From 86f989e405e7112a38ad21f88d569cf4dfb8fec9 Mon Sep 17 00:00:00 2001 From: Nicolas Date: Mon, 18 Aug 2025 17:44:17 +0800 Subject: [PATCH] The production environment of the authentication service also fully supports AKV. --- .../authentication/authentication-config.yaml | 2 -- .../templates/authentication/deployment.yaml | 4 ++++ .../helm-pkg/authentication/values.prod.yaml | 19 +++++++++++++++++-- freeleaps/helm-pkg/authentication/values.yaml | 18 ++++++++++++++++++ 4 files changed, 39 insertions(+), 4 deletions(-) diff --git a/freeleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml b/freeleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml index 688f65ca..afeb2257 100644 --- a/freeleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml +++ b/freeleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml @@ -9,13 +9,11 @@ data: APP_NAME: {{ .Values.authentication.configs.appName | b64enc | quote }} DEVSVC_WEBAPI_URL_BASE: {{ .Values.authentication.configs.devsvcWebapiUrlBase | b64enc | quote }} NOTIFICATION_WEBAPI_URL_BASE: {{ .Values.authentication.configs.notificationWebapiUrlBase | b64enc | quote }} - JWT_SECRET_KEY: {{ .Values.authentication.configs.jwtSecretKey | b64enc | quote }} JWT_ALGORITHM: {{ .Values.authentication.configs.jwtAlgorithm | b64enc | quote }} SERVICE_API_ACCESS_HOST: {{ .Values.authentication.configs.serviceApiAccessHost | b64enc | quote }} SERVICE_API_ACCESS_PORT: {{ .Values.authentication.configs.serviceApiAccessPort | toString | b64enc }} MONGODB_NAME: {{ .Values.authentication.configs.mongodbName | b64enc | quote }} MONGODB_PORT: {{ .Values.authentication.configs.mongodbPort | toString | b64enc }} - MONGODB_URI: {{ .Values.authentication.configs.mongodbUri | b64enc | quote }} METRICS_ENABLED: {{ .Values.authentication.configs.metricsEnabled | default false | toString | b64enc }} PROBES_ENABLED: {{ .Values.authentication.configs.probesEnabled | default false | toString | b64enc }} \ No newline at end of file diff --git a/freeleaps/helm-pkg/authentication/templates/authentication/deployment.yaml b/freeleaps/helm-pkg/authentication/templates/authentication/deployment.yaml index 214924f8..7207d492 100644 --- a/freeleaps/helm-pkg/authentication/templates/authentication/deployment.yaml +++ b/freeleaps/helm-pkg/authentication/templates/authentication/deployment.yaml @@ -100,13 +100,16 @@ spec: {{- end}} env: {{- range $key, $value := .Values.authentication.configs }} + {{- if not (or (eq $key "jwtSecretKey") (eq $key "mongodbUri")) }} - name: {{ $key | snakecase | upper }} valueFrom: secretKeyRef: name: authentication-config key: {{ $key | snakecase | upper }} {{- end }} + {{- end }} # inject from secret created by FreeleapsSecret object + {{- if .Values.authentication.secrets }} {{ $targetSecretName := .Values.authentication.secrets.target.name }} {{- range .Values.authentication.secrets.data }} - name: {{ .key | snakecase | upper }} @@ -115,6 +118,7 @@ spec: name: {{ $targetSecretName }} key: {{ .key }} {{- end }} + {{- end }} {{- if .Values.logIngest.enabled }} volumeMounts: - name: app-logs diff --git a/freeleaps/helm-pkg/authentication/values.prod.yaml b/freeleaps/helm-pkg/authentication/values.prod.yaml index 68d37014..cf290612 100644 --- a/freeleaps/helm-pkg/authentication/values.prod.yaml +++ b/freeleaps/helm-pkg/authentication/values.prod.yaml @@ -66,15 +66,30 @@ authentication: appName: authentication devsvcWebapiUrlBase: http://devsvc-service.freeleaps-prod.svc.freeleaps.cluster:8007/api/devsvc/ notificationWebapiUrlBase: http://notification-service.freeleaps-prod.svc.freeleaps.cluster:8003/api/notification/ - jwtSecretKey: ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0 jwtAlgorithm: HS256 serviceApiAccessHost: 0.0.0.0 serviceApiAccessPort: 8004 mongodbName: freeleaps2 mongodbPort: 27017 - mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority metricsEnabled: 'true' probesEnabled: 'true' + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: "freeleaps-authentication-prod-secrets" + creationPolicy: "Owner" + refreshInterval: 30s + data: + - key: jwtSecretKey + remoteRef: + key: "freeleaps-prod-jwt-secret-key" + type: Secret + - key: mongodbUri + remoteRef: + key: "freeleaps-prod-mongodb-uri" + type: Secret vpa: minAllowed: enabled: true diff --git a/freeleaps/helm-pkg/authentication/values.yaml b/freeleaps/helm-pkg/authentication/values.yaml index 1a5b9910..62fdc64b 100644 --- a/freeleaps/helm-pkg/authentication/values.yaml +++ b/freeleaps/helm-pkg/authentication/values.yaml @@ -84,6 +84,24 @@ authentication: metricsEnabled: "false" # PROBES_ENABLED probesEnabled: "false" + # AKV secrets configuration + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: "freeleaps-authentication-secrets" + creationPolicy: "Owner" + refreshInterval: 30s + data: + - key: jwtSecretKey + remoteRef: + key: "freeleaps-jwt-secret-key" + type: Secret + - key: mongodbUri + remoteRef: + key: "freeleaps-mongodb-uri" + type: Secret vpa: minAllowed: enabled: false