From 7a9034df78b4ec669c1abe3a1ba7e13e46560387 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 26 Jul 2021 14:31:28 +0200 Subject: [PATCH] Update chartmuseum to use secret and authentication --- apps/chartmuseum/Chart.yaml | 2 +- apps/chartmuseum/README.md | 15 ++++++++------- apps/chartmuseum/templates/deployment.yaml | 17 +++++++++++++++++ 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/apps/chartmuseum/Chart.yaml b/apps/chartmuseum/Chart.yaml index 84e2f11..721a2e9 100644 --- a/apps/chartmuseum/Chart.yaml +++ b/apps/chartmuseum/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ungleich-chartmuseum description: Chartmuseum for the ungleich infrastructure -version: 0.1.1 +version: 0.2.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/apps/chartmuseum/README.md b/apps/chartmuseum/README.md index 080001d..3a0b874 100644 --- a/apps/chartmuseum/README.md +++ b/apps/chartmuseum/README.md @@ -1,15 +1,16 @@ ## Missing -* SSL/TLS - * Letsencrypt on port 80 - * Chartmuseum on 443 - * Reload? -* Authentication - * Secret -> generate - * Secret -> sops +* SSL/TLS automatic reload + * Cronjob? + * Trigger from ungleich-certbot? +* Authentication via sops Secret ## Done * Basic chartmuseum * helm push works +* SSL/TLS + * Letsencrypt on port 80 + * Chartmuseum on 443 +* Authentication via generated secret diff --git a/apps/chartmuseum/templates/deployment.yaml b/apps/chartmuseum/templates/deployment.yaml index 0c00a9a..65fc6d9 100644 --- a/apps/chartmuseum/templates/deployment.yaml +++ b/apps/chartmuseum/templates/deployment.yaml @@ -59,6 +59,16 @@ spec: value: "local" - name: STORAGE_LOCAL_ROOTDIR value: "/charts" + - name: BASIC_AUTH_USER + valueFrom: + secretKeyRef: + name: {{ tpl .Values.identifier . }} + key: username + - name: BASIC_AUTH_PASS + valueFrom: + secretKeyRef: + name: {{ tpl .Values.identifier . }} + key: password volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" @@ -173,3 +183,10 @@ spec: persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs backoffLimit: 3 +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ tpl .Values.identifier . }} + annotations: + secret-generator.v1.mittwald.de/type: basic-auth