Skip to content

Commit f49658a

Browse files
cognifloydcognifloyd
authored
Merge pull request #366: add external secret for datastore encryption
2 parents 7ee24be + c4fdcee commit f49658a

File tree

4 files changed

+18
-8
lines changed

4 files changed

+18
-8
lines changed

.github/workflows/unit.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535
# We should periodically check to see if another fork has taken over maintenance,
3636
# as the de-facto "best" fork has changed several times over the years.
3737
run: |
38-
helm plugin install https://github.com/quintush/helm-unittest
38+
helm plugin install https://github.com/quintush/helm-unittest --version v0.2.11
3939
4040
- name: Install chart dependencies
4141
run: |

templates/_helpers.tpl

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,14 @@ Create the name of the stackstorm-ha st2 auth secret to use
7878
{{- default $name .Values.st2.existingAuthSecret -}}
7979
{{- end -}}
8080

81+
{{/*
82+
Create the name of the stackstorm-ha st2 datastore secret to use
83+
*/}}
84+
{{- define "stackstorm-ha.secrets.st2Datastore" -}}
85+
{{- $name := print .Release.Name "-st2-datastore-crypto-key" -}}
86+
{{- default $name .Values.st2.existingDatastoreSecret -}}
87+
{{- end -}}
88+
8189

8290
{{/*
8391
Generate '-' prefix only when the variable is defined

templates/deployments.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -233,7 +233,7 @@ spec:
233233
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
234234
- name: st2-encryption-key-vol
235235
secret:
236-
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
236+
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
237237
items:
238238
- key: datastore_crypto_key
239239
path: datastore_key.json
@@ -588,7 +588,7 @@ spec:
588588
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
589589
- name: st2-encryption-key-vol
590590
secret:
591-
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
591+
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
592592
items:
593593
- key: datastore_crypto_key
594594
path: datastore_key.json
@@ -809,7 +809,7 @@ spec:
809809
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
810810
- name: st2-encryption-key-vol
811811
secret:
812-
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
812+
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
813813
items:
814814
- key: datastore_crypto_key
815815
path: datastore_key.json
@@ -924,7 +924,7 @@ spec:
924924
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
925925
- name: st2-encryption-key-vol
926926
secret:
927-
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
927+
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
928928
items:
929929
- key: datastore_crypto_key
930930
path: datastore_key.json
@@ -1230,7 +1230,7 @@ spec:
12301230
{{- if ne "disable" (default "" $.Values.st2.datastore_crypto_key) }}
12311231
- name: st2-encryption-key-vol
12321232
secret:
1233-
secretName: {{ $.Release.Name }}-st2-datastore-crypto-key
1233+
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" $ }}
12341234
items:
12351235
- key: datastore_crypto_key
12361236
path: datastore_key.json
@@ -1379,7 +1379,7 @@ spec:
13791379
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
13801380
- name: st2-encryption-key-vol
13811381
secret:
1382-
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
1382+
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
13831383
items:
13841384
- key: datastore_crypto_key
13851385
path: datastore_key.json
@@ -1658,7 +1658,7 @@ spec:
16581658
{{- if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
16591659
- name: st2-encryption-key-vol
16601660
secret:
1661-
secretName: {{ .Release.Name }}-st2-datastore-crypto-key
1661+
secretName: {{ include "stackstorm-ha.secrets.st2Datastore" . }}
16621662
items:
16631663
- key: datastore_crypto_key
16641664
path: datastore_key.json

values.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,8 @@ st2:
6464
#password: Ch@ngeMe
6565
# Name of existing ST2 Auth secret, disables creation of this secret
6666
# existingAuthSecret: ""
67+
# Name of existing ST2 datastore secret, disables creation of this secret
68+
# existingDatastoreSecret: ""
6769

6870
# ST2 crypto key for the K/V datastore.
6971
# See https://docs.stackstorm.com/datastore.html#securing-secrets-admin-only for more info.

0 commit comments

Comments
 (0)