make env-config.js a secret

Signed-off-by: André Bauer <andre.bauer@staffbase.com>
kokuwaio · Jun 27, 2024 · 9c71428 · 9c71428
1 parent 96f6732
commit 9c71428
Show file tree

Hide file tree

Showing 8 changed files with 47 additions and 23 deletions.
diff --git a/charts/visual-regression-tracker/Chart.yaml b/charts/visual-regression-tracker/Chart.yaml
@@ -6,7 +6,7 @@ sources:
   - https://github.com/Visual-Regression-Tracker/Visual-Regression-Tracker
   - https://github.com/kokuwaio/helm-charts/tree/main/charts/visual-regression-tracker
 type: application
-version: 4.0.2
+version: 4.1.0
 appVersion: "5.0.4"
 maintainers:
   - name: monotek

diff --git a/charts/visual-regression-tracker/files/env-config.js b/charts/visual-regression-tracker/files/env-config.js
@@ -0,0 +1,5 @@
+window._env_ = {
+    REACT_APP_API_URL: "{{ .Values.vrtConfig.reactAppApi.protocol }}://{{ .Values.authProxy.basicAuth.username }}:{{ .Values.authProxy.basicAuth.password }}@{{ .Values.vrtConfig.reactAppApi.url }}",
+    PORT: "{{ .Values.vrtComponents.ui.service.port }}",
+    VRT_VERSION: "{{ .Chart.AppVersion }}",
+}
diff --git a/charts/visual-regression-tracker/templates/_helpers.tpl b/charts/visual-regression-tracker/templates/_helpers.tpl
@@ -105,7 +105,6 @@ vrt secret name
 {{- end -}}
 {{- end -}}
 
-
 {{/*
 vrt auth proxy secret name
 */}}
@@ -116,3 +115,14 @@ vrt auth proxy secret name
 {{ template "visual-regression-tracker.fullname" . }}-{{ .Values.secrets.authProxy.secretName }}
 {{- end -}}
 {{- end -}}
+
+{{/*
+vrt env secret name
+*/}}
+{{- define "visual-regression-tracker.envSecretName" -}}
+{{- if .Values.secrets.envConfig.useExisting -}}
+{{ .Values.secrets.envConfig.secretName }}
+{{- else -}}
+{{ template "visual-regression-tracker.fullname" . }}-{{ .Values.secrets.envConfig.secretName }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/visual-regression-tracker/templates/auth-proxy-deployment.yaml b/charts/visual-regression-tracker/templates/auth-proxy-deployment.yaml
@@ -37,9 +37,9 @@ spec:
             - -c
             - /tmp/htpass
             - {{ .Values.authProxy.basicAuth.username }}
-            - $(AUTH_SECRET)
+            - $(BASIC_AUTH_SECRET)
           env:
-            - name: AUTH_SECRET
+            - name: BASIC_AUTH_SECRET
               valueFrom:
                 secretKeyRef:
                   name: {{ template "visual-regression-tracker.authProxySecretName" . }}

diff --git a/charts/visual-regression-tracker/templates/configmap.yaml b/charts/visual-regression-tracker/templates/configmap.yaml
@@ -9,9 +9,3 @@ data:
     #!/bin/sh
     # dummy file which replaces env-config.js creation to be able to use rofs
     cat env-config.js
-  env-config.js: |
-    window._env_ = {
-        REACT_APP_API_URL: "{{ .Values.vrtConfig.reactAppApiUrl }}",
-        PORT: "{{ .Values.vrtComponents.ui.service.port }}",
-        VRT_VERSION: "{{ .Chart.AppVersion }}",
-    }
diff --git a/charts/visual-regression-tracker/templates/secrets.yaml b/charts/visual-regression-tracker/templates/secrets.yaml
@@ -1,3 +1,13 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "visual-regression-tracker.envSecretName" . }}
+  labels:
+    {{- include "visual-regression-tracker.labels" . | nindent 4 }}
+type: Opaque
+data:
+  env-config.js: {{ tpl (.Files.Get "files/env-config.js") $ | b64enc }}
 {{ if and .Values.vrtConfig.elasticsearch.pass (not .Values.secrets.elasticsearch.useExisting) }}
 ---
 apiVersion: v1
@@ -46,3 +56,15 @@ type: Opaque
 data:
   {{ .Values.secrets.defaults.secretKey }}: {{ tpl (.Files.Get "files/seed.ts") $ | b64enc }}
 {{ end }}
+{{ if and (or .Values.authProxy.basicAuth.username .Values.authProxy.basicAuth.password) (not .Values.secrets.envConfig.useExisting) }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "visual-regression-tracker.envSecretName" . }}
+  labels:
+    {{- include "visual-regression-tracker.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{ .Values.secrets.envConfig.secretKey }}: {{ tpl (.Files.Get "files/env-config.js") $ | b64enc }}
+{{ end }}
diff --git a/charts/visual-regression-tracker/templates/statefulset.yaml b/charts/visual-regression-tracker/templates/statefulset.yaml
@@ -120,16 +120,6 @@ spec:
             - name: {{ template "visual-regression-tracker.fullname" . }}
               mountPath: /imageUploads
         - name: {{ .Chart.Name }}-ui
-          env:
-            - name: BASIC_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "visual-regression-tracker.authProxySecretName" . }}
-                  key: {{ .Values.secrets.authProxy.secretKey }}
-            - name: REACT_APP_API_URL
-              value: "{{ .Values.vrtConfig.reactAppApi.protocol }}://{{ .Values.authProxy.basicAuth.username }}:$(BASIC_AUTH_PASSWORD)@{{ .Values.vrtConfig.reactAppApi.url }}"
-            - name: VRT_VERSION
-              value: "{{ .Chart.AppVersion }}"
           image: "{{ .Values.vrtComponents.ui.image.repository }}:{{ .Values.vrtComponents.ui.image.tag }}"
           imagePullPolicy: {{ .Values.vrtComponents.ui.image.pullPolicy }}
           ports:
@@ -180,9 +170,8 @@ spec:
       {{- end }}
       volumes:
         - name: env-config
-          configMap:
-            name: {{ include "visual-regression-tracker.fullname" . }}-env-config
-            defaultMode: 0777
+          secret:
+            secretName: {{ include "visual-regression-tracker.fullname" . }}-env-config
         - name: tmp
           {{- toYaml .Values.vrtComponents.ui.tmpDirVolume | nindent 10 }}
         - name: vrt

diff --git a/charts/visual-regression-tracker/values.yaml b/charts/visual-regression-tracker/values.yaml
@@ -264,6 +264,10 @@ secrets:
     useExisting: false
     secretKey: seed.ts
     secretName: vrt
+  envConfig:
+    useExisting: false
+    secretKey: env-config.js
+    secretName: env-config
   elasticsearch:
     useExisting: false
     secretKey: es-pass