helm secrets

- add docker registry config
   - update values.yaml with values from 03-keystore.yaml
   - add 03-keystore.yaml
- add docker registry config
   - update values.yaml with values from 02-json-web-token.yaml
   - add 02-json-web-token.yaml
- add docker registry config
   - update values.yaml with values from 01-docker-registry.yaml
   - add 01-docker-registry.yaml
   - update kube/01-initialize/02-registry-secret.yaml
   - extract docker registry /doc/k8s-testing.md to doc/k8s-docker-registry.md
- add values.yaml
- add Chart.yaml
- add helmfile.yaml

doc/k8s-docker-registry.md

@@ -0,0 +1,37 @@
+# K8s Docker Registry Configuration
+
+**How to make JSON Configuration**
+
+```json=
+{
+  "auths": {
+    "<your-registry>": {
+      "username": "<your-username>",
+      "password": "<your-password>",
+      "email": "<your-email@example.com>",
+      "auth": "<base64-of-your-username:your-password>"
+    }
+  }
+}
+```
+
+**Replace Values**
+
+- **Replace** <your-registry>: Use the hostname of your Gitea instance (e.g., registry.example.com).
+- **Replace** <your-username>: Use your Gitea username (e.g., user1).
+- **Replace** <your-password>: Use your Gitea personal access token generated with read:package scope (e.g., abc123).
+- **Replace** <your-email>: Use your email address (e.g., user1@example.com).
+
+**Linux Command**
+
+```bash
+echo -n 'your-username:your-password' | base64 -w 0
+```
+
+witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth`
+
+```bash
+echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0
+```
+
+witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`

doc/k8s-testing.md

@@ -74,48 +74,12 @@ kubectl apply -f .\kube\01-initialize\01-namespace.yaml
 
 ### Registry Secret
 
-Create repository secret
+Create [Docker Registry Configuration](./k8s-docker-registry.md) secret.
 
 ```bash
 kubectl apply -f .\kube\01-initialize\02-registry-secret.yaml
 ```
 
-**How to make JSON Configuration**
-
-```json=
-{
-  "auths": {
-    "<your-registry>": {
-      "username": "<your-username>",
-      "password": "<your-password>",
-      "email": "<your-email@example.com>",
-      "auth": "<base64-of-your-username:your-password>"
-    }
-  }
-}
-```
-
-**Replace Values**
-
-- **Replace** <your-registry>: Use the hostname of your Gitea instance (e.g., registry.example.com).
-- **Replace** <your-username>: Use your Gitea username (e.g., user1).
-- **Replace** <your-password>: Use your Gitea personal access token generated with read:package scope (e.g., abc123).
-- **Replace** <your-email>: Use your email address (e.g., user1@example.com).
-
-**Linux Command**
-
-```bash
-echo -n 'your-username:your-password' | base64 -w 0
-```
-
-witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth`
-
-```bash
-echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0
-```
-
-witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`
-
 ---
 
 ### JSON Web Token (JWT)

helm/charts/01-secrets/Chart.yaml

@@ -0,0 +1,5 @@
+# Chart.yaml
+apiVersion: v2
+name: hlaeja-secret
+description: A Helm chart for the hlaeja docker register, jwt, and keystore
+version: 0.1.0

helm/charts/01-secrets/templates/01-docker-registry.yaml

@@ -0,0 +1,13 @@
+{{- range .Values.secrets.dockerRegistry }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    environment: {{ $.Values.environment }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ .dockerRegistryConfigJson | quote }}
+---
+{{- end }}

helm/charts/01-secrets/templates/02-json-web-token.yaml

@@ -0,0 +1,15 @@
+{{- range .Values.secrets.jwt }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: {{ .app }}
+    environment: {{ $.Values.environment }}
+    tier: {{ .tier }}
+type: Opaque
+data:
+  {{ .jwtFilename }}: {{ .jwtFile | quote }}
+---
+{{- end }}

helm/charts/01-secrets/templates/03-keystore.yaml

@@ -0,0 +1,16 @@
+{{- range .Values.secrets.keystore }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: {{ .app }}
+    environment: {{ $.Values.environment }}
+    tier: {{ .tier }}
+type: Opaque
+data:
+  keystore.p12: {{ .keystoreFile | quote }}
+  keystore-password: {{ .keystorePassword | b64enc | quote }}
+---
+{{- end }}

helm/charts/01-secrets/values.yaml

@@ -0,0 +1,26 @@
+namespace: hlaeja-testing
+environment: testing
+
+secrets:
+
+  # Look at /doc/k8s-docker-registry.md to make these values
+  dockerRegistry:
+#    - name: dockerRegistry
+#      dockerRegistryConfigJson: DockerRegistryBase64==
+
+  # Look at /doc/rsa_key.md to make these values (we use rsa so and need a public and privet key)
+  jwt:
+#    - name: jwt-key
+#      app: jwt-service
+#      tier: backend
+#      jwtFilename: jwt_key.pem
+#      jwtFile: JwtKeyFileBase64==
+
+  # Look at /doc/keystore.md to make these values
+  keystore:
+#    - name: keystore-service
+#      app: account-register
+#      tier: backend
+#      keystoreFile: ServiceKeystoreFileBase64==
+#      keystorePassword: ServiceKeystorePassword
+

helm/helmfile.yaml

@@ -0,0 +1,6 @@
+releases:
+  - name: secrets
+    namespace: hlaeja-testing
+    chart: ./charts/01-secrets
+    values: []
+    historyMax: 3

kube/01-initialize/02-registry-secret.yaml

@@ -7,5 +7,5 @@ metadata:
     environment: testing
 type: kubernetes.io/dockerconfigjson
 data:
-  # Look at /doc/k8s.md at Initialize -> Registry Secret, for how to make real values
-  .dockerconfigjson: RegisterSecretBase64==
+  # Look at /doc/k8s-docker-registry.md to this value
+  .dockerconfigjson: DockerRegistryBase64==