Update chartmuseum to use secret and authentication

apps/chartmuseum/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: ungleich-chartmuseum
 description: Chartmuseum for the ungleich infrastructure
 
-version: 0.1.1
+version: 0.2.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

apps/chartmuseum/README.md

@@ -1,15 +1,16 @@
 ## Missing
 
-* SSL/TLS
+* SSL/TLS automatic reload
-  * Letsencrypt on port 80
+  * Cronjob?
-  * Chartmuseum on 443
+  * Trigger from ungleich-certbot?
-  * Reload?
+* Authentication via sops Secret
-* Authentication
-  * Secret -> generate
-  * Secret -> sops
 
 
 ## Done
 
 * Basic chartmuseum
 * helm push works
+* SSL/TLS
+  * Letsencrypt on port 80
+  * Chartmuseum on 443
+* Authentication via generated secret

apps/chartmuseum/templates/deployment.yaml

@@ -59,6 +59,16 @@ spec:
               value: "local"
             - name: STORAGE_LOCAL_ROOTDIR
               value: "/charts"
+            - name: BASIC_AUTH_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ tpl .Values.identifier . }}
+                  key: username
+            - name: BASIC_AUTH_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: {{ tpl .Values.identifier . }}
+                  key: password
           volumeMounts:
             - name: etcletsencrypt
               mountPath: "/etc/letsencrypt"
@@ -173,3 +183,10 @@ spec:
           persistentVolumeClaim:
             claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
   backoffLimit: 3
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ tpl .Values.identifier . }}
+  annotations:
+    secret-generator.v1.mittwald.de/type: basic-auth