From fc3f27edeb314f5e62510af42d3d45e6c3b74af8 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 21 Jan 2021 17:54:03 +0100 Subject: [PATCH] ci: let helm diff show secrets --- .github/workflows/test-chart.yaml | 1 + .../templates/hub/_helpers-passwords.tpl | 24 +++++++------------ jupyterhub/templates/hub/secret.yaml | 6 ++--- 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 191a53ef60..5f267f5dbf 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -196,6 +196,7 @@ jobs: echo helm diff upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml \ + --show-secrets \ --context=3 \ --post-renderer=ci/string-replacer.sh diff --git a/jupyterhub/templates/hub/_helpers-passwords.tpl b/jupyterhub/templates/hub/_helpers-passwords.tpl index 89877b9284..893c4c56ff 100644 --- a/jupyterhub/templates/hub/_helpers-passwords.tpl +++ b/jupyterhub/templates/hub/_helpers-passwords.tpl @@ -10,11 +10,9 @@ {{- if .Values.proxy.secretToken }} {{- .Values.proxy.secretToken }} {{- else }} - {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace "hub-secret" }} - {{- if $k8s_state }} - {{- with index $k8s_state "JupyterHub.proxy_auth_token" }} - {{- . }} - {{- end }} + {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub-secret.fullname" .) | default dict }} + {{- if and $k8s_state (hasKey $k8s_state "JupyterHub.proxy_auth_token") }} + {{- index $k8s_state "JupyterHub.proxy_auth_token" }} {{- else }} {{- randNumeric 32 }} {{- end }} @@ -25,11 +23,9 @@ {{- if .Values.hub.cookieSecret }} {{- .Values.hub.cookieSecret }} {{- else }} - {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace "hub-secret" }} - {{- if $k8s_state }} - {{- with index $k8s_state "JupyterHub.cookie_secret" }} - {{- . }} - {{- end }} + {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub-secret.fullname" .) | default dict }} + {{- if and $k8s_state (hasKey $k8s_state "JupyterHub.cookie_secret") }} + {{- index $k8s_state "JupyterHub.cookie_secret" }} {{- else }} {{- randNumeric 32 }} {{- end }} @@ -40,11 +36,9 @@ {{- if .Values.hub.config.CryptKeeper }} {{- .Values.hub.config.CryptKeeper.keys | join ";" }} {{- else }} - {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace "hub-secret" }} - {{- if $k8s_state }} - {{- with index $k8s_state "CryptKeeper.keys" }} - {{- . }} - {{- end }} + {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub-secret.fullname" .) | default dict }} + {{- if and $k8s_state (hasKey $k8s_state "CryptKeeper.keys") }} + {{- index $k8s_state "CryptKeeper.keys" }} {{- else }} {{- randNumeric 32 }} {{- end }} diff --git a/jupyterhub/templates/hub/secret.yaml b/jupyterhub/templates/hub/secret.yaml index 47ed21f9eb..7a82e9694f 100644 --- a/jupyterhub/templates/hub/secret.yaml +++ b/jupyterhub/templates/hub/secret.yaml @@ -16,9 +16,9 @@ data: values.yaml: {{ $values | toYaml | b64enc | quote }} # Used to mount CONFIGPROXY_AUTH_TOKEN on hub/proxy pods for mutual trust - JupyterHub.proxy_auth_token: {{ include "jupyterhub.config.JupyterHub.proxy_auth_token" . | required "assert hack" | b64enc | quote }} - JupyterHub.cookie_secret: {{ include "jupyterhub.config.JupyterHub.cookie_secret" . | required "assert hack" | b64enc | quote }} - CryptKeeper.keys: {{ include "jupyterhub.config.CryptKeeper.keys" . | required "assert hack" | b64enc | quote }} + JupyterHub.proxy_auth_token: {{ include "jupyterhub.config.JupyterHub.proxy_auth_token" . | required "assert hack 1" | b64enc | quote }} + JupyterHub.cookie_secret: {{ include "jupyterhub.config.JupyterHub.cookie_secret" . | required "assert hack 2" | b64enc | quote }} + CryptKeeper.keys: {{ include "jupyterhub.config.CryptKeeper.keys" . | required "assert hack 3" | b64enc | quote }} {{- with .Values.hub.db.password }} # Used to mount MYSQL_PWD or PGPASSWORD on hub pod