_args
+      TIMEZONE                = var.gitlab_time_zone
+      ENABLE_OMNIAUTH         = var.gitlab_enable_omniauth
+      ENABLE_BACKUP_PV        = var.gitlab_enable_backup_pv
+      BACKUP_PV_SIZE          = var.gitlab_backup_pv_size
+      ENABLE_RESTORE_PV       = var.gitlab_enable_restore_pv
+      RESTORE_PV_SIZE         = var.gitlab_restore_pv_size
+      BACKUP_PV_SC            = var.gke_sc_gitlab_backup_disk
+      RESTORE_PV_SC           = var.gke_sc_gitlab_restore_disk
+      PV_MATCH_LABEL          = var.gke_gitaly_pv_labels
+      ENABLE_MIGRATIONS       = var.gitab_enable_migrations
+      ENABLE_PROM_EXPORTER    = var.gitab_enable_prom_exporter
+      GITALY_MAX_UNAVAILABLE  = var.gitlab_gitaly_max_unavailable
+      ENABLE_SERVICE_PING     = var.gitlab_enable_service_ping
+      ENABLE_INCOMING_MAIL    = var.gitlab_enable_incoming_mail
+      INC_MAIL_ADDR           = var.gitlab_incoming_mail_address
+      INC_MAIL_IMAP_HOST      = var.gitlab_incoming_imap_host
+      INC_MAIL_IMAP_PORT      = var.gitlab_incoming_imap_port
+      INC_MAIL_USER           = var.gitlab_incoming_imap_user
+      INC_MAIL_K8S_SECRET     = local.gitlab_incomingmail_k8ssecret
+      ENABLE_SERVICE_DESK     = var.gitlab_enable_service_desk
+      SERVICE_DESK_MAIL_ADDR  = var.gitlab_service_desk_mail_address
+      SERVICE_DESK_IMAP_HOST  = var.gitlab_service_desk_imap_host
+      SERVICE_DESK_IMAP_PORT  = var.gitlab_service_desk_imap_port
+      SERVICE_DESK_MAIL_USER  = var.gitlab_service_desk_imap_user
+      SERVICE_DESK_K8S_SECRET = local.gitlab_servicedesk_k8ssecret
 
       #Bucket Names
       ARTIFACTS_BCKT    = google_storage_bucket.gitlab_bucket["artifacts"].name

diff --git a/values.yaml b/values.yaml
@@ -63,7 +63,7 @@ global:
       startTls: false
       user: "${INC_MAIL_USER}"
       password:
-        secret: gitlab-incomingmail-secret
+        secret: "${INC_MAIL_K8S_SECRET}"
         key: password
 
     serviceDeskEmail:
@@ -75,7 +75,7 @@ global:
       startTls: false
       user: "${SERVICE_DESK_MAIL_USER}"
       password:
-        secret: gitlab-servicedesk-secret
+        secret: "${SERVICE_DESK_K8S_SECRET}"
         key: password
 
     ## https://docs.gitlab.com/charts/charts/globals#lfs-artifacts-uploads-packages-external-mr-diffs-and-dependency-proxy

diff --git a/variables.tf b/variables.tf
@@ -537,17 +537,20 @@ variable "gitlab_enable_incoming_mail" {
 
 variable "gitlab_incoming_mail_address" {
   type        = string
-  description = "Email Address for Incoming Mail Service "
+  description = "Email Address for Incoming Mail Service"
+  default     = ""
 }
 
 variable "gitlab_incoming_imap_user" {
   type        = string
   description = "Imap server user for Incoming Mail Imap server"
+  default     = ""
 }
 
 variable "gitlab_incoming_imap_host" {
   type        = string
   description = "Imap server address for the Incoming Mail"
+  default     = ""
 }
 
 variable "gitlab_incoming_imap_port" {
@@ -556,25 +559,34 @@ variable "gitlab_incoming_imap_port" {
   default     = 993
 }
 
+variable "gitlab_incoming_mail_k8s_secret" {
+  type        = string
+  description = "Kubernetes secret name for storing Incoming Mail account password"
+  default     = "gitlab-incomingmail-secret"
+}
+
 variable "gitlab_enable_service_desk" {
   type        = bool
-  description = "Enable Gitlab Incoming Mail Service"
+  description = "Enable Gitlab Service Desk"
   default     = false
 }
 
 variable "gitlab_service_desk_mail_address" {
   type        = string
-  description = "Email Address for Service Desk Service "
+  description = "Email Address for Service Desk Service"
+  default     = ""
 }
 
 variable "gitlab_service_desk_imap_user" {
   type        = string
   description = "Imap server user for Service Desk Imap Service"
+  default     = ""
 }
 
 variable "gitlab_service_desk_imap_host" {
   type        = string
   description = "Imap server address for the Service Desk"
+  default     = ""
 }
 
 variable "gitlab_service_desk_imap_port" {
@@ -583,6 +595,12 @@ variable "gitlab_service_desk_imap_port" {
   default     = 993
 }
 
+variable "gitlab_service_desk_k8s_secret" {
+  type        = string
+  description = "Kubernetes secret name for storing Service Desk Mail account password"
+  default     = "gitlab-servicedesk-secret"
+}
+
 # Peformance optimization. Max and min pod replicas for HPA.
 variable "gitlab_hpa_min_replicas_registry" {
   type        = number