Merge pull request 'feat(chat): migrate alpha and prod environments to use Azure Key Vault for sensitive data' (#68) from Nicolas_local_ops into master
Reviewed-on: https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-ops/pulls/68
This commit is contained in:
commit
1ca577884c
@ -10,19 +10,13 @@ data:
|
|||||||
SERVICE_API_ACCESS_HOST: {{ .Values.chat.configs.serviceApiAccessHost | b64enc | quote }}
|
SERVICE_API_ACCESS_HOST: {{ .Values.chat.configs.serviceApiAccessHost | b64enc | quote }}
|
||||||
SERVICE_API_ACCESS_PORT: {{ .Values.chat.configs.serviceApiAccessPort | toString | b64enc }}
|
SERVICE_API_ACCESS_PORT: {{ .Values.chat.configs.serviceApiAccessPort | toString | b64enc }}
|
||||||
MONGODB_NAME: {{ .Values.chat.configs.mongodbName | b64enc | quote }}
|
MONGODB_NAME: {{ .Values.chat.configs.mongodbName | b64enc | quote }}
|
||||||
MONGODB_URI: {{ .Values.chat.configs.mongodbUri | b64enc | quote }}
|
|
||||||
MONGODB_PORT: {{ .Values.chat.configs.mongodbPort | toString | b64enc }}
|
MONGODB_PORT: {{ .Values.chat.configs.mongodbPort | toString | b64enc }}
|
||||||
EMAIL_FROM: {{ .Values.chat.configs.emailFrom | b64enc | quote }}
|
EMAIL_FROM: {{ .Values.chat.configs.emailFrom | b64enc | quote }}
|
||||||
SITE_URL_ROOT: {{ .Values.chat.configs.siteUrlRoot | b64enc | quote }}
|
SITE_URL_ROOT: {{ .Values.chat.configs.siteUrlRoot | b64enc | quote }}
|
||||||
JWT_SECRET_KEY: {{ .Values.chat.configs.jwtSecretKey | b64enc | quote }}
|
|
||||||
JWT_ALGORITHM: {{ .Values.chat.configs.jwtAlgorithm | b64enc | quote }}
|
JWT_ALGORITHM: {{ .Values.chat.configs.jwtAlgorithm | b64enc | quote }}
|
||||||
STRIPE_API_KEY: {{ .Values.chat.configs.stripeApiKey | b64enc | quote }}
|
|
||||||
STRIPE_WEBHOOK_SECRET: {{ .Values.chat.configs.stripeWebhookSecret | b64enc | quote }}
|
|
||||||
STRIPE_ACCOUNT_WEBHOOK_SECRET: {{ .Values.chat.configs.stripeAccountWebhookSecret | b64enc | quote }}
|
|
||||||
RABBITMQ_HOST: {{ .Values.chat.configs.rabbitmqHost | b64enc | quote }}
|
RABBITMQ_HOST: {{ .Values.chat.configs.rabbitmqHost | b64enc | quote }}
|
||||||
RABBITMQ_PORT: {{ .Values.chat.configs.rabbitmqPort | toString | b64enc }}
|
RABBITMQ_PORT: {{ .Values.chat.configs.rabbitmqPort | toString | b64enc }}
|
||||||
RABBITMQ_USERNAME: {{ .Values.chat.configs.rabbitmqUsername | b64enc | quote }}
|
RABBITMQ_USERNAME: {{ .Values.chat.configs.rabbitmqUsername | b64enc | quote }}
|
||||||
RABBITMQ_PASSWORD: {{ .Values.chat.configs.rabbitmqPassword | b64enc | quote }}
|
|
||||||
FREELEAPS_DEVSVC_ENDPOINT: {{ .Values.chat.configs.freeleapsDevsvcEndpoint | b64enc | quote }}
|
FREELEAPS_DEVSVC_ENDPOINT: {{ .Values.chat.configs.freeleapsDevsvcEndpoint | b64enc | quote }}
|
||||||
FREELEAPS_CONTENT_ENDPOINT: {{ .Values.chat.configs.freeleapsContentEndpoint | b64enc | quote }}
|
FREELEAPS_CONTENT_ENDPOINT: {{ .Values.chat.configs.freeleapsContentEndpoint | b64enc | quote }}
|
||||||
FREELEAPS_CENTRAL_STORAGE_ENDPOINT: {{ .Values.chat.configs.freeleapsCentralStorageEndpoint | b64enc | quote }}
|
FREELEAPS_CENTRAL_STORAGE_ENDPOINT: {{ .Values.chat.configs.freeleapsCentralStorageEndpoint | b64enc | quote }}
|
||||||
@ -32,7 +26,6 @@ data:
|
|||||||
FREELEAPS_NOTIFICATION_ENDPOINT: {{ .Values.chat.configs.freeleapsNotificationEndpoint | b64enc | quote }}
|
FREELEAPS_NOTIFICATION_ENDPOINT: {{ .Values.chat.configs.freeleapsNotificationEndpoint | b64enc | quote }}
|
||||||
FREELEAPS_ENV: {{ .Values.chat.configs.freeleapsEnv | b64enc | quote }}
|
FREELEAPS_ENV: {{ .Values.chat.configs.freeleapsEnv | b64enc | quote }}
|
||||||
CERT_PATH: {{ .Values.chat.configs.certPath | b64enc | quote }}
|
CERT_PATH: {{ .Values.chat.configs.certPath | b64enc | quote }}
|
||||||
REDIS_URL: {{ .Values.chat.configs.redisUrl | b64enc | quote }}
|
|
||||||
REDIS_IS_CLUSTER: {{ .Values.chat.configs.redisIsCluster | b64enc | quote }}
|
REDIS_IS_CLUSTER: {{ .Values.chat.configs.redisIsCluster | b64enc | quote }}
|
||||||
METRICS_ENABLED: {{ .Values.chat.configs.metricsEnabled | default false | toString | b64enc }}
|
METRICS_ENABLED: {{ .Values.chat.configs.metricsEnabled | default false | toString | b64enc }}
|
||||||
PROBES_ENABLED: {{ .Values.chat.configs.probesEnabled | default false | toString | b64enc }}
|
PROBES_ENABLED: {{ .Values.chat.configs.probesEnabled | default false | toString | b64enc }}
|
||||||
@ -109,6 +109,16 @@ spec:
|
|||||||
name: chat-config
|
name: chat-config
|
||||||
key: {{ $key | snakecase | upper }}
|
key: {{ $key | snakecase | upper }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.chat.secrets }}
|
||||||
|
{{ $targetSecretName := .Values.chat.secrets.target.name }}
|
||||||
|
{{- range .Values.chat.secrets.data }}
|
||||||
|
- name: {{ .key | snakecase | upper }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ $targetSecretName }}
|
||||||
|
key: {{ .key }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.logIngest.enabled }}
|
{{- if .Values.logIngest.enabled }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: app-logs
|
- name: app-logs
|
||||||
|
|||||||
20
freeleaps/helm-pkg/chat/templates/chat/freeleapssecret.yaml
Normal file
20
freeleaps/helm-pkg/chat/templates/chat/freeleapssecret.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
apiVersion: freeleaps.com/v1alpha1
|
||||||
|
kind: FreeleapsSecret
|
||||||
|
metadata:
|
||||||
|
name: freeleaps-chat-alpha-secrets
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: {{ .Values.chat.secrets.secretStoreRef.kind }}
|
||||||
|
name: {{ .Values.chat.secrets.secretStoreRef.name }}
|
||||||
|
target:
|
||||||
|
name: {{ .Values.chat.secrets.target.name }}
|
||||||
|
creationPolicy: {{ .Values.chat.secrets.target.creationPolicy }}
|
||||||
|
refreshInterval: {{ .Values.chat.secrets.refreshInterval }}
|
||||||
|
data:
|
||||||
|
{{- range .Values.chat.secrets.data }}
|
||||||
|
- secretKey: {{ .key }}
|
||||||
|
remoteRef:
|
||||||
|
key: {{ .remoteRef.key }}
|
||||||
|
type: {{ .remoteRef.type }}
|
||||||
|
{{- end }}
|
||||||
@ -82,19 +82,13 @@ chat:
|
|||||||
serviceApiAccessHost: 0.0.0.0
|
serviceApiAccessHost: 0.0.0.0
|
||||||
serviceApiAccessPort: 8012
|
serviceApiAccessPort: 8012
|
||||||
mongodbName: freeleaps2
|
mongodbName: freeleaps2
|
||||||
mongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/
|
|
||||||
mongodbPort: 27017
|
mongodbPort: 27017
|
||||||
emailFrom: freeleaps@freeleaps.com
|
emailFrom: freeleaps@freeleaps.com
|
||||||
siteUrlRoot: https://freeleaps-alpha.com
|
siteUrlRoot: https://freeleaps-alpha.com
|
||||||
jwtSecretKey: 8f87ca8c3c9c3df09a9c78e0adb0927855568f6072d9efc892534aee35f5867b
|
|
||||||
jwtAlgorithm: HS256
|
jwtAlgorithm: HS256
|
||||||
stripeApiKey: sk_test_51Ogsw5B0IyqaSJBrwczlr820jnmvA1qQQGoLZ2XxOsIzikpmXo4pRLjw4XVMTEBR8DdVTYySiAv1XX53Zv5xqynF00GfMqttFd
|
|
||||||
stripeWebhookSecret: whsec_hUbnahlGtAvN2yckBk45a236LmrODOdm
|
|
||||||
stripeAccountWebhookSecret: whsec_PgPnkWGhEUiQfnV8aIb5Wmruz7XETJLm
|
|
||||||
rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster
|
rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster
|
||||||
rabbitmqPort: 5672
|
rabbitmqPort: 5672
|
||||||
rabbitmqUsername: user
|
rabbitmqUsername: user
|
||||||
rabbitmqPassword: NjlhHFvnDuC7K0ir
|
|
||||||
freeleapsDevsvcEndpoint: http://devsvc-service.freeleaps-alpha.svc.freeleaps.cluster:8007/api/devsvc/
|
freeleapsDevsvcEndpoint: http://devsvc-service.freeleaps-alpha.svc.freeleaps.cluster:8007/api/devsvc/
|
||||||
freeleapsContentEndpoint: http://content-service.freeleaps-alpha.svc.freeleaps.cluster:8013/api/content/
|
freeleapsContentEndpoint: http://content-service.freeleaps-alpha.svc.freeleaps.cluster:8013/api/content/
|
||||||
freeleapsCentralStorageEndpoint: http://central-storage-service.freeleaps-alpha.svc.freeleaps.cluster:8005/api/central_storage/
|
freeleapsCentralStorageEndpoint: http://central-storage-service.freeleaps-alpha.svc.freeleaps.cluster:8005/api/central_storage/
|
||||||
@ -104,10 +98,47 @@ chat:
|
|||||||
freeleapsAilabEndpoint: ''
|
freeleapsAilabEndpoint: ''
|
||||||
freeleapsEnv: alpha
|
freeleapsEnv: alpha
|
||||||
certPath: ''
|
certPath: ''
|
||||||
redisUrl: redis://:4sTqfZvUwR@freeleaps-alpha-redis-headless.freeleaps-alpha.svc.freeleaps.cluster:6379
|
|
||||||
redisIsCluster: 'false'
|
redisIsCluster: 'false'
|
||||||
metricsEnabled: 'true'
|
metricsEnabled: 'true'
|
||||||
probesEnabled: 'true'
|
probesEnabled: 'true'
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: FreeleapsSecretStore
|
||||||
|
name: freeleaps-main-secret-store
|
||||||
|
target:
|
||||||
|
name: "freeleaps-chat-alpha-secrets"
|
||||||
|
creationPolicy: "Owner"
|
||||||
|
refreshInterval: 30s
|
||||||
|
data:
|
||||||
|
- key: mongodbUri
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-mongodb-uri"
|
||||||
|
type: Secret
|
||||||
|
- key: jwtSecretKey
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-jwt-secret-key"
|
||||||
|
type: Secret
|
||||||
|
- key: stripeApiKey
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-stripe-api-key"
|
||||||
|
type: Secret
|
||||||
|
- key: stripeWebhookSecret
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-stripe-webhook-secret"
|
||||||
|
type: Secret
|
||||||
|
- key: stripeAccountWebhookSecret
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-stripe-account-webhook-secret"
|
||||||
|
type: Secret
|
||||||
|
- key: rabbitmqPassword
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-rabbitmq-password"
|
||||||
|
type: Secret
|
||||||
|
- key: redisUrl
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-redis-url"
|
||||||
|
type: Secret
|
||||||
vpa:
|
vpa:
|
||||||
minAllowed:
|
minAllowed:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
@ -74,18 +74,12 @@ chat:
|
|||||||
serviceApiAccessPort: 8012
|
serviceApiAccessPort: 8012
|
||||||
mongodbName: freeleaps2
|
mongodbName: freeleaps2
|
||||||
mongodbPort: 27017
|
mongodbPort: 27017
|
||||||
mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority
|
|
||||||
emailFrom: freeleaps@freeleaps.com
|
emailFrom: freeleaps@freeleaps.com
|
||||||
siteUrlRoot: https://freeleaps.com
|
siteUrlRoot: https://freeleaps.com
|
||||||
jwtSecretKey: ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0
|
|
||||||
jwtAlgorithm: HS256
|
jwtAlgorithm: HS256
|
||||||
stripeApiKey: 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
|
|
||||||
stripeWebhookSecret: whsec_yWObkdtJTP4FOrmN2vPNEAv0EBGXbU3n
|
|
||||||
stripeAccountWebhookSecret: whsec_cFhia4hz65OQLdhv26LZAAmjoBc6WNgg
|
|
||||||
rabbitmqHost: freeleaps-prod-rabbitmq-headless.freeleaps-prod.svc.freeleaps.cluster
|
rabbitmqHost: freeleaps-prod-rabbitmq-headless.freeleaps-prod.svc.freeleaps.cluster
|
||||||
rabbitmqPort: 5672
|
rabbitmqPort: 5672
|
||||||
rabbitmqUsername: user
|
rabbitmqUsername: user
|
||||||
rabbitmqPassword: D3b0HKz71T0OcYF8
|
|
||||||
freeleapsDevsvcEndpoint: http://devsvc-service.freeleaps-prod.svc.freeleaps.cluster:8007/api/devsvc/
|
freeleapsDevsvcEndpoint: http://devsvc-service.freeleaps-prod.svc.freeleaps.cluster:8007/api/devsvc/
|
||||||
freeleapsContentEndpoint: http://content-service.freeleaps-prod.svc.freeleaps.cluster:8013/api/content/
|
freeleapsContentEndpoint: http://content-service.freeleaps-prod.svc.freeleaps.cluster:8013/api/content/
|
||||||
freeleapsCentralStorageEndpoint: http://central-storage-service.freeleaps-prod.svc.freeleaps.cluster:8005/api/central_storage/
|
freeleapsCentralStorageEndpoint: http://central-storage-service.freeleaps-prod.svc.freeleaps.cluster:8005/api/central_storage/
|
||||||
@ -95,10 +89,46 @@ chat:
|
|||||||
freeleapsAilabEndpoint: ''
|
freeleapsAilabEndpoint: ''
|
||||||
freeleapsEnv: chat
|
freeleapsEnv: chat
|
||||||
certPath: ''
|
certPath: ''
|
||||||
redisUrl: redis://:izrZtCmYk8@freeleaps-prod-redis-redis-cluster-headless.freeleaps-prod.svc.freeleaps.cluster:6379/0
|
|
||||||
redisIsCluster: 'true'
|
redisIsCluster: 'true'
|
||||||
metricsEnabled: 'false'
|
metricsEnabled: 'false'
|
||||||
probesEnabled: 'true'
|
probesEnabled: 'true'
|
||||||
|
secrets:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: FreeleapsSecretStore
|
||||||
|
name: freeleaps-main-secret-store
|
||||||
|
target:
|
||||||
|
name: "freeleaps-chat-prod-secrets"
|
||||||
|
creationPolicy: "Owner"
|
||||||
|
refreshInterval: 30s
|
||||||
|
data:
|
||||||
|
- key: mongodbUri
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-prod-mongodb-uri"
|
||||||
|
type: Secret
|
||||||
|
- key: jwtSecretKey
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-prod-jwt-secret-key"
|
||||||
|
type: Secret
|
||||||
|
- key: stripeApiKey
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-prod-stripe-api-key"
|
||||||
|
type: Secret
|
||||||
|
- key: stripeWebhookSecret
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-prod-stripe-webhook-secret"
|
||||||
|
type: Secret
|
||||||
|
- key: stripeAccountWebhookSecret
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-prod-stripe-account-webhook-secret"
|
||||||
|
type: Secret
|
||||||
|
- key: rabbitmqPassword
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-prod-rabbitmq-password"
|
||||||
|
type: Secret
|
||||||
|
- key: redisUrl
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-prod-redis-url"
|
||||||
|
type: Secret
|
||||||
vpa:
|
vpa:
|
||||||
minAllowed:
|
minAllowed:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@ -126,6 +126,44 @@ chat:
|
|||||||
metricsEnabled: "false"
|
metricsEnabled: "false"
|
||||||
# PROBES_ENABLED
|
# PROBES_ENABLED
|
||||||
probesEnabled: "true"
|
probesEnabled: "true"
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: FreeleapsSecretStore
|
||||||
|
name: freeleaps-main-secret-store
|
||||||
|
target:
|
||||||
|
name: "freeleaps-chat-secrets"
|
||||||
|
creationPolicy: "Owner"
|
||||||
|
refreshInterval: 30s
|
||||||
|
data:
|
||||||
|
- key: mongodbUri
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-mongodb-uri"
|
||||||
|
type: Secret
|
||||||
|
- key: jwtSecretKey
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-jwt-secret-key"
|
||||||
|
type: Secret
|
||||||
|
- key: stripeApiKey
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-stripe-api-key"
|
||||||
|
type: Secret
|
||||||
|
- key: stripeWebhookSecret
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-stripe-webhook-secret"
|
||||||
|
type: Secret
|
||||||
|
- key: stripeAccountWebhookSecret
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-stripe-account-webhook-secret"
|
||||||
|
type: Secret
|
||||||
|
- key: rabbitmqPassword
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-rabbitmq-password"
|
||||||
|
type: Secret
|
||||||
|
- key: redisUrl
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-redis-url"
|
||||||
|
type: Secret
|
||||||
vpa:
|
vpa:
|
||||||
minAllowed:
|
minAllowed:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user