hlaeja-old/hlaeja-development
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

helm secrets

Browse Source 
- add docker registry config
   - update values.yaml with values from 03-keystore.yaml
   - add 03-keystore.yaml
- add docker registry config
   - update values.yaml with values from 02-json-web-token.yaml
   - add 02-json-web-token.yaml
- add docker registry config
   - update values.yaml with values from 01-docker-registry.yaml
   - add 01-docker-registry.yaml
   - update kube/01-initialize/02-registry-secret.yaml
   - extract docker registry /doc/k8s-testing.md to doc/k8s-docker-registry.md
- add values.yaml
- add Chart.yaml
- add helmfile.yaml
This commit is contained in:
Mr. Swordsteel
2025-07-26 14:34:44 +02:00
committed by swordsteel
parent 8ead30676a
commit cecdb1a627
9 changed files with 121 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
doc/k8s-docker-registry.md Normal file
View File

@@ -0,0 +1,37 @@
# K8s Docker Registry Configuration
**How to make JSON Configuration**
```json=
{
"auths": {
"<your-registry>": {
"username": "<your-username>",
"password": "<your-password>",
"email": "<your-email@example.com>",
"auth": "<base64-of-your-username:your-password>"
}
}
}
```
**Replace Values**
- **Replace** <your-registry>: Use the hostname of your Gitea instance (e.g., registry.example.com).
- **Replace** <your-username>: Use your Gitea username (e.g., user1).
- **Replace** <your-password>: Use your Gitea personal access token generated with read:package scope (e.g., abc123).
- **Replace** <your-email>: Use your email address (e.g., user1@example.com).
**Linux Command**
```bash
echo -n 'your-username:your-password' | base64 -w 0
```
witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth`
```bash
echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0
```
witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`

38
doc/k8s-testing.md
View File

@@ -74,48 +74,12 @@ kubectl apply -f .\kube\01-initialize\01-namespace.yaml
### Registry Secret ### Registry Secret
Create repository secret Create [Docker Registry Configuration](./k8s-docker-registry.md) secret.
```bash ```bash
kubectl apply -f .\kube\01-initialize\02-registry-secret.yaml kubectl apply -f .\kube\01-initialize\02-registry-secret.yaml
``` ```
**How to make JSON Configuration**
```json=
{
"auths": {
"<your-registry>": {
"username": "<your-username>",
"password": "<your-password>",
"email": "<your-email@example.com>",
"auth": "<base64-of-your-username:your-password>"
}
}
}
```
**Replace Values**
- **Replace** <your-registry>: Use the hostname of your Gitea instance (e.g., registry.example.com).
- **Replace** <your-username>: Use your Gitea username (e.g., user1).
- **Replace** <your-password>: Use your Gitea personal access token generated with read:package scope (e.g., abc123).
- **Replace** <your-email>: Use your email address (e.g., user1@example.com).
**Linux Command**
```bash
echo -n 'your-username:your-password' | base64 -w 0
```
witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth`
```bash
echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0
```
witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`
--- ---
### JSON Web Token (JWT) ### JSON Web Token (JWT)

5
helm/charts/01-secrets/Chart.yaml Normal file
View File

@@ -0,0 +1,5 @@
# Chart.yaml
apiVersion: v2
name: hlaeja-secret
description: A Helm chart for the hlaeja docker register, jwt, and keystore
version: 0.1.0

13
helm/charts/01-secrets/templates/01-docker-registry.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- range .Values.secrets.dockerRegistry }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Values.namespace }}
labels:
environment: {{ $.Values.environment }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ .dockerRegistryConfigJson | quote }}
---
{{- end }}

15
helm/charts/01-secrets/templates/02-json-web-token.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- range .Values.secrets.jwt }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Values.namespace }}
labels:
app: {{ .app }}
environment: {{ $.Values.environment }}
tier: {{ .tier }}
type: Opaque
data:
{{ .jwtFilename }}: {{ .jwtFile | quote }}
---
{{- end }}

16
helm/charts/01-secrets/templates/03-keystore.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- range .Values.secrets.keystore }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Values.namespace }}
labels:
app: {{ .app }}
environment: {{ $.Values.environment }}
tier: {{ .tier }}
type: Opaque
data:
keystore.p12: {{ .keystoreFile | quote }}
keystore-password: {{ .keystorePassword | b64enc | quote }}
---
{{- end }}

26
helm/charts/01-secrets/values.yaml Normal file
View File

@@ -0,0 +1,26 @@
namespace: hlaeja-testing
environment: testing
secrets:
# Look at /doc/k8s-docker-registry.md to make these values
dockerRegistry:
# - name: dockerRegistry
# dockerRegistryConfigJson: DockerRegistryBase64==
# Look at /doc/rsa_key.md to make these values (we use rsa so and need a public and privet key)
jwt:
# - name: jwt-key
# app: jwt-service
# tier: backend
# jwtFilename: jwt_key.pem
# jwtFile: JwtKeyFileBase64==
# Look at /doc/keystore.md to make these values
keystore:
# - name: keystore-service
# app: account-register
# tier: backend
# keystoreFile: ServiceKeystoreFileBase64==
# keystorePassword: ServiceKeystorePassword

6
helm/helmfile.yaml Normal file
View File

@@ -0,0 +1,6 @@
releases:
- name: secrets
namespace: hlaeja-testing
chart: ./charts/01-secrets
values: []
historyMax: 3

4
kube/01-initialize/02-registry-secret.yaml
View File

@@ -7,5 +7,5 @@ metadata:
environment: testing environment: testing
type: kubernetes.io/dockerconfigjson type: kubernetes.io/dockerconfigjson
data: data:
# Look at /doc/k8s.md at Initialize -> Registry Secret, for how to make real values # Look at /doc/k8s-docker-registry.md to this value
.dockerconfigjson: RegisterSecretBase64== .dockerconfigjson: DockerRegistryBase64==