testkube-cloud-secrets added (#33)

* testkube-cloud-secrets added * added the keys into one secrets * updated README.md * moved the configurations into testkube-cloud api and ui * some improvement * made some hardcodes to configurable options * doc update * conflict resolution
kubeshop · Sep 14, 2023 · 774dc11 · 774dc11
1 parent eb5d514
commit 774dc11
Show file tree

Hide file tree

Showing 12 changed files with 101 additions and 0 deletions.
diff --git a/charts/testkube-cloud-api/README.md b/charts/testkube-cloud-api/README.md
@@ -1,6 +1,10 @@
 # testkube-cloud-api
 
+<<<<<<< HEAD
+![Version: 1.14.7](https://img.shields.io/badge/Version-1.14.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.13](https://img.shields.io/badge/AppVersion-1.3.13-informational?style=flat-square)
+=======
 ![Version: 1.14.12](https://img.shields.io/badge/Version-1.14.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.14](https://img.shields.io/badge/AppVersion-1.3.14-informational?style=flat-square)
+>>>>>>> origin/develop
 
 A Helm chart for Testkube Cloud API
 
@@ -79,6 +83,10 @@ A Helm chart for Testkube Cloud API
 | autoscaling.minReplicas | int | `1` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | autoscaling.targetMemoryUtilizationPercentage | int | `80` |  |
+| externalSecrets.clusterSecretStoreName | string | `"secret-store"` |  |
+| externalSecrets.enabled | bool | `false` |  |
+| externalSecrets.keys | object | `{}` |  |
+| externalSecrets.refreshInterval | string | `"5m"` |  |
 | fullnameOverride | string | `""` |  |
 | global.certManager.issuerRef | string | `""` | Certificate Issuer ref (only used if `provider` is set to `cert-manager`) |
 | global.certificateProvider | string | `""` | TLS provider (possible values: "", "cert-manager") |

diff --git a/charts/testkube-cloud-api/templates/deployment.yaml b/charts/testkube-cloud-api/templates/deployment.yaml
@@ -277,6 +277,15 @@ spec:
             - name: {{ $k }}
               value: "{{ $v }}"
             {{- end}}
+            {{- if .Values.externalSecrets.enabled -}}
+            {{- range $key, $value := .Values.externalSecrets.keys }}
+            - name: {{ $value }}
+              valueFrom:
+                secretKeyRef:
+                  key: {{ $value }}
+                  name: api-external-secrets
+            {{ end }}
+            {{- end}}
           ports:
             - name: {{ if .Values.api.tls.serveHTTPS }}https{{ else }}http{{ end }}
               containerPort: {{ if .Values.api.tls.serveHTTPS }}{{ .Values.api.tls.apiPort }}{{ else }}8090{{ end }}

diff --git a/charts/testkube-cloud-api/templates/external-secret.yaml b/charts/testkube-cloud-api/templates/external-secret.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.externalSecrets.enabled -}}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: api-external-secrets
+spec:
+  data:
+{{- range $key, $value := .Values.externalSecrets.keys }}
+  - remoteRef:
+      key: {{ $value }}
+    secretKey: {{ $key }}
+{{ end }}
+  refreshInterval: {{ .Values.externalSecrets.refreshInterval }}
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: {{ .Values.externalSecrets.clusterSecretStoreName }}
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: api-external-secrets
+{{- end }}
diff --git a/charts/testkube-cloud-api/values.yaml b/charts/testkube-cloud-api/values.yaml
@@ -186,6 +186,12 @@ api:
     # -- Comma-separated list of allowed external redirect URIs (example: `https://cloud.testkube.xyz,http://localhost:3000`)
     allowedExternalRedirectURIs: ""
 
+externalSecrets:
+  enabled: false
+  refreshInterval: 5m
+  clusterSecretStoreName: secret-store
+  keys: {}
+
 serviceAccount:
   # -- Toggle whether to create a ServiceAccount resource
   create: false

diff --git a/charts/testkube-cloud-ui-1.13.39.tgz b/charts/testkube-cloud-ui-1.13.39.tgz
diff --git a/charts/testkube-cloud-ui/README.md b/charts/testkube-cloud-ui/README.md
@@ -1,6 +1,10 @@
 # testkube-cloud-ui
 
+<<<<<<< HEAD
+![Version: 1.14.8](https://img.shields.io/badge/Version-1.14.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.0-dev-d3d68fc](https://img.shields.io/badge/AppVersion-1.4.0--dev--d3d68fc-informational?style=flat-square)
+=======
 ![Version: 1.14.17](https://img.shields.io/badge/Version-1.14.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.0-dev-84e330b](https://img.shields.io/badge/AppVersion-1.4.0--dev--84e330b-informational?style=flat-square)
+>>>>>>> origin/develop
 
 A Helm chart for Testkube Cloud UI
 
@@ -26,6 +30,10 @@ A Helm chart for Testkube Cloud UI
 | autoscaling.minReplicas | int | `1` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | autoscaling.targetMemoryUtilizationPercentage | int | `80` |  |
+| externalSecrets.clusterSecretStoreName | string | `"secret-store"` |  |
+| externalSecrets.enabled | bool | `false` |  |
+| externalSecrets.keys | object | `{}` |  |
+| externalSecrets.refreshInterval | string | `"5m"` |  |
 | fullnameOverride | string | `""` |  |
 | global.certManager.issuerRef | string | `""` | Certificate Issuer ref (only used if `provider` is set to `cert-manager`) |
 | global.certificateProvider | string | `""` | TLS provider (possible values: "", "cert-manager") |

diff --git a/charts/testkube-cloud-ui/templates/deployment.yaml b/charts/testkube-cloud-ui/templates/deployment.yaml
@@ -60,6 +60,15 @@ spec:
             - name: REACT_APP_DISABLE_TELEMETRY
               value: "true"
             {{- end }}
+            {{- if .Values.externalSecrets.enabled -}}
+            {{- range $key, $value := .Values.externalSecrets.keys }}
+            - name: {{ $value }}
+              valueFrom:
+                secretKeyRef:
+                  key: {{ $value }}
+                  name: ui-external-secrets
+            {{ end }}
+            {{- end}}
           livenessProbe:
             httpGet:
               path: /

diff --git a/charts/testkube-cloud-ui/templates/external-secret.yaml b/charts/testkube-cloud-ui/templates/external-secret.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.externalSecrets.enabled -}}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ui-external-secrets
+spec:
+  data:
+{{- range $key, $value := .Values.externalSecrets.keys }}
+  - remoteRef:
+      key: {{ $value }}
+    secretKey: {{ $key }}
+{{ end }}
+  refreshInterval: {{ .Values.externalSecrets.refreshInterval }}
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: {{ .Values.externalSecrets.clusterSecretStoreName }}
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: ui-external-secrets
+{{- end }}
diff --git a/charts/testkube-cloud-ui/values.yaml b/charts/testkube-cloud-ui/values.yaml
@@ -53,6 +53,12 @@ ui:
   # -- Force disabling telemetry on the UI
   disableTelemetry: false
 
+externalSecrets:
+  enabled: false
+  refreshInterval: 5m
+  clusterSecretStoreName: secret-store 
+  keys: {}
+
 serviceAccount:
   # -- Toggle whether to create ServiceAccount resource
   create: false

diff --git a/charts/testkube-enterprise/README.md b/charts/testkube-enterprise/README.md
@@ -21,8 +21,13 @@ A Helm chart for Testkube Enterprise
 
 | Repository | Name | Version |
 |------------|------|---------|
+<<<<<<< HEAD
+| file://../testkube-cloud-api | testkube-cloud-api | 1.14.7 |
+| file://../testkube-cloud-ui | testkube-cloud-ui | 1.14.8 |
+=======
 | file://../testkube-cloud-api | testkube-cloud-api | 1.14.12 |
 | file://../testkube-cloud-ui | testkube-cloud-ui | 1.14.17 |
+>>>>>>> origin/develop
 | https://charts.bitnami.com/bitnami | common | 2.2.5 |
 | https://charts.bitnami.com/bitnami | mongodb | 13.10.2 |
 | https://charts.dexidp.io | dex | 0.14.1 |
@@ -124,7 +129,11 @@ A Helm chart for Testkube Enterprise
 | testkube-cloud-api.api.tls.tlsSecret | string | `"testkube-enterprise-api-tls"` |  |
 | testkube-cloud-api.fullnameOverride | string | `"testkube-enterprise-api"` |  |
 | testkube-cloud-api.image.repository | string | `"testkubeenterprise/testkube-enterprise-api"` |  |
+<<<<<<< HEAD
+| testkube-cloud-api.image.tag | string | `"1.3.13"` |  |
+=======
 | testkube-cloud-api.image.tag | string | `"1.3.14"` |  |
+>>>>>>> origin/develop
 | testkube-cloud-api.ingress | string | `nil` |  |
 | testkube-cloud-api.minio.accessModes | list | `["ReadWriteOnce"]` | PVC Access Modes for Minio. The volume is mounted as read-write by a single node. |
 | testkube-cloud-api.minio.affinity | object | `{}` | Affinity for pod assignment. |
@@ -147,7 +156,11 @@ A Helm chart for Testkube Enterprise
 | testkube-cloud-api.prometheus.enabled | bool | `true` |  |
 | testkube-cloud-ui.fullnameOverride | string | `"testkube-enterprise-ui"` |  |
 | testkube-cloud-ui.image.repository | string | `"testkubeenterprise/testkube-enterprise-ui"` |  |
+<<<<<<< HEAD
+| testkube-cloud-ui.image.tag | string | `"1.4.0-dev-d3d68fc"` |  |
+=======
 | testkube-cloud-ui.image.tag | string | `"1.4.0-dev-84e330b"` |  |
+>>>>>>> origin/develop
 | testkube-cloud-ui.ingress.tlsSecretName | string | `"testkube-enterprise-ui-tls"` | Name of the TLS secret which contains the certificate files |
 
 ----------------------------------------------

diff --git a/charts/testkube-enterprise/charts/testkube-cloud-api-1.14.18.tgz b/charts/testkube-enterprise/charts/testkube-cloud-api-1.14.18.tgz
diff --git a/charts/testkube-enterprise/charts/testkube-cloud-ui-1.14.17.tgz b/charts/testkube-enterprise/charts/testkube-cloud-ui-1.14.17.tgz