diff --git a/README.md b/README.md index 19ade09..e7d76ee 100644 --- a/README.md +++ b/README.md @@ -22,11 +22,17 @@ appVersion: 1.0.0 dependencies: - name: app - version: 0.5.11 + version: 0.6.0 repository: oci://ghcr.io/wojciechem/platformex ``` + For values please see [values-example.yaml](charts/app/values-example.yaml) +## Gotchas + +In order to render templates locally, if using `sealedSecrets`, you may need to pass +`--api-versions bitnami.com/v1alpha1/SealedSecret` to `helm template` command. + ## TODO: - Chart - [ ] Minimal stable v1.0.0 diff --git a/charts/app/Chart.yaml b/charts/app/Chart.yaml index 953b75b..764e571 100644 --- a/charts/app/Chart.yaml +++ b/charts/app/Chart.yaml @@ -5,7 +5,7 @@ description: Flexible helm chart to deploy your apps to kubernetes cluster. type: application # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.11 +version: 0.6.0 appVersion: 1.0.0 diff --git a/charts/app/templates/_sealedSecrets.tpl b/charts/app/templates/_sealedSecrets.tpl deleted file mode 100644 index 478f812..0000000 --- a/charts/app/templates/_sealedSecrets.tpl +++ /dev/null @@ -1,7 +0,0 @@ -{{- define "platformex.sealedSecrets" }} -{{- if .Capabilities.APIVersions.Has "bitnami.com/v1alpha1/SealedSecret" }} -# todo: sealed secrets -{{- else }} -# todo: sealed secrets CRD not present on cluster -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/app/templates/secrets.yaml b/charts/app/templates/secrets.yaml new file mode 100644 index 0000000..cd0bb44 --- /dev/null +++ b/charts/app/templates/secrets.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: List +items: + {{- range $name, $secret := .Values.sealedSecrets }} + {{- if $.Capabilities.APIVersions.Has "bitnami.com/v1alpha1/SealedSecret" }} + {{- else }} + {{- fail "You need to install sealed-secrets operator and CRDs in order to use sealedSecrets." }} + {{- end }} + - apiVersion: bitnami.com/v1alpha1 + kind: SealedSecret + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + labels: + {{- include "platformex.globalLabels" $ | indent 10 }} + name: "{{ required "name is required!" $secret.name }}" + {{- if $secret.namespace }} + namespace: {{ $secret.namespace | quote }} + {{- end }} + spec: + encryptedData: + {{- range $secret.sealedData }} + {{ .key }}: {{ .value | quote }} + {{- end }} + template: + metadata: + name: "{{ $secret.name }}" + {{- if $secret.data }} + data: + {{- range $secret.data }} + {{ .key }}: {{ .value | quote }} + {{- end }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/charts/app/values-example.yaml b/charts/app/values-example.yaml index d7b6043..bec18c7 100644 --- a/charts/app/values-example.yaml +++ b/charts/app/values-example.yaml @@ -26,8 +26,39 @@ imageRefs: demo: repository: "oci.kodzik.cloud/public/demko" tag: "1.0.0" + test: + repository: "oci.kodzik.cloud/public/test" + tag: "2.3.4" + +sealedSecrets: + secret1: + name: asecret + namespace: xyz + sealedData: + - key: password + value: (encrypted-value-goes-here) + data: + - key: username + value: unencrypted-values-go-here + secret2: + name: bsecret + sealedData: + - key: passcode + value: (encrypted-passcode) instances: + 1-plain: + enableCrons: false + enableWorkers: false + deployments: + one: + replicas: 1 + revisionHistoryLimit: 2 + containers: + one-container: + image: oci.kodzik.cloud/public/one:1.0.0 + env: + ONE: "1" default: enableCrons: true enableWorkers: true diff --git a/charts/app/values.schema.json b/charts/app/values.schema.json index b9df999..8cf1e9b 100644 --- a/charts/app/values.schema.json +++ b/charts/app/values.schema.json @@ -15,6 +15,9 @@ "imageRefs": { "$ref": "#/definitions/ImageRefs" }, + "sealedSecrets": { + "type": "object" + }, "instances": { "$ref": "#/definitions/Instances" } diff --git a/charts/app/values.yaml b/charts/app/values.yaml index 3045a97..4cc835a 100644 --- a/charts/app/values.yaml +++ b/charts/app/values.yaml @@ -1,6 +1,6 @@ global: labels: - ops.kodzik.cloud/chart: "platformex" + ops.kodzik.cloud/chart: "app" defaults: { } envRefs: { }