From cecdb1a627b26f89ec81725fe91a2ac50f0761b4 Mon Sep 17 00:00:00 2001 From: Swordsteel Date: Sat, 26 Jul 2025 14:34:44 +0200 Subject: [PATCH] helm secrets - add docker registry config - update values.yaml with values from 03-keystore.yaml - add 03-keystore.yaml - add docker registry config - update values.yaml with values from 02-json-web-token.yaml - add 02-json-web-token.yaml - add docker registry config - update values.yaml with values from 01-docker-registry.yaml - add 01-docker-registry.yaml - update kube/01-initialize/02-registry-secret.yaml - extract docker registry /doc/k8s-testing.md to doc/k8s-docker-registry.md - add values.yaml - add Chart.yaml - add helmfile.yaml --- doc/k8s-docker-registry.md | 37 ++++++++++++++++++ doc/k8s-testing.md | 38 +------------------ helm/charts/01-secrets/Chart.yaml | 5 +++ .../templates/01-docker-registry.yaml | 13 +++++++ .../templates/02-json-web-token.yaml | 15 ++++++++ .../01-secrets/templates/03-keystore.yaml | 16 ++++++++ helm/charts/01-secrets/values.yaml | 26 +++++++++++++ helm/helmfile.yaml | 6 +++ kube/01-initialize/02-registry-secret.yaml | 4 +- 9 files changed, 121 insertions(+), 39 deletions(-) create mode 100644 doc/k8s-docker-registry.md create mode 100644 helm/charts/01-secrets/Chart.yaml create mode 100644 helm/charts/01-secrets/templates/01-docker-registry.yaml create mode 100644 helm/charts/01-secrets/templates/02-json-web-token.yaml create mode 100644 helm/charts/01-secrets/templates/03-keystore.yaml create mode 100644 helm/charts/01-secrets/values.yaml create mode 100644 helm/helmfile.yaml diff --git a/doc/k8s-docker-registry.md b/doc/k8s-docker-registry.md new file mode 100644 index 0000000..dd4f742 --- /dev/null +++ b/doc/k8s-docker-registry.md @@ -0,0 +1,37 @@ +# K8s Docker Registry Configuration + +**How to make JSON Configuration** + +```json= +{ + "auths": { + "": { + "username": "", + "password": "", + "email": "", + "auth": "" + } + } +} +``` + +**Replace Values** + +- **Replace** : Use the hostname of your Gitea instance (e.g., registry.example.com). +- **Replace** : Use your Gitea username (e.g., user1). +- **Replace** : Use your Gitea personal access token generated with read:package scope (e.g., abc123). +- **Replace** : Use your email address (e.g., user1@example.com). + +**Linux Command** + +```bash +echo -n 'your-username:your-password' | base64 -w 0 +``` + +witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth` + +```bash +echo -n '{"auths":{"":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0 +``` + +witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=` diff --git a/doc/k8s-testing.md b/doc/k8s-testing.md index 478396f..fdc550c 100644 --- a/doc/k8s-testing.md +++ b/doc/k8s-testing.md @@ -74,48 +74,12 @@ kubectl apply -f .\kube\01-initialize\01-namespace.yaml ### Registry Secret -Create repository secret +Create [Docker Registry Configuration](./k8s-docker-registry.md) secret. ```bash kubectl apply -f .\kube\01-initialize\02-registry-secret.yaml ``` -**How to make JSON Configuration** - -```json= -{ - "auths": { - "": { - "username": "", - "password": "", - "email": "", - "auth": "" - } - } -} -``` - -**Replace Values** - -- **Replace** : Use the hostname of your Gitea instance (e.g., registry.example.com). -- **Replace** : Use your Gitea username (e.g., user1). -- **Replace** : Use your Gitea personal access token generated with read:package scope (e.g., abc123). -- **Replace** : Use your email address (e.g., user1@example.com). - -**Linux Command** - -```bash -echo -n 'your-username:your-password' | base64 -w 0 -``` - -witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth` - -```bash -echo -n '{"auths":{"":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0 -``` - -witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=` - --- ### JSON Web Token (JWT) diff --git a/helm/charts/01-secrets/Chart.yaml b/helm/charts/01-secrets/Chart.yaml new file mode 100644 index 0000000..7714034 --- /dev/null +++ b/helm/charts/01-secrets/Chart.yaml @@ -0,0 +1,5 @@ +# Chart.yaml +apiVersion: v2 +name: hlaeja-secret +description: A Helm chart for the hlaeja docker register, jwt, and keystore +version: 0.1.0 diff --git a/helm/charts/01-secrets/templates/01-docker-registry.yaml b/helm/charts/01-secrets/templates/01-docker-registry.yaml new file mode 100644 index 0000000..69e90f5 --- /dev/null +++ b/helm/charts/01-secrets/templates/01-docker-registry.yaml @@ -0,0 +1,13 @@ +{{- range .Values.secrets.dockerRegistry }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Values.namespace }} + labels: + environment: {{ $.Values.environment }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ .dockerRegistryConfigJson | quote }} +--- +{{- end }} diff --git a/helm/charts/01-secrets/templates/02-json-web-token.yaml b/helm/charts/01-secrets/templates/02-json-web-token.yaml new file mode 100644 index 0000000..2ebe1cf --- /dev/null +++ b/helm/charts/01-secrets/templates/02-json-web-token.yaml @@ -0,0 +1,15 @@ +{{- range .Values.secrets.jwt }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Values.namespace }} + labels: + app: {{ .app }} + environment: {{ $.Values.environment }} + tier: {{ .tier }} +type: Opaque +data: + {{ .jwtFilename }}: {{ .jwtFile | quote }} +--- +{{- end }} diff --git a/helm/charts/01-secrets/templates/03-keystore.yaml b/helm/charts/01-secrets/templates/03-keystore.yaml new file mode 100644 index 0000000..d293cbe --- /dev/null +++ b/helm/charts/01-secrets/templates/03-keystore.yaml @@ -0,0 +1,16 @@ +{{- range .Values.secrets.keystore }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Values.namespace }} + labels: + app: {{ .app }} + environment: {{ $.Values.environment }} + tier: {{ .tier }} +type: Opaque +data: + keystore.p12: {{ .keystoreFile | quote }} + keystore-password: {{ .keystorePassword | b64enc | quote }} +--- +{{- end }} diff --git a/helm/charts/01-secrets/values.yaml b/helm/charts/01-secrets/values.yaml new file mode 100644 index 0000000..f3243ff --- /dev/null +++ b/helm/charts/01-secrets/values.yaml @@ -0,0 +1,26 @@ +namespace: hlaeja-testing +environment: testing + +secrets: + + # Look at /doc/k8s-docker-registry.md to make these values + dockerRegistry: +# - name: dockerRegistry +# dockerRegistryConfigJson: DockerRegistryBase64== + + # Look at /doc/rsa_key.md to make these values (we use rsa so and need a public and privet key) + jwt: +# - name: jwt-key +# app: jwt-service +# tier: backend +# jwtFilename: jwt_key.pem +# jwtFile: JwtKeyFileBase64== + + # Look at /doc/keystore.md to make these values + keystore: +# - name: keystore-service +# app: account-register +# tier: backend +# keystoreFile: ServiceKeystoreFileBase64== +# keystorePassword: ServiceKeystorePassword + diff --git a/helm/helmfile.yaml b/helm/helmfile.yaml new file mode 100644 index 0000000..8f9fc56 --- /dev/null +++ b/helm/helmfile.yaml @@ -0,0 +1,6 @@ +releases: + - name: secrets + namespace: hlaeja-testing + chart: ./charts/01-secrets + values: [] + historyMax: 3 diff --git a/kube/01-initialize/02-registry-secret.yaml b/kube/01-initialize/02-registry-secret.yaml index 54223c1..f893c8c 100644 --- a/kube/01-initialize/02-registry-secret.yaml +++ b/kube/01-initialize/02-registry-secret.yaml @@ -7,5 +7,5 @@ metadata: environment: testing type: kubernetes.io/dockerconfigjson data: - # Look at /doc/k8s.md at Initialize -> Registry Secret, for how to make real values - .dockerconfigjson: RegisterSecretBase64== + # Look at /doc/k8s-docker-registry.md to this value + .dockerconfigjson: DockerRegistryBase64==