Skip to content

Commit

Permalink
feat: use secretKeyRef (#7)
Browse files Browse the repository at this point in the history
closes gomods/athens#5 
closes #25
closes #24

---------

Co-authored-by: Nicholas Wiersma <[email protected]>
  • Loading branch information
DrPsychick and nrwiersma authored Apr 13, 2023
1 parent c7fb94f commit 1ee7d70
Show file tree
Hide file tree
Showing 4 changed files with 74 additions and 28 deletions.
2 changes: 1 addition & 1 deletion charts/athens-proxy/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: athens-proxy
version: 0.5.9
version: 0.6.0
appVersion: v0.12.0
description: The proxy server for Go modules
icon: https://raw.githubusercontent.com/gomods/athens/main/docs/static/banner.png
Expand Down
59 changes: 38 additions & 21 deletions charts/athens-proxy/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -80,70 +80,87 @@ spec:
port: 3000
env:
- name: ATHENS_GOGET_WORKERS
{{- if .Values.goGetWorkers }}
value: {{ .Values.goGetWorkers | quote }}
{{- else }}
value: "3"
{{- end }}
{{- if .Values.configEnvVars }}
{{- toYaml .Values.configEnvVars | nindent 8 }}
{{- end }}
- name: ATHENS_STORAGE_TYPE
value: {{ .Values.storage.type | quote }}
{{- if eq .Values.storage.type "disk"}}
{{- if eq .Values.storage.type "disk"}}
- name: ATHENS_DISK_STORAGE_ROOT
value: {{ .Values.storage.disk.storageRoot | quote }}
{{- else if eq .Values.storage.type "mongo"}}
{{- else if eq .Values.storage.type "mongo"}}
- name: ATHENS_MONGO_STORAGE_URL
value: {{ .Values.storage.mongo.url | quote }}
{{- else if eq .Values.storage.type "s3" }}
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
key: ATHENS_MONGO_STORAGE_URL
{{- else if eq .Values.storage.type "s3" }}
- name: AWS_REGION
value: {{ .Values.storage.s3.region | quote }}
- name: ATHENS_S3_BUCKET_NAME
value: {{ .Values.storage.s3.bucket | quote }}
- name: AWS_USE_DEFAULT_CONFIGURATION
value: {{ .Values.storage.s3.useDefaultConfiguration | quote }}
- name: AWS_FORCE_PATH_STYLE
value: {{ .Values.storage.s3.ForcePathStyle | quote }}
{{- if .Values.storage.s3.access_key_id }}
value: {{ .Values.storage.s3.forcePathStyle | quote }}
{{- if .Values.storage.s3.accessKey }}
- name: AWS_ACCESS_KEY_ID
value: {{ .Values.storage.s3.access_key_id | quote }}
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if .Values.storage.s3.secret_access_key }}
{{- if .Values.storage.s3.secretKey }}
- name: AWS_SECRET_ACCESS_KEY
value: {{ .Values.storage.s3.secret_access_key | quote }}
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
key: AWS_SECRET_ACCESS_KEY
{{- end }}
{{- if .Values.storage.s3.session_token }}
{{- if .Values.storage.s3.sessionToken }}
- name: AWS_SESSION_TOKEN
value: {{ .Values.storage.s3.session_token | quote }}
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
key: AWS_SESSION_TOKEN
{{- end }}
{{- else if eq .Values.storage.type "gcp"}}
{{- else if eq .Values.storage.type "gcp"}}
- name: GOOGLE_CLOUD_PROJECT
value: {{ .Values.storage.gcp.projectID | quote }}
- name: ATHENS_STORAGE_GCP_BUCKET
value: {{ .Values.storage.gcp.bucket | quote }}
{{- if .Values.storage.gcp.serviceAccount }}
- name: ATHENS_STORAGE_GCP_JSON_KEY
value: {{ .Values.storage.gcp.serviceAccount | b64enc | quote }}
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
key: ATHENS_STORAGE_GCP_JSON_KEY
{{- end }}
{{- else if eq .Values.storage.type "minio" }}
{{- else if eq .Values.storage.type "minio" }}
{{- if .Values.storage.minio.endpoint }}
- name: ATHENS_MINIO_ENDPOINT
value: {{ .Values.storage.minio.endpoint | quote }}
{{- end }}
{{- if .Values.storage.minio.accessKey }}
- name: ATHENS_MINIO_ACCESS_KEY_ID
value: {{ .Values.storage.minio.accessKey | quote }}
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
key: ATHENS_MINIO_ACCESS_KEY_ID
{{- end }}
{{- if .Values.storage.minio.secretKey }}
- name: ATHENS_MINIO_SECRET_ACCESS_KEY
value: {{ .Values.storage.minio.secretKey | quote }}
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
key: ATHENS_MINIO_SECRET_ACCESS_KEY
{{- end }}
{{- if .Values.storage.minio.bucket }}
- name: ATHENS_MINIO_BUCKET_NAME
value: {{ .Values.storage.minio.bucket | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.netrc.enabled }}
- name: ATHENS_NETRC_PATH
value: "/etc/netrc/.netrc"
Expand Down
27 changes: 27 additions & 0 deletions charts/athens-proxy/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
kind: Secret
apiVersion: v1
metadata:
name: {{ template "fullname" . }}-secret
type: Opaque
data:
{{- if .Values.storage.mongo.url }}
ATHENS_MONGO_STORAGE_URL: {{ .Values.storage.mongo.url | b64enc | quote }}
{{- end }}
{{- if .Values.storage.s3.accessKey }}
AWS_ACCESS_KEY_ID: {{ .Values.storage.s3.accessKey | b64enc | quote }}
{{- end }}
{{- if .Values.storage.s3.secretKey }}
AWS_SECRET_ACCESS_KEY: {{ .Values.storage.s3.secretKey | b64enc | quote }}
{{- end }}
{{- if .Values.storage.s3.sessionToken }}
AWS_SESSION_TOKEN: {{ .Values.storage.s3.sessionToken | b64enc | quote }}
{{- end }}
{{- if .Values.storage.gcp.serviceAccount }}
ATHENS_STORAGE_GCP_JSON_KEY: {{ .Values.storage.gcp.serviceAccount | b64enc | quote }}
{{- end }}
{{- if .Values.storage.minio.accessKey }}
ATHENS_MINIO_ACCESS_KEY_ID: {{ .Values.storage.minio.accessKey | b64enc | quote }}
{{- end }}
{{- if .Values.storage.minio.secretKey }}
ATHENS_MINIO_SECRET_ACCESS_KEY: {{ .Values.storage.minio.secretKey | b64enc | quote }}
{{- end }}
14 changes: 8 additions & 6 deletions charts/athens-proxy/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,23 +67,25 @@ storage:
accessMode: ReadWriteOnce
size: 4Gi
mongo:
# you must set this on the command line when you run 'helm install'
# for example, you need to run 'helm install --set storage.mongo.url=myurl ...'
url: "SET THIS ON THE COMMAND LINE"
url: ""
s3:
# you must set s3 bucket and region when running 'helm install'
region: ""
bucket: ""
useDefaultConfiguration: true
useDefaultConfiguration: false
forcePathStyle: false
accessKey: ""
secretKey: ""
sessionToken: ""
minio:
# All these variables needs to be set when configuring athens to run with minio backend
endpoint: ""
accessKey: ""
secretKey: ""
bucket: ""
gcp:
# For more information, see:
# https://docs.gomods.io/install/install-on-kubernetes/#google-cloud-storage
# For more information, see:
# https://docs.gomods.io/install/install-on-kubernetes/#google-cloud-storage
# you must set gcp projectID and bucket when running 'helm install'
projectID: ""
bucket: ""
Expand Down

0 comments on commit 1ee7d70

Please sign in to comment.