From b7908d16921d47004c10db2946150544a5b95010 Mon Sep 17 00:00:00 2001 From: zhenyus Date: Mon, 18 Aug 2025 21:41:21 +0800 Subject: [PATCH] Refactor configuration files to remove unused fields and add AKV secret management for payment service Signed-off-by: zhenyus --- freeleaps/helm-pkg/authentication/values.yaml | 4 ---- freeleaps/helm-pkg/centralStorage/values.yaml | 6 ------ freeleaps/helm-pkg/chat/values.alpha.yaml | 1 - freeleaps/helm-pkg/chat/values.yaml | 12 ----------- freeleaps/helm-pkg/content/values.alpha.yaml | 2 -- freeleaps/helm-pkg/content/values.prod.yaml | 2 -- freeleaps/helm-pkg/content/values.yaml | 4 ---- freeleaps/helm-pkg/devops/values.alpha.yaml | 1 - freeleaps/helm-pkg/devops/values.prod.yaml | 1 - freeleaps/helm-pkg/devops/values.yaml | 9 -------- .../helm-pkg/freeleaps/values.alpha.yaml | 1 - freeleaps/helm-pkg/freeleaps/values.prod.yaml | 1 - freeleaps/helm-pkg/freeleaps/values.yaml | 17 --------------- .../helm-pkg/notification/values.alpha.yaml | 1 - .../helm-pkg/notification/values.prod.yaml | 1 - freeleaps/helm-pkg/notification/values.yaml | 13 ------------ .../payment/templates/payment/deployment.yaml | 9 ++++++++ .../templates/payment/freeleapssecret.yaml | 20 ++++++++++++++++++ .../templates/payment/payment-config.yaml | 2 -- freeleaps/helm-pkg/payment/values.alpha.yaml | 19 +++++++++++++++-- freeleaps/helm-pkg/payment/values.prod.yaml | 19 +++++++++++++++-- freeleaps/helm-pkg/payment/values.yaml | 21 +++++++++++++++---- 22 files changed, 80 insertions(+), 86 deletions(-) create mode 100644 freeleaps/helm-pkg/payment/templates/payment/freeleapssecret.yaml diff --git a/freeleaps/helm-pkg/authentication/values.yaml b/freeleaps/helm-pkg/authentication/values.yaml index 62fdc64b..41cdc1e5 100644 --- a/freeleaps/helm-pkg/authentication/values.yaml +++ b/freeleaps/helm-pkg/authentication/values.yaml @@ -70,16 +70,12 @@ authentication: devsvcWebapiUrlBase: "http://devsvc..svc.freeleaps.cluster:/api/devsvc" # NOTIFICATION_WEBAPI_URL_BASE notificationWebapiUrlBase: "http://notification.svc..freeleaps.cluster:/api/notification" - # JWT_SECRET_KEY - jwtSecretKey: "" # JWT_ALGORITHM jwtAlgorithm: "HS256" # MONGODB_NAME mongodbName: "" # MONGODB_PORT mongodbPort: "27017" - # MONGODB_URI - mongodbUri: "" # METRICS_ENABLED metricsEnabled: "false" # PROBES_ENABLED diff --git a/freeleaps/helm-pkg/centralStorage/values.yaml b/freeleaps/helm-pkg/centralStorage/values.yaml index a2cab729..2367aad8 100644 --- a/freeleaps/helm-pkg/centralStorage/values.yaml +++ b/freeleaps/helm-pkg/centralStorage/values.yaml @@ -59,12 +59,6 @@ central-storage: mongodbName: "" # MONGODB_PORT mongodbPort: "27017" - # MONGODB_URI - mongodbUri: "" - # AZURE_STORAGE_DOCUMENT_API_KEY - azureStorageDocumentApiKey: "" - # AZURE_STORAGE_DOCUMENT_API_ENDPOINT - azureStorageDocumentApiEndpoint: "" # METRICS_ENABLED metricsEnabled: "false" # PROBES_ENABLED diff --git a/freeleaps/helm-pkg/chat/values.alpha.yaml b/freeleaps/helm-pkg/chat/values.alpha.yaml index f524acb5..842728ab 100644 --- a/freeleaps/helm-pkg/chat/values.alpha.yaml +++ b/freeleaps/helm-pkg/chat/values.alpha.yaml @@ -101,7 +101,6 @@ chat: redisIsCluster: 'false' metricsEnabled: 'true' probesEnabled: 'true' - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/chat/values.yaml b/freeleaps/helm-pkg/chat/values.yaml index 999b4922..dbc37753 100644 --- a/freeleaps/helm-pkg/chat/values.yaml +++ b/freeleaps/helm-pkg/chat/values.yaml @@ -76,8 +76,6 @@ chat: serviceApiAccessPort: "8012" # MONGODB_NAME mongodbName: "" - # MONGODB_URI - mongodbUri: "" # MONGODB_PORT mongodbPort: '' # EMAIL_FROM @@ -88,20 +86,12 @@ chat: jwtSecretKey: "" # JWT_ALGORITHM jwtAlgorithm: "" - # STRIPE_API_KEY - stripeApiKey: "" - # STRIPE_WEBHOOK_SECRET - stripeWebhookSecret: "" - # STRIPE_ACCOUNT_WEBHOOK_SECRET - stripeAccountWebhookSecret: "" # RABBITMQ_HOST rabbitmqHost: "" # RABBITMQ_PORT rabbitmqPort: # RABBITMQ_USERNAME rabbitmqUsername: "" - # RABBITMQ_PASSWORD - rabbitmqPassword: "" # FREELEAPS_DEVSVC_ENDPOINT freeleapsDevsvcEndpoint: "" # FREELEAPS_CONTENT_ENDPOINT @@ -118,8 +108,6 @@ chat: freeleapsEnv: "" # CERT_PATH certPath: "" - # REDIS_URL - redisUrl: "" # REDIS_IS_CLUSTER redisIsCluster: "false" # METRICS_ENABLED diff --git a/freeleaps/helm-pkg/content/values.alpha.yaml b/freeleaps/helm-pkg/content/values.alpha.yaml index c728b6f6..edfb1b09 100644 --- a/freeleaps/helm-pkg/content/values.alpha.yaml +++ b/freeleaps/helm-pkg/content/values.alpha.yaml @@ -82,11 +82,9 @@ content: serviceApiAccessPort: 8013 mongodbName: freeleaps2 mongodbPort: 27017 - centralStorageWebapiUrlBase: http://central-storage-service.freeleaps-alpha.svc.freeleaps.cluster:8005/api/central_storage metricsEnabled: 'false' probesEnabled: 'true' - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/content/values.prod.yaml b/freeleaps/helm-pkg/content/values.prod.yaml index 57c6ccf3..af72de38 100644 --- a/freeleaps/helm-pkg/content/values.prod.yaml +++ b/freeleaps/helm-pkg/content/values.prod.yaml @@ -68,11 +68,9 @@ content: serviceApiAccessPort: 8013 mongodbName: freeleaps2 mongodbPort: 27017 - centralStorageWebapiUrlBase: http://central-storage-service.freeleaps-prod.svc.freeleaps.cluster:8005/api/central_storage metricsEnabled: 'true' probesEnabled: 'true' - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/content/values.yaml b/freeleaps/helm-pkg/content/values.yaml index e20d8338..41a8829b 100644 --- a/freeleaps/helm-pkg/content/values.yaml +++ b/freeleaps/helm-pkg/content/values.yaml @@ -59,10 +59,6 @@ content: mongodbName: "" # MONGODB_PORT mongodbPort: "27017" - # MONGODB_URI - mongodbUri: "" - # FREELEAPS_WWW_AS_AZURE_CLIENT_SECRET - freeleapsWwwAsAzureClientSecret: "" # CENTRAL_STORAGE_WEBAPI_URL_BASE centralStorageWebapiUrlBase: "" # METRICS_ENABLED diff --git a/freeleaps/helm-pkg/devops/values.alpha.yaml b/freeleaps/helm-pkg/devops/values.alpha.yaml index c28d093f..eff9f5fa 100644 --- a/freeleaps/helm-pkg/devops/values.alpha.yaml +++ b/freeleaps/helm-pkg/devops/values.alpha.yaml @@ -64,7 +64,6 @@ devops: rabbitmqVirtualHost: / rabbitmqOutputQueueName: freeleaps.devops.reconciler.output rabbitmqInputQueueName: freeleaps.devops.reconciler.input - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/devops/values.prod.yaml b/freeleaps/helm-pkg/devops/values.prod.yaml index 55853dcc..309705de 100644 --- a/freeleaps/helm-pkg/devops/values.prod.yaml +++ b/freeleaps/helm-pkg/devops/values.prod.yaml @@ -64,7 +64,6 @@ devops: rabbitmqVirtualHost: / rabbitmqOutputQueueName: freeleaps.devops.reconciler.output rabbitmqInputQueueName: freeleaps.devops.reconciler.input - # AKV secrets configuration secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/devops/values.yaml b/freeleaps/helm-pkg/devops/values.yaml index dc9634de..1f80e71d 100644 --- a/freeleaps/helm-pkg/devops/values.yaml +++ b/freeleaps/helm-pkg/devops/values.yaml @@ -41,34 +41,25 @@ devops: # Basic configuration tz: "UTC" appName: "devops" - - # JWT configuration - jwtSecretKey: "" jwtAlgorithm: "HS256" accessTokenExpireMinutes: "3600" refreshTokenExpireDays: "1" - # MongoDB configuration appMongodbName: "" appMongodbPort: "27017" - appMongodbUri: "" - # Feature switches metricsEnabled: "false" probesEnabled: "true" - # External service URLs baseGiteaUrl: "https://gitea.freeleaps.mathmast.com" baseReconcileUrl: "https://reconcile.freeleaps.mathmast.com" baseLokiUrl: "http://loki-gateway.freeleaps-logging-system" - # Log configuration logBasePath: "/app/log" logRetention: "30 days" logRotation: "00:00" logBackupFiles: "5" logRotationBytes: "10485760" - # Mock mode configuration mockMode: "false" mockResponseDelay: "1000" diff --git a/freeleaps/helm-pkg/freeleaps/values.alpha.yaml b/freeleaps/helm-pkg/freeleaps/values.alpha.yaml index b34bbe0d..8f856939 100644 --- a/freeleaps/helm-pkg/freeleaps/values.alpha.yaml +++ b/freeleaps/helm-pkg/freeleaps/values.alpha.yaml @@ -82,7 +82,6 @@ freeleaps: metricsEnabled: 'false' probesEnabled: 'true' giteaEndpoint: https://alpha.gitea.freeleaps.mathmast.com/ - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/freeleaps/values.prod.yaml b/freeleaps/helm-pkg/freeleaps/values.prod.yaml index 15e257cf..54422f07 100644 --- a/freeleaps/helm-pkg/freeleaps/values.prod.yaml +++ b/freeleaps/helm-pkg/freeleaps/values.prod.yaml @@ -73,7 +73,6 @@ freeleaps: metricsEnabled: 'true' probesEnabled: 'true' giteaEndpoint: https://gitea.freeleaps.mathmast.com/ - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/freeleaps/values.yaml b/freeleaps/helm-pkg/freeleaps/values.yaml index f0c68995..a5ac4af8 100644 --- a/freeleaps/helm-pkg/freeleaps/values.yaml +++ b/freeleaps/helm-pkg/freeleaps/values.yaml @@ -59,32 +59,20 @@ freeleaps: serviceApiAccessPort: "8013" # MONGODB_NAME mongodbName: "" - # MONGODB_URI - mongodbUri: "" # MONGODB_PORT mongodbPort: '' # EMAIL_FROM emailFrom: "" # SITE_URL_ROOT siteUrlRoot: "" - # JWT_SECRET_KEY - jwtSecretKey: "" # JWT_ALGORITHM jwtAlgorithm: "" - # STRIPE_API_KEY - stripeApiKey: "" - # STRIPE_WEBHOOK_SECRET - stripeWebhookSecret: "" - # STRIPE_ACCOUNT_WEBHOOK_SECRET - stripeAccountWebhookSecret: "" # RABBITMQ_HOST rabbitmqHost: "" # RABBITMQ_PORT rabbitmqPort: # RABBITMQ_USERNAME rabbitmqUsername: "" - # RABBITMQ_PASSWORD - rabbitmqPassword: "" # FREELEAPS_DEVSVC_ENDPOINT freeleapsDevsvcEndpoint: "" # FREELEAPS_CONTENT_ENDPOINT @@ -105,16 +93,12 @@ freeleaps: freeleapsEnv: "" # CERT_PATH certPath: "" - # REDIS_URL - redisUrl: "" # REDIS_IS_CLUSTER redisIsCluster: "false" # METRICS_ENABLED metricsEnabled: "false" # PROBES_ENABLED probesEnabled: "false" - # GITEA_API_KEY - giteaApiKey: "" # GITEA_ENDPOINT giteaEndpoint: "" @@ -130,7 +114,6 @@ freeleaps: controlledResources: - cpu - memory - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/notification/values.alpha.yaml b/freeleaps/helm-pkg/notification/values.alpha.yaml index d9882da5..f25dc2e2 100644 --- a/freeleaps/helm-pkg/notification/values.alpha.yaml +++ b/freeleaps/helm-pkg/notification/values.alpha.yaml @@ -103,7 +103,6 @@ notification: controlledResources: - cpu - memory - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/notification/values.prod.yaml b/freeleaps/helm-pkg/notification/values.prod.yaml index 924617ad..f8b96511 100644 --- a/freeleaps/helm-pkg/notification/values.prod.yaml +++ b/freeleaps/helm-pkg/notification/values.prod.yaml @@ -77,7 +77,6 @@ notification: emailFrom: freeleaps@freeleaps.com metricsEnabled: 'true' probesEnabled: 'true' - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/notification/values.yaml b/freeleaps/helm-pkg/notification/values.yaml index aced8f64..783782d3 100644 --- a/freeleaps/helm-pkg/notification/values.yaml +++ b/freeleaps/helm-pkg/notification/values.yaml @@ -59,16 +59,12 @@ notification: mongodbName: "" # MONGODB_PORT mongodbPort: "27017" - # MONGODB_URI - mongodbUri: "" # RABBITMQ_HOST rabbitmqHost: "" # RABBITMQ_PORT rabbitmqPort: "" # RABBITMQ_USERNAME rabbitmqUsername: "" - # RABBITMQ_PASSWORD - rabbitmqPassword: "" # RABBITMQ_VRITUAL_HOST rabbitmqVritualHost: "" # SYSTEM_USER_ID @@ -77,14 +73,6 @@ notification: smsFrom: "" # EMAIL_FROM emailFrom: "" - # SECRET_KEY - secretKey: "" - # SENDGRID_API_KEY - sendgridApiKey: "" - # TWILIO_ACCOUNT_SID - twilioAccountSid: "" - # TWILIO_AUTH_TOKEN - twilioAuthToken: "" # METRICS_ENABLED metricsEnabled: "false" # PROBES_ENABLED @@ -101,7 +89,6 @@ notification: controlledResources: - cpu - memory - secrets: secretStoreRef: kind: FreeleapsSecretStore diff --git a/freeleaps/helm-pkg/payment/templates/payment/deployment.yaml b/freeleaps/helm-pkg/payment/templates/payment/deployment.yaml index 872c1ecf..dd2565aa 100644 --- a/freeleaps/helm-pkg/payment/templates/payment/deployment.yaml +++ b/freeleaps/helm-pkg/payment/templates/payment/deployment.yaml @@ -106,6 +106,15 @@ spec: name: payment-config key: {{ $key | snakecase | upper }} {{- end }} + # inject from secret created by FreeleapsSecret object + {{ $targetSecretName := .Values.payment.secrets.target.name }} + {{- range .Values.payment.secrets.data }} + - name: {{ .key | snakecase | upper }} + valueFrom: + secretKeyRef: + name: {{ $targetSecretName }} + key: {{ .key }} + {{- end }} {{- if .Values.logIngest.enabled }} volumeMounts: - name: app-logs diff --git a/freeleaps/helm-pkg/payment/templates/payment/freeleapssecret.yaml b/freeleaps/helm-pkg/payment/templates/payment/freeleapssecret.yaml new file mode 100644 index 00000000..743bffe8 --- /dev/null +++ b/freeleaps/helm-pkg/payment/templates/payment/freeleapssecret.yaml @@ -0,0 +1,20 @@ +apiVersion: freeleaps.com/v1alpha1 +kind: FreeleapsSecret +metadata: + name: freeleaps-payment-secrets + namespace: {{ .Release.Namespace }} +spec: + secretStoreRef: + kind: {{ .Values.payment.secrets.secretStoreRef.kind }} + name: {{ .Values.payment.secrets.secretStoreRef.name }} + target: + name: {{ .Values.payment.secrets.target.name }} + creationPolicy: {{ .Values.payment.secrets.target.creationPolicy }} + refreshInterval: {{ .Values.payment.secrets.refreshInterval }} + data: +{{- range .Values.payment.secrets.data }} + - secretKey: {{ .key }} + remoteRef: + key: {{ .remoteRef.key }} + type: {{ .remoteRef.type }} +{{- end }} \ No newline at end of file diff --git a/freeleaps/helm-pkg/payment/templates/payment/payment-config.yaml b/freeleaps/helm-pkg/payment/templates/payment/payment-config.yaml index bd3b5dcb..7c78758e 100644 --- a/freeleaps/helm-pkg/payment/templates/payment/payment-config.yaml +++ b/freeleaps/helm-pkg/payment/templates/payment/payment-config.yaml @@ -11,8 +11,6 @@ data: SERVICE_API_ACCESS_PORT: {{ .Values.payment.configs.serviceApiAccessPort | toString | b64enc }} MONGODB_NAME: {{ .Values.payment.configs.mongodbName | b64enc | quote }} MONGODB_PORT: {{ .Values.payment.configs.mongodbPort | toString | b64enc }} - MONGODB_URI: {{ .Values.payment.configs.mongodbUri | b64enc | quote }} - STRIPE_API_KEY: {{ .Values.payment.configs.stripeApiKey | b64enc | quote }} SITE_URL_ROOT: {{ .Values.payment.configs.siteUrlRoot | b64enc | quote }} METRICS_ENABLED: {{ .Values.payment.configs.metricsEnabled | default false | toString | b64enc }} PROBES_ENABLED: {{ .Values.payment.configs.probesEnabled | default false | toString | b64enc }} \ No newline at end of file diff --git a/freeleaps/helm-pkg/payment/values.alpha.yaml b/freeleaps/helm-pkg/payment/values.alpha.yaml index e8348ecc..9891f280 100644 --- a/freeleaps/helm-pkg/payment/values.alpha.yaml +++ b/freeleaps/helm-pkg/payment/values.alpha.yaml @@ -82,11 +82,26 @@ payment: serviceApiAccessPort: 8006 mongodbName: freeleaps2 mongodbPort: 27017 - mongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/ - stripeApiKey: sk_test_51Ogsw5B0IyqaSJBrwczlr820jnmvA1qQQGoLZ2XxOsIzikpmXo4pRLjw4XVMTEBR8DdVTYySiAv1XX53Zv5xqynF00GfMqttFd siteUrlRoot: https://freeleaps-alpha.com metricsEnabled: 'false' probesEnabled: 'true' + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: freeleaps-payment-secrets + creationPolicy: Owner + refreshInterval: 30s + data: + - key: mongodbUri + remoteRef: + key: "freeleaps-alpha-mongodb-uri" + type: Secret + - key: stripeApiKey + remoteRef: + key: "freeleaps-alpha-stripe-api-key" + type: Secret vpa: minAllowed: enabled: false diff --git a/freeleaps/helm-pkg/payment/values.prod.yaml b/freeleaps/helm-pkg/payment/values.prod.yaml index 92b6239a..c61986e2 100644 --- a/freeleaps/helm-pkg/payment/values.prod.yaml +++ b/freeleaps/helm-pkg/payment/values.prod.yaml @@ -68,11 +68,26 @@ payment: serviceApiAccessPort: 8006 mongodbName: freeleaps2 mongodbPort: 27017 - mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority - stripeApiKey: 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 siteUrlRoot: https://freeleaps.com metricsEnabled: 'true' probesEnabled: 'true' + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: freeleaps-payment-secrets + creationPolicy: Owner + refreshInterval: 30s + data: + - key: mongodbUri + remoteRef: + key: "freeleaps-prod-mongodb-uri" + type: Secret + - key: stripeApiKey + remoteRef: + key: "freeleaps-prod-stripe-api-key" + type: Secret vpa: minAllowed: enabled: true diff --git a/freeleaps/helm-pkg/payment/values.yaml b/freeleaps/helm-pkg/payment/values.yaml index 44c69bff..3322a070 100644 --- a/freeleaps/helm-pkg/payment/values.yaml +++ b/freeleaps/helm-pkg/payment/values.yaml @@ -59,16 +59,29 @@ payment: mongodbName: "" # MONGODB_PORT mongodbPort: "27017" - # MONGODB_URI - mongodbUri: "" - # STRIPE_API_KEY - stripeApiKey: "" # SITE_URL_ROOT siteUrlRoot: "" # METRICS_ENABLED metricsEnabled: "false" # PROBES_ENABLED probesEnabled: "false" + secrets: + secretStoreRef: + kind: FreeleapsSecretStore + name: freeleaps-main-secret-store + target: + name: freeleaps-payment-secrets + creationPolicy: Owner + refreshInterval: 30s + data: + - key: mongodbUri + remoteRef: + key: "freeleaps-alpha-mongodb-uri" + type: Secret + - key: stripeApiKey + remoteRef: + key: "freeleaps-alpha-stripe-api-key" + type: Secret vpa: minAllowed: enabled: false