store smtp credentials on a secret

2023-01-27 22:05:37 +01:00 · 2023-01-27 22:05:37 +01:00 · b4302e04e6
commit b4302e04e6
parent 41152e0ed3
5 changed files with 40 additions and 21 deletions
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@ -100,6 +100,17 @@ Get the mastodon secret.
 {{- end -}}
 {{- end -}}

+{{/*
+Get the smtp secret.
+*/}}
+{{- define "mastodon.smtp.secretName" -}}
+{{- if .Values.mastodon.smtp.existingSecret }}
+    {{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}}
+{{- else -}}
+    {{- printf "%s-smtp" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Get the postgresql secret.
 */}}
--- a/templates/configmap-env.yaml
+++ b/templates/configmap-env.yaml
@ -81,15 +81,9 @@ data:
  {{- with .Values.mastodon.smtp.from_address }}
  SMTP_FROM_ADDRESS: {{ . }}
  {{- end }}
-  {{- with .Values.mastodon.smtp.login }}
-  SMTP_LOGIN: {{ . }}
-  {{- end }}
  {{- with .Values.mastodon.smtp.openssl_verify_mode }}
  SMTP_OPENSSL_VERIFY_MODE: {{ . }}
  {{- end }}
-  {{- with .Values.mastodon.smtp.password }}
-  SMTP_PASSWORD: {{ . }}
-  {{- end }}
  {{- with .Values.mastodon.smtp.port }}
  SMTP_PORT: {{ . | quote }}
  {{- end }}
--- a/templates/deployment-sidekiq.yaml
+++ b/templates/deployment-sidekiq.yaml
@ -90,6 +90,17 @@ spec:
                secretKeyRef:
                  name: {{ template "mastodon.redis.secretName" $context }}
                  key: redis-password
+            - name: "SMTP_LOGIN"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "mastodon.smtp.secretName" $context }}
+                  key: login
+                  optional: true
+            - name: "SMTP_PASSWORD"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "mastodon.smtp.secretName" $context }}
+                  key: password
            {{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
            - name: "AWS_SECRET_ACCESS_KEY"
              valueFrom:
@ -102,19 +113,6 @@ spec:
                  name: {{ $context.Values.mastodon.s3.existingSecret }}
                  key: AWS_ACCESS_KEY_ID
            {{- end }}
-            {{- if $context.Values.mastodon.smtp.existingSecret }}
-            - name: "SMTP_LOGIN"
-              valueFrom:
-                secretKeyRef:
-                  name: {{ $context.Values.mastodon.smtp.existingSecret }}
-                  key: login
-                  optional: true
-            - name: "SMTP_PASSWORD"
-              valueFrom:
-                secretKeyRef:
-                  name: {{ $context.Values.mastodon.smtp.existingSecret }}
-                  key: password
-            {{- end }}
          {{- if (not $context.Values.mastodon.s3.enabled) }}
          volumeMounts:
            - name: assets
--- a/templates/secret-smtp.yaml
+++ b/templates/secret-smtp.yaml
@ -0,0 +1,16 @@
+{{- if not .Values.mastodon.smtp.existingSecret -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-smtp" (include "common.names.fullname" .) }}
+  labels:
+    {{- include "mastodon.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{- with .Values.mastodon.smtp.login }}
+  login: {{ . | b64enc }}
+  {{- end }}
+  {{- with .Values.mastodon.smtp.password }}
+  password: {{ . | b64enc }}
+  {{- end }}
+{{- end }}
--- a/values.yaml
+++ b/values.yaml
@ -144,8 +144,8 @@ mastodon:
    tls: false
    login:
    password:
-    # -- you can also specify the name of an existing Secret
-    # with the keys login and password
+    # -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and
+    # password must be located in keys named `login` and `password` respectively.
    existingSecret:
  streaming:
    port: 4000