Skip to content

Commit

Permalink
squashme: minor fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@olevski
olevski committed Jan 19, 2024
1 parent fd03189 commit d82787e
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 33 deletions.
22 changes: 17 additions & 5 deletions helm-chart/renku/templates/gateway/deployment-revproxy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,12 +48,27 @@ spec:
secretKeyRef:
name: {{ .Values.global.redis.existingSecret }}
key: {{ .Values.global.redis.existingSecretPasswordKey }}
- name: LOGIN_PROVIDERS_RENKU_CLIENTSECRET
valueFrom:
secretKeyRef:
name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }}
key: oidcClientSecret
- name: LOGIN_PROVIDERS_GITLAB_CLIENTSECRET
valueFrom:
secretKeyRef:
name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }}
key: gitlabClientSecret
- name: LOGIN_PROVIDERS_RENKU-CLI_CLIENTSECRET
valueFrom:
secretKeyRef:
name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }}
key: cliClientSecret
- name: MONITORING_SENTRY_DSN
value: {{ .Values.gateway.sentry.dsn }}
volumeMounts:
{{- include "certificates.volumeMounts.system" . | nindent 12 }}
- mountPath: "/etc/gateway"
name: public-config
- mountPath: "/etc/gateway"
name: secret-config
livenessProbe:
httpGet:
path: /health
Expand Down Expand Up @@ -87,7 +102,4 @@ spec:
- name: public-config
configMap:
name: {{ template "gateway.name" . }}
- name: secret-config
secret:
secretName: {{ printf "%s-gateway" (include "renku.fullname" .) }}

34 changes: 6 additions & 28 deletions helm-chart/renku/templates/gateway/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,19 +70,19 @@
{{- $tokenEncryptionSecretKey := randAlphaNum 32 | b64enc | quote }}
{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
{{- if $secret }}
{{- $tokenEncryptionSecretKey = index $secret.data "login.tokenEncryption.secretKey" }}
{{- $tokenEncryptionSecretKey = index $secret.data "tokenEncryption" }}
{{- end -}}

{{- $csrfCookieEncodingKey := randAlphaNum 32 | b64enc | quote }}
{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
{{- if $secret }}
{{- $csrfCookieEncodingKey = index $secret.data "login.providers.renku.cookieEncodingKey" }}
{{- $csrfCookieEncodingKey = index $secret.data "cookieEncodingKey" }}
{{- end -}}

{{- $csrfCookieHashKey := randAlphaNum 32 | b64enc | quote }}
{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
{{- if $secret }}
{{- $csrfCookieHashKey = index $secret.data "login.providers.renku.cookieHashKey" }}
{{- $csrfCookieHashKey = index $secret.data "cookieHashKey" }}
{{- end -}}

apiVersion: v1
Expand Down Expand Up @@ -116,29 +116,7 @@ data:
# A secret for the Gitlab client in Keycloak if an internal Gitlab is used
gitlabClientInKeycloakSecret: {{ $gitlabClientInKeycloakSecret }}
{{- end }}

#### New stuff for the gateway refactoring
secret_config.yaml: |
login:
tokenEncryption:
secretKey: {{ $tokenEncryptionSecretKey }}
providers:
renku:
# A secret for the "renku" OIDC client in Keycloak
clientSecret: {{ $oidcClientSecret }}
cookieEncodingKey: {{ $csrfCookieEncodingKey }}
cookieHashKey: {{ $csrfCookieHashKey }}
renku-cli:
# A secret for the Renku CLI client in Keycloak
clientSecret: {{ $cliClientSecret }}
cookieEncodingKey: {{ $csrfCookieEncodingKey }}
cookieHashKey: {{ $csrfCookieHashKey }}
gitlab:
# The OIDC client must be created manually in Gitlab prior to installing Renku
clientSecret: {{ $gitlabClientSecret }}
cookieEncodingKey: {{ $csrfCookieEncodingKey }}
cookieHashKey: {{ $csrfCookieHashKey }}
monitoring:
sentry:
dsn: {{ .Values.gateway.sentry.dsn }}
cookieEncodingKey: {{ $csrfCookieEncodingKey }}
cookieHashKey: {{ $csrfCookieHashKey }}
tokenEncryption: {{ $tokenEncryptionSecretKey }}

0 comments on commit d82787e

Please sign in to comment.