Skip to content

Remove secrets from kubernetes #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ArmanpreetGhotra merged 14 commits into from
Jul 20, 2025
Merged

Remove secrets from kubernetes #99

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
2270aa9
check again
ArmanpreetGhotra Jul 20, 2025
73f9f91
fix again
ArmanpreetGhotra Jul 20, 2025
4eac614
Fix deployment
ArmanpreetGhotra Jul 20, 2025
f44148c
rename postgres password
ArmanpreetGhotra Jul 20, 2025
59e7725
rename postgres password
ArmanpreetGhotra Jul 20, 2025
c28bb6c
fix agin for pr
ArmanpreetGhotra Jul 20, 2025
8f1865d
fix again
ArmanpreetGhotra Jul 20, 2025
8234f15
fix staging and production also
ArmanpreetGhotra Jul 20, 2025
c5f9228
fix github env for value
ArmanpreetGhotra Jul 20, 2025
359e33b
fix keycloak
ArmanpreetGhotra Jul 20, 2025
22a9e27
check again
ArmanpreetGhotra Jul 20, 2025
1165a5e
last time commit to branch
ArmanpreetGhotra Jul 20, 2025
7d9b503
remove useless stuff
ArmanpreetGhotra Jul 20, 2025
815bdf4
add double quotes
ArmanpreetGhotra Jul 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 22 additions & 1 deletion .github/workflows/deploy-to-k8s.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,10 @@ jobs:
echo "NAMESPACE=production" >> $GITHUB_ENV
echo "IMAGE_TAG=latest" >> $GITHUB_ENV
echo "VALUES_FILE=./infrastructure/whiteboard-app/production.values.yaml" >> $GITHUB_ENV
KEYCLOAK_CLIENT_SECRET="${{ secrets.PRODUCTION_KEYCLOAK_CLIENT_SECRET }}"
NEXTAUTH_SECRET="${{ secrets.PRODUCTION_NEXTAUTH_SECRET }}"
POSTGRESQL_SECRET="${{ secrets.PRODUCTION_DB_PASSWORD }}"
KEYCLOAK_SECRET="${{ secrets.PRODUCTION_KEYCLOAK_SECRET }}"
elif [[ "$BRANCH" == "develop" ]]; then
CLIENT_URL=staging.whiteboard.student.k8s.aet.cit.tum.de
SERVER_URL=staging.api.whiteboard.student.k8s.aet.cit.tum.de
Expand All @@ -260,6 +264,10 @@ jobs:
echo "NAMESPACE=staging" >> $GITHUB_ENV
echo "IMAGE_TAG=develop" >> $GITHUB_ENV
echo "VALUES_FILE=./infrastructure/whiteboard-app/staging.values.yaml" >> $GITHUB_ENV
KEYCLOAK_CLIENT_SECRET="${{ secrets.STAGING_KEYCLOAK_CLIENT_SECRET }}"
NEXTAUTH_SECRET="${{ secrets.STAGING_NEXTAUTH_SECRET }}"
POSTGRESQL_SECRET="${{ secrets.STAGING_DB_PASSWORD }}"
KEYCLOAK_SECRET="${{ secrets.STAGING_KEYCLOAK_SECRET }}"
else
BRANCH_SAFE=${BRANCH//\//-}
CLIENT_URL=$BRANCH_SAFE.whiteboard.student.k8s.aet.cit.tum.de
Expand All @@ -270,6 +278,10 @@ jobs:
echo "NAMESPACE=$BRANCH_SAFE" >> $GITHUB_ENV
echo "IMAGE_TAG=$BRANCH_SAFE" >> $GITHUB_ENV
echo "VALUES_FILE=./infrastructure/whiteboard-app/pullrequest.values.yaml" >> $GITHUB_ENV
KEYCLOAK_CLIENT_SECRET="${{ secrets.PR_KEYCLOAK_CLIENT_SECRET }}"
NEXTAUTH_SECRET="${{ secrets.PR_NEXTAUTH_SECRET }}"
POSTGRESQL_SECRET="${{ secrets.PR_DB_PASSWORD }}"
KEYCLOAK_SECRET="${{ secrets.PR_KEYCLOAK_SECRET }}"
fi

echo "CLIENT_URL=$CLIENT_URL" >> $GITHUB_ENV
Expand All @@ -278,6 +290,10 @@ jobs:
echo "GENAI_URL=$GENAI_URL" >> $GITHUB_ENV
echo "OPEN_WEB_UI_API_KEY=${{ secrets.OPEN_WEB_UI_API_KEY }}" >> $GITHUB_ENV
echo "REALTIME_URL=$REALTIME_URL" >> $GITHUB_ENV
echo "KEYCLOAK_CLIENT_SECRET=$KEYCLOAK_CLIENT_SECRET" >> $GITHUB_ENV
echo "NEXTAUTH_SECRET=$NEXTAUTH_SECRET" >> $GITHUB_ENV
echo "POSTGRESQL_SECRET=$POSTGRESQL_SECRET" >> $GITHUB_ENV
echo "KEYCLOAK_SECRET=$KEYCLOAK_SECRET" >> $GITHUB_ENV

echo "CLIENT_URL=$CLIENT_URL" >> $GITHUB_OUTPUT
echo "SERVER_URL=$SERVER_URL" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -329,7 +345,12 @@ jobs:
--set auth.url="${{ env.AUTH_URL }}" \
--set genai.url="${{ env.GENAI_URL }}" \
--set genai.apiKey="${{ env.OPEN_WEB_UI_API_KEY }}" \
--set realtime.url="${{ env.REALTIME_URL }}"
--set realtime.url="${{ env.REALTIME_URL }}" \
--set keycloak.clientSecret="${{ env.KEYCLOAK_CLIENT_SECRET }}" \
--set nextauth.secret="${{ env.NEXTAUTH_SECRET }}" \
--set postgresql.auth.postgresPassword="${{ env.POSTGRESQL_SECRET }}" \
--set keycloak.externalDatabase.password="${{ env.POSTGRESQL_SECRET }}" \
--set keycloak.auth.adminPassword="${{ env.KEYCLOAK_SECRET }}" \

comment-pr:
needs: deploy
Expand Down
17 changes: 8 additions & 9 deletions infrastructure/whiteboard-app/production.values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ client:
replicaCount: 1
env:
- name: KEYCLOAK_CLIENT_SECRET
value: SXiMvr1GG10bk2J63ODZC9SOaoAZ4dbe
value: '{{ .Values.keycloak.clientSecret }}'
- name: NEXTAUTH_URL
value: https://whiteboard.student.k8s.aet.cit.tum.de/api/auth/
- name: NEXTAUTH_SECRET
value: feZJWB3mcQ93VBmqHKQI5er5NEIxcDPb3wtT/KaLB9s=
value: '{{ .Values.nextauth.secret }}'
- name: KEYCLOAK_CLIENT_ID
value: webclient
- name: KEYCLOAK_ISSUER
Expand All @@ -41,7 +41,7 @@ server:
- name: DB_USER
value: postgres
- name: DB_PASSWORD
value: postgres
value: '{{ .Values.postgresql.auth.postgresPassword }}'
- name: ALLOWED_ORIGIN
value: "https://whiteboard.student.k8s.aet.cit.tum.de"
- name: IDP_INTERNAL_URI
Expand Down Expand Up @@ -69,12 +69,11 @@ realtime:
replicaCount: 1

postgresql:
auth:
username: postgres
postgresPassword: ""
primary:
extraEnvVars:
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
value: password
- name: POSTGRES_MULTIPLE_DATABASES
value: "main,keycloak"
extraVolumes:
Expand All @@ -90,13 +89,13 @@ keycloak:
enabled: false
auth:
adminUser: admin
adminPassword: password
adminPassword: ""
postgresql:
enabled: false
externalDatabase:
host: '{{ printf "%s-postgresql" .Release.Name }}'
user: postgres
password: password
password: ""
database: keycloak
port: 5432
extraEnvVars:
Expand Down
17 changes: 8 additions & 9 deletions infrastructure/whiteboard-app/pullrequest.values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ client:
replicaCount: 1
env:
- name: KEYCLOAK_CLIENT_SECRET
value: SXiMvr1GG10bk2J63ODZC9SOaoAZ4dbe
value: '{{ .Values.keycloak.clientSecret }}'
- name: NEXTAUTH_URL
value: 'https://{{ .Values.client.url }}/api/auth/'
- name: NEXTAUTH_SECRET
value: feZJWB3mcQ93VBmqHKQI5er5NEIxcDPb3wtT/KaLB9s=
value: '{{ .Values.nextauth.secret }}'
- name: KEYCLOAK_CLIENT_ID
value: webclient
- name: KEYCLOAK_ISSUER
Expand All @@ -41,7 +41,7 @@ server:
- name: DB_USER
value: postgres
- name: DB_PASSWORD
value: password
value: '{{ .Values.postgresql.auth.postgresPassword }}'
- name: ALLOWED_ORIGIN
value: 'https://{{ .Values.client.url }}'
- name: IDP_INTERNAL_URI
Expand Down Expand Up @@ -69,12 +69,11 @@ realtime:
replicaCount: 1

postgresql:
auth:
username: postgres
postgresPassword: ""
primary:
extraEnvVars:
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
value: password
- name: POSTGRES_MULTIPLE_DATABASES
value: "main,keycloak"
extraVolumes:
Expand All @@ -94,13 +93,13 @@ keycloak:
enabled: false
auth:
adminUser: admin
adminPassword: password
adminPassword: ""
postgresql:
enabled: false
externalDatabase:
host: '{{ printf "%s-postgresql" .Release.Name }}'
user: postgres
password: password
password: ""
database: keycloak
port: 5432
extraEnvVars:
Expand Down
17 changes: 8 additions & 9 deletions infrastructure/whiteboard-app/staging.values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ client:
replicaCount: 1
env:
- name: KEYCLOAK_CLIENT_SECRET
value: SXiMvr1GG10bk2J63ODZC9SOaoAZ4dbe
value: '{{ .Values.keycloak.clientSecret }}'
- name: NEXTAUTH_URL
value: https://staging.whiteboard.student.k8s.aet.cit.tum.de/api/auth/
- name: NEXTAUTH_SECRET
value: feZJWB3mcQ93VBmqHKQI5er5NEIxcDPb3wtT/KaLB9s=
value: '{{ .Values.nextauth.secret }}'
- name: KEYCLOAK_CLIENT_ID
value: webclient
- name: KEYCLOAK_ISSUER
Expand All @@ -41,7 +41,7 @@ server:
- name: DB_USER
value: postgres
- name: DB_PASSWORD
value: password
value: '{{ .Values.postgresql.auth.postgresPassword }}'
- name: ALLOWED_ORIGIN
value: "https://staging.whiteboard.student.k8s.aet.cit.tum.de"
- name: IDP_INTERNAL_URI
Expand Down Expand Up @@ -69,12 +69,11 @@ realtime:
replicaCount: 1

postgresql:
auth:
username: postgres
postgresPassword: ""
primary:
extraEnvVars:
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
value: password
- name: POSTGRES_MULTIPLE_DATABASES
value: "main,keycloak"
extraVolumes:
Expand All @@ -90,13 +89,13 @@ keycloak:
enabled: false
auth:
adminUser: admin
adminPassword: password
adminPassword: ""
postgresql:
enabled: false
externalDatabase:
host: '{{ printf "%s-postgresql" .Release.Name }}'
user: postgres
password: password
password: ""
database: keycloak
port: 5432
extraEnvVars:
Expand Down
Loading