From 094a76b6475e2619e6b40acfd6f70853a7911ec6 Mon Sep 17 00:00:00 2001 From: Florian Piesche Date: Sun, 21 Mar 2021 12:26:31 +0000 Subject: [PATCH 1/3] Automatically generate random secrets for the redis password and django secret --- charts/funkwhale/templates/_helpers.tpl | 4 ++-- charts/funkwhale/templates/secret.yaml | 8 +++++++- charts/funkwhale/values.yaml | 11 ++++++++--- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/charts/funkwhale/templates/_helpers.tpl b/charts/funkwhale/templates/_helpers.tpl index c3f3c9d..fbb92f1 100644 --- a/charts/funkwhale/templates/_helpers.tpl +++ b/charts/funkwhale/templates/_helpers.tpl @@ -7,11 +7,11 @@ Expand the name of the chart. {{- end -}} {{- define "funkwhale.dbUrl" -}} -postgres://{{ .Values.database.user}}:{{ .Values.database.password }}@{{ .Values.database.host }}:{{ .Values.database.port }}/{{ .Values.database.database }} +postgres://{{ .Values.database.user }}:{{ .Values.database.password }}@{{ .Values.database.host }}:{{ .Values.database.port }}/{{ .Values.database.database }} {{- end -}} {{- define "funkwhale.redisUrl" -}} -redis://:{{ .Values.redis.password }}@{{ .Values.redis.host | default (printf "%s-%s" (include "funkwhale.fullname" .) "redis-master") }}:{{ .Values.redis.redisPort }}/0 +redis://:{{ default uuidv4 .Values.redis.password }}@{{ .Values.redis.host | default (printf "%s-%s" (include "funkwhale.fullname" .) "redis-master") }}:{{ .Values.redis.redisPort }}/0 {{- end -}} {{/* diff --git a/charts/funkwhale/templates/secret.yaml b/charts/funkwhale/templates/secret.yaml index fbc05a1..dcfa3cf 100644 --- a/charts/funkwhale/templates/secret.yaml +++ b/charts/funkwhale/templates/secret.yaml @@ -1,3 +1,5 @@ +{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "funkwhale.fullname" .)) -}} + apiVersion: v1 kind: Secret metadata: @@ -10,7 +12,11 @@ metadata: data: CACHE_URL: {{ include "funkwhale.redisUrl" . | b64enc }} DATABASE_URL: {{ include "funkwhale.dbUrl" . | b64enc }} - DJANGO_SECRET_KEY: {{ .Values.djangoSecret | b64enc }} + {{ if $secret -}} + DJANGO_SECRET_KEY: {{ $secret.data.DJANGO_SECRET_KEY }} + {{ else -}} + DJANGO_SECRET_KEY: {{ (default uuidv4 .Values.djangoSecret) | b64enc }} + {{ end }} {{- range $key, $val := .Values.extraSecret }} {{ $key }}: {{ $val | b64enc }} diff --git a/charts/funkwhale/values.yaml b/charts/funkwhale/values.yaml index a0f9834..17e3940 100644 --- a/charts/funkwhale/values.yaml +++ b/charts/funkwhale/values.yaml @@ -47,6 +47,14 @@ database: database: funkwhale redis: + # If you already have a Redis service you'd like to use, set + # this to false and adjust the host to use your existing service. + enabled: true + + host: '' + redisPort: 6379 + password: '' + cluster: enabled: false master: @@ -55,9 +63,6 @@ redis: slave: persistence: enabled: false - password: funkwhale - redisPort: 6379 - # host: {{ template "funkwhale.fullname" . }}-redis-master djangoSecret: '' From f3c1b188aca5cbf08669b88bd602b3292dc3e7d0 Mon Sep 17 00:00:00 2001 From: Florian Piesche Date: Sun, 21 Mar 2021 22:27:25 +0000 Subject: [PATCH 2/3] Remove auto-generating Redis password. --- charts/funkwhale/templates/_helpers.tpl | 2 +- charts/funkwhale/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/funkwhale/templates/_helpers.tpl b/charts/funkwhale/templates/_helpers.tpl index fbb92f1..e6f5c7b 100644 --- a/charts/funkwhale/templates/_helpers.tpl +++ b/charts/funkwhale/templates/_helpers.tpl @@ -11,7 +11,7 @@ postgres://{{ .Values.database.user }}:{{ .Values.database.password }}@{{ .Value {{- end -}} {{- define "funkwhale.redisUrl" -}} -redis://:{{ default uuidv4 .Values.redis.password }}@{{ .Values.redis.host | default (printf "%s-%s" (include "funkwhale.fullname" .) "redis-master") }}:{{ .Values.redis.redisPort }}/0 +redis://:{{ .Values.redis.password }}@{{ .Values.redis.host | default (printf "%s-%s" (include "funkwhale.fullname" .) "redis-master") }}:{{ .Values.redis.redisPort }}/0 {{- end -}} {{/* diff --git a/charts/funkwhale/values.yaml b/charts/funkwhale/values.yaml index 17e3940..3f217a5 100644 --- a/charts/funkwhale/values.yaml +++ b/charts/funkwhale/values.yaml @@ -53,7 +53,7 @@ redis: host: '' redisPort: 6379 - password: '' + password: 'funkwhale' cluster: enabled: false From ef73f557813ebeccaa60f2053890bea51d82dd41 Mon Sep 17 00:00:00 2001 From: Florian Piesche Date: Mon, 22 Mar 2021 23:52:05 +0000 Subject: [PATCH 3/3] Switch to filter syntax for djangoSecret default --- charts/funkwhale/templates/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/funkwhale/templates/secret.yaml b/charts/funkwhale/templates/secret.yaml index dcfa3cf..77f68a6 100644 --- a/charts/funkwhale/templates/secret.yaml +++ b/charts/funkwhale/templates/secret.yaml @@ -15,7 +15,7 @@ data: {{ if $secret -}} DJANGO_SECRET_KEY: {{ $secret.data.DJANGO_SECRET_KEY }} {{ else -}} - DJANGO_SECRET_KEY: {{ (default uuidv4 .Values.djangoSecret) | b64enc }} + DJANGO_SECRET_KEY: {{ (.Values.djangoSecret | default uuidv4) | b64enc }} {{ end }} {{- range $key, $val := .Values.extraSecret }}