From b4302e04e6d89819da8bd7d5c9c4b30b1420b842 Mon Sep 17 00:00:00 2001 From: Roberto Santalla Date: Fri, 27 Jan 2023 22:05:37 +0100 Subject: [PATCH] store smtp credentials on a secret --- templates/_helpers.tpl | 11 +++++++++++ templates/configmap-env.yaml | 6 ------ templates/deployment-sidekiq.yaml | 24 +++++++++++------------- templates/secret-smtp.yaml | 16 ++++++++++++++++ values.yaml | 4 ++-- 5 files changed, 40 insertions(+), 21 deletions(-) create mode 100644 templates/secret-smtp.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 016dfb3..6331a26 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -100,6 +100,17 @@ Get the mastodon secret. {{- end -}} {{- end -}} +{{/* +Get the smtp secret. +*/}} +{{- define "mastodon.smtp.secretName" -}} +{{- if .Values.mastodon.smtp.existingSecret }} + {{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}} +{{- else -}} + {{- printf "%s-smtp" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + {{/* Get the postgresql secret. */}} diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index e1b1896..54e3874 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -81,15 +81,9 @@ data: {{- with .Values.mastodon.smtp.from_address }} SMTP_FROM_ADDRESS: {{ . }} {{- end }} - {{- with .Values.mastodon.smtp.login }} - SMTP_LOGIN: {{ . }} - {{- end }} {{- with .Values.mastodon.smtp.openssl_verify_mode }} SMTP_OPENSSL_VERIFY_MODE: {{ . }} {{- end }} - {{- with .Values.mastodon.smtp.password }} - SMTP_PASSWORD: {{ . }} - {{- end }} {{- with .Values.mastodon.smtp.port }} SMTP_PORT: {{ . | quote }} {{- end }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index a03019e..0736ad6 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -90,6 +90,17 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" $context }} key: redis-password + - name: "SMTP_LOGIN" + valueFrom: + secretKeyRef: + name: {{ include "mastodon.smtp.secretName" $context }} + key: login + optional: true + - name: "SMTP_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ include "mastodon.smtp.secretName" $context }} + key: password {{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }} - name: "AWS_SECRET_ACCESS_KEY" valueFrom: @@ -102,19 +113,6 @@ spec: name: {{ $context.Values.mastodon.s3.existingSecret }} key: AWS_ACCESS_KEY_ID {{- end }} - {{- if $context.Values.mastodon.smtp.existingSecret }} - - name: "SMTP_LOGIN" - valueFrom: - secretKeyRef: - name: {{ $context.Values.mastodon.smtp.existingSecret }} - key: login - optional: true - - name: "SMTP_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ $context.Values.mastodon.smtp.existingSecret }} - key: password - {{- end }} {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/templates/secret-smtp.yaml b/templates/secret-smtp.yaml new file mode 100644 index 0000000..98b15f3 --- /dev/null +++ b/templates/secret-smtp.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.mastodon.smtp.existingSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-smtp" (include "common.names.fullname" .) }} + labels: + {{- include "mastodon.labels" . | nindent 4 }} +type: Opaque +data: + {{- with .Values.mastodon.smtp.login }} + login: {{ . | b64enc }} + {{- end }} + {{- with .Values.mastodon.smtp.password }} + password: {{ . | b64enc }} + {{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml index 16dfadf..3f65ddf 100644 --- a/values.yaml +++ b/values.yaml @@ -144,8 +144,8 @@ mastodon: tls: false login: password: - # -- you can also specify the name of an existing Secret - # with the keys login and password + # -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and + # password must be located in keys named `login` and `password` respectively. existingSecret: streaming: port: 4000