fix(mastodon): Move some secrets to Kubernetes secrets

This patch replaces removes various variables from the configmap and moves them to Kubernetes secrets to keep things organised.

fix(mastodon): Move some secrets to Kubernetes secrets
473c8d18 · Sheogorath · 599bd621 · 473c8d18 · 473c8d18 · 473c8d18
Verified Commit 473c8d18 authored 2 years ago by Sheogorath
--- a/charts/mastodon/templates/configmap-env.yaml
+++ b/charts/mastodon/templates/configmap-env.yaml
@@ -78,9 +78,6 @@ data:
  {{- with .Values.mastodon.smtp.openssl_verify_mode }}
  SMTP_OPENSSL_VERIFY_MODE: {{ . }}
  {{- end }}
-  {{- with .Values.mastodon.smtp.password }}
-  SMTP_PASSWORD: {{ . }}
-  {{- end }}
  {{- with .Values.mastodon.smtp.port }}
  SMTP_PORT: {{ . | quote }}
  {{- end }}
@@ -105,7 +102,6 @@ data:
  OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }}
  OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }}
  OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }}
-  OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
  OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
  OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
  {{- with .Values.externalAuth.oidc.client_auth_method }}
@@ -172,9 +168,6 @@ data:
  {{- with .Values.externalAuth.saml.cert }}
  SAML_CERT: {{ . | quote }}
  {{- end }}
-  {{- with .Values.externalAuth.saml.private_key }}
-  SAML_PRIVATE_KEY: {{ . | quote }}
-  {{- end }}
  {{- with .Values.externalAuth.saml.want_assertion_signed }}
  SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }}
  {{- end }}
@@ -293,9 +286,6 @@ data:
  {{- with .Values.externalAuth.ldap.bind_on }}
  LDAP_BIND_ON: {{ . }}
  {{- end }}
-  {{- with .Values.externalAuth.ldap.password }}
-  LDAP_PASSWORD: {{ . }}
-  {{- end }}
  {{- with .Values.externalAuth.ldap.uid }}
  LDAP_UID: {{ . }}
  {{- end }}

--- a/charts/mastodon/templates/deployment-streaming.yaml
+++ b/charts/mastodon/templates/deployment-streaming.yaml
@@ -45,6 +45,8 @@ spec:
          envFrom:
            - configMapRef:
                name: {{ include "mastodon.fullname" . }}-env
+            - secretRef:
+                name: {{ template "mastodon.secretName" . }}
          env:
            - name: "DB_PASS"
              valueFrom:

--- a/charts/mastodon/templates/secrets.yaml
+++ b/charts/mastodon/templates/secrets.yaml
@@ -40,4 +40,17 @@ data:
  password: "{{ .Values.postgresql.auth.password | b64enc }}"
  {{- end }}
  {{- end }}
+  {{- if .Values.externalAuth.oidc.enabled }}
+  OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.enabled }}
+  {{- with .Values.externalAuth.saml.private_key }}
+  SAML_PRIVATE_KEY: {{ . | quote }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.enabled }}
+  {{- with .Values.externalAuth.ldap.password }}
+  LDAP_PASSWORD: {{ . }}
+  {{- end }}
+  {{- end }}
 {{- end }}