From b1e2cc5c8344bc2dfab1f660399796e2a0a870e8 Mon Sep 17 00:00:00 2001 From: Joan Miquel Luque Oliver Date: Fri, 21 Jul 2023 10:16:32 +0200 Subject: [PATCH 1/9] GH-1549: Use lookup function to avoid recreating random secrets Signed-off-by: Joan Miquel Luque Oliver --- templates/_helpers.tpl | 112 +++++++++++++++++++ templates/core/core-secret.yaml | 24 +--- templates/jobservice/jobservice-secrets.yaml | 7 +- templates/registry/registry-secret.yaml | 36 +----- 4 files changed, 118 insertions(+), 61 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 7f6f3f72e..8e4cf8fc0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -521,4 +521,116 @@ app: "{{ template "harbor.name" . }}" {{/* Allow KubeVersion to be overridden. */}} {{- define "harbor.ingress.kubeVersion" -}} {{- default .Capabilities.KubeVersion.Version .Values.expose.ingress.kubeVersionOverride -}} +{{- end -}} + +{{/* Harbor Core Secret generator */}} +{{- define "harbor.core.secret" -}} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "harbor.core" .) ) -}} +{{- if $secret -}} +{{/* Reusing existing secret data */}} +secret: {{ index $secret "data" "secret" }} +CSRF_KEY: {{ index $secret "data" "CSRF_KEY" }} +tls.key: {{ index $secret "data" "tls.key" }} +tls.crt: {{ index $secret "data" "tls.crt" }} +{{- else -}} +{{/* + Generate new data +*/}} +secret: {{ .Values.core.secret | default (randAlphaNum 16) | b64enc | quote }} +CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }} +{{- $ca := genCA "harbor-token-ca" 365 }} +tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }} +tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }} +{{- end }} +{{- if not .Values.existingSecretSecretKey }} +secretKey: {{ .Values.secretKey | b64enc | quote }} +{{- end }} +{{- if not .Values.existingSecretAdminPassword }} +HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} +{{- end }} +{{- if not .Values.database.external.existingSecret }} +POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} +{{- end }} +{{- if not .Values.registry.credentials.existingSecret }} +REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} +{{- end }} +{{- if .Values.core.configureUserSettings }} +CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }} +{{- end }} +{{- template "harbor.traceJaegerPassword" . }} +{{- end -}} + +{{/* Harbor JobService Secret generator */}} +{{- define "harbor.jobservice.secret" -}} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "harbor.jobservice" .) ) -}} +{{- if $secret -}} +{{/* Reusing existing secret data */}} +JOBSERVICE_SECRET: {{ index $secret "data" "JOBSERVICE_SECRET" }} +{{- else -}} +{{/* Generate new data */}} +JOBSERVICE_SECRET: {{ .Values.jobservice.secret | default (randAlphaNum 16) | b64enc | quote }} +{{- end -}} +{{- if not .Values.registry.credentials.existingSecret }} +REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} +{{- end }} +{{- template "harbor.traceJaegerPassword" . }} +{{- end -}} + +{{/* Harbor Registry Secret generator */}} +{{- define "harbor.registry.secret" -}} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "harbor.registry" .) ) -}} +{{- if $secret -}} +{{/* Reusing existing secret data */}} +REGISTRY_HTTP_SECRET: {{ index $secret "data" "REGISTRY_HTTP_SECRET" }} +{{- else -}} +{{/* Generate new data */}} +REGISTRY_HTTP_SECRET: {{ .Values.registry.secret | default (randAlphaNum 16) | b64enc | quote }} +{{- end -}} +{{- if not .Values.redis.external.existingSecret }} +REGISTRY_REDIS_PASSWORD: {{ include "harbor.redis.password" . | b64enc | quote }} +{{- end }} +{{- $storage := .Values.persistence.imageChartStorage }} +{{- $type := $storage.type }} +{{- if and (eq $type "azure") (not $storage.azure.existingSecret) }} +REGISTRY_STORAGE_AZURE_ACCOUNTKEY: {{ $storage.azure.accountkey | b64enc | quote }} +{{- else if and (and (eq $type "gcs") (not $storage.gcs.existingSecret)) (not $storage.gcs.useWorkloadIdentity) }} +GCS_KEY_DATA: {{ $storage.gcs.encodedkey | quote }} +{{- else if eq $type "s3" }} +{{- if and (not $storage.s3.existingSecret) ($storage.s3.accesskey) }} +REGISTRY_STORAGE_S3_ACCESSKEY: {{ $storage.s3.accesskey | b64enc | quote }} +{{- end }} +{{- if and (not $storage.s3.existingSecret) ($storage.s3.secretkey) }} +REGISTRY_STORAGE_S3_SECRETKEY: {{ $storage.s3.secretkey | b64enc | quote }} +{{- end }} +{{- else if eq $type "swift" }} +REGISTRY_STORAGE_SWIFT_PASSWORD: {{ $storage.swift.password | b64enc | quote }} +{{- if $storage.swift.secretkey }} +REGISTRY_STORAGE_SWIFT_SECRETKEY: {{ $storage.swift.secretkey | b64enc | quote }} +{{- end }} +{{- if $storage.swift.accesskey }} +REGISTRY_STORAGE_SWIFT_ACCESSKEY: {{ $storage.swift.accesskey | b64enc | quote }} +{{- end }} +{{- else if eq $type "oss" }} +REGISTRY_STORAGE_OSS_ACCESSKEYSECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }} +{{- end }} +{{- end -}} + +{{/* Harbor Registry Secret htpasswd generator */}} +{{- define "harbor.registry.secret-htpasswd" -}} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-htpasswd" (include "harbor.registry" .)) ) -}} +{{- if $secret -}} +{{/* Reusing existing secret data */}} +{{- if .Values.registry.credentials.htpasswdString }} +REGISTRY_HTPASSWD: {{ .Values.registry.credentials.htpasswdString | b64enc | quote }} +{{- else }} +REGISTRY_HTPASSWD: {{ index $secret "data" "REGISTRY_HTPASSWD" }} +{{- end }} +{{- else -}} +{{/* Generate new data */}} +{{- if .Values.registry.credentials.htpasswdString }} +REGISTRY_HTPASSWD: {{ .Values.registry.credentials.htpasswdString | b64enc | quote }} +{{- else }} +REGISTRY_HTPASSWD: {{ htpasswd .Values.registry.credentials.username .Values.registry.credentials.password | b64enc | quote }} +{{- end }} +{{- end }} {{- end -}} \ No newline at end of file diff --git a/templates/core/core-secret.yaml b/templates/core/core-secret.yaml index 23b352b47..5ef167e6f 100644 --- a/templates/core/core-secret.yaml +++ b/templates/core/core-secret.yaml @@ -6,26 +6,4 @@ metadata: {{ include "harbor.labels" . | indent 4 }} type: Opaque data: - {{- if not .Values.existingSecretSecretKey }} - secretKey: {{ .Values.secretKey | b64enc | quote }} - {{- end }} - secret: {{ .Values.core.secret | default (randAlphaNum 16) | b64enc | quote }} - {{- if not .Values.core.secretName }} - {{- $ca := genCA "harbor-token-ca" 365 }} - tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }} - tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }} - {{- end }} - {{- if not .Values.existingSecretAdminPassword }} - HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} - {{- end }} - {{- if not .Values.database.external.existingSecret }} - POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} - {{- end }} - {{- if not .Values.registry.credentials.existingSecret }} - REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} - {{- end }} - CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }} -{{- if .Values.core.configureUserSettings }} - CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }} -{{- end }} - {{- template "harbor.traceJaegerPassword" . }} + {{- ( include "harbor.core.secret" . ) | indent 2 -}} diff --git a/templates/jobservice/jobservice-secrets.yaml b/templates/jobservice/jobservice-secrets.yaml index 3dfa6bd5e..5069ee828 100644 --- a/templates/jobservice/jobservice-secrets.yaml +++ b/templates/jobservice/jobservice-secrets.yaml @@ -6,8 +6,5 @@ metadata: {{ include "harbor.labels" . | indent 4 }} type: Opaque data: - JOBSERVICE_SECRET: {{ .Values.jobservice.secret | default (randAlphaNum 16) | b64enc | quote }} - {{- if not .Values.registry.credentials.existingSecret }} - REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} - {{- end }} - {{- template "harbor.traceJaegerPassword" . }} + {{- ( include "harbor.jobservice.secret" . ) | indent 2 -}} + diff --git a/templates/registry/registry-secret.yaml b/templates/registry/registry-secret.yaml index 529462906..461d57356 100644 --- a/templates/registry/registry-secret.yaml +++ b/templates/registry/registry-secret.yaml @@ -6,34 +6,8 @@ metadata: {{ include "harbor.labels" . | indent 4 }} type: Opaque data: - REGISTRY_HTTP_SECRET: {{ .Values.registry.secret | default (randAlphaNum 16) | b64enc | quote }} - {{- if not .Values.redis.external.existingSecret }} - REGISTRY_REDIS_PASSWORD: {{ include "harbor.redis.password" . | b64enc | quote }} - {{- end }} - {{- $storage := .Values.persistence.imageChartStorage }} - {{- $type := $storage.type }} - {{- if and (eq $type "azure") (not $storage.azure.existingSecret) }} - REGISTRY_STORAGE_AZURE_ACCOUNTKEY: {{ $storage.azure.accountkey | b64enc | quote }} - {{- else if and (and (eq $type "gcs") (not $storage.gcs.existingSecret)) (not $storage.gcs.useWorkloadIdentity) }} - GCS_KEY_DATA: {{ $storage.gcs.encodedkey | quote }} - {{- else if eq $type "s3" }} - {{- if and (not $storage.s3.existingSecret) ($storage.s3.accesskey) }} - REGISTRY_STORAGE_S3_ACCESSKEY: {{ $storage.s3.accesskey | b64enc | quote }} - {{- end }} - {{- if and (not $storage.s3.existingSecret) ($storage.s3.secretkey) }} - REGISTRY_STORAGE_S3_SECRETKEY: {{ $storage.s3.secretkey | b64enc | quote }} - {{- end }} - {{- else if eq $type "swift" }} - REGISTRY_STORAGE_SWIFT_PASSWORD: {{ $storage.swift.password | b64enc | quote }} - {{- if $storage.swift.secretkey }} - REGISTRY_STORAGE_SWIFT_SECRETKEY: {{ $storage.swift.secretkey | b64enc | quote }} - {{- end }} - {{- if $storage.swift.accesskey }} - REGISTRY_STORAGE_SWIFT_ACCESSKEY: {{ $storage.swift.accesskey | b64enc | quote }} - {{- end }} - {{- else if eq $type "oss" }} - REGISTRY_STORAGE_OSS_ACCESSKEYSECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }} - {{- end }} + {{- ( include "harbor.registry.secret" . ) | indent 2 -}} + {{- if not .Values.registry.credentials.existingSecret }} --- apiVersion: v1 @@ -44,9 +18,5 @@ metadata: {{ include "harbor.labels" . | indent 4 }} type: Opaque data: - {{- if .Values.registry.credentials.htpasswdString }} - REGISTRY_HTPASSWD: {{ .Values.registry.credentials.htpasswdString | b64enc | quote }} - {{- else }} - REGISTRY_HTPASSWD: {{ htpasswd .Values.registry.credentials.username .Values.registry.credentials.password | b64enc | quote }} - {{- end }} + {{- ( include "harbor.registry.secret-htpasswd" . ) | indent 2 -}} {{- end }} From 05c457015853be33f1fc1c1a96529e1852f06756 Mon Sep 17 00:00:00 2001 From: Joan Miquel Luque Oliver Date: Fri, 15 Sep 2023 10:44:16 +0200 Subject: [PATCH 2/9] GH-1549: Fix core secret generation. Co-authored-by: Carlos Vega Signed-off-by: Joan Miquel Luque Oliver --- templates/_helpers.tpl | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8e4cf8fc0..34733212d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -528,23 +528,27 @@ app: "{{ template "harbor.name" . }}" {{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "harbor.core" .) ) -}} {{- if $secret -}} {{/* Reusing existing secret data */}} -secret: {{ index $secret "data" "secret" }} CSRF_KEY: {{ index $secret "data" "CSRF_KEY" }} +HARBOR_ADMIN_PASSWORD: {{ index $secret "data" "HARBOR_ADMIN_PASSWORD" }} +POSTGRESQL_PASSWORD: {{ index $secret "data" "POSTGRESQL_PASSWORD" }} +REGISTRY_CREDENTIAL_PASSWORD: {{ index $secret "data" "REGISTRY_CREDENTIAL_PASSWORD" }} +secret: {{ index $secret "data" "secret" }} +secretKey: {{ index $secret "data" "secretKey" }} tls.key: {{ index $secret "data" "tls.key" }} tls.crt: {{ index $secret "data" "tls.crt" }} {{- else -}} {{/* Generate new data */}} +{{- if not .Values.existingSecretSecretKey }} +secretKey: {{ .Values.secretKey | b64enc | quote }} +{{- end }} secret: {{ .Values.core.secret | default (randAlphaNum 16) | b64enc | quote }} -CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }} +{{- if not .Values.core.secretName }} {{- $ca := genCA "harbor-token-ca" 365 }} tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }} tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }} {{- end }} -{{- if not .Values.existingSecretSecretKey }} -secretKey: {{ .Values.secretKey | b64enc | quote }} -{{- end }} {{- if not .Values.existingSecretAdminPassword }} HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} {{- end }} @@ -554,9 +558,11 @@ POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} {{- if not .Values.registry.credentials.existingSecret }} REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} {{- end }} +CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }} {{- if .Values.core.configureUserSettings }} CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }} {{- end }} +{{- end -}} {{- template "harbor.traceJaegerPassword" . }} {{- end -}} From 008603fd4e19d568782668f01512ddb5e5efbac6 Mon Sep 17 00:00:00 2001 From: Joan Miquel Luque Oliver Date: Fri, 15 Sep 2023 10:46:52 +0200 Subject: [PATCH 3/9] GH-1549: Use lookup function to prevent ingress secret recreation. Co-authored-by: Carlos Vega Signed-off-by: Joan Miquel Luque Oliver --- templates/_helpers.tpl | 18 ++++++++++++++++++ templates/ingress/secret.yaml | 6 +----- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 34733212d..a3f2c66ef 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -639,4 +639,22 @@ REGISTRY_HTPASSWD: {{ .Values.registry.credentials.htpasswdString | b64enc | quo REGISTRY_HTPASSWD: {{ htpasswd .Values.registry.credentials.username .Values.registry.credentials.password | b64enc | quote }} {{- end }} {{- end }} +{{- end -}} + +{{/* Harbor Ingress Secret generator */}} +{{- define "harbor.ingress.secret" -}} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "harbor.ingress" .) ) -}} +{{- if $secret -}} +{{/* Reusing existing secret data */}} +tls.crt: {{ index $secret "data" "tls.crt" }} +tls.key: {{ index $secret "data" "tls.key" }} +ca.crt: {{ index $secret "data" "ca.crt" }} +{{- else -}} +{{/* Generate new data */}} +{{- $ca := genCA "harbor-ca" 365 }} +{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 365 $ca }} +tls.crt: {{ $cert.Cert | b64enc | quote }} +tls.key: {{ $cert.Key | b64enc | quote }} +ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} {{- end -}} \ No newline at end of file diff --git a/templates/ingress/secret.yaml b/templates/ingress/secret.yaml index 41507b3dd..431877a69 100644 --- a/templates/ingress/secret.yaml +++ b/templates/ingress/secret.yaml @@ -1,6 +1,4 @@ {{- if eq (include "harbor.autoGenCertForIngress" .) "true" }} -{{- $ca := genCA "harbor-ca" 365 }} -{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 365 $ca }} apiVersion: v1 kind: Secret metadata: @@ -9,7 +7,5 @@ metadata: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} + {{- ( include "harbor.ingress.secret" . ) | indent 2 -}} {{- end }} \ No newline at end of file From ece767dde94c561bf2d5b7dbb77d0d1bdea814a0 Mon Sep 17 00:00:00 2001 From: Joan Miquel Luque Date: Fri, 15 Sep 2023 13:29:09 +0200 Subject: [PATCH 4/9] Update templates/_helpers.tpl Co-authored-by: Jakub Jaruszewski Signed-off-by: Joan Miquel Luque Oliver --- templates/_helpers.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index a3f2c66ef..da7d9f722 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -534,8 +534,10 @@ POSTGRESQL_PASSWORD: {{ index $secret "data" "POSTGRESQL_PASSWORD" }} REGISTRY_CREDENTIAL_PASSWORD: {{ index $secret "data" "REGISTRY_CREDENTIAL_PASSWORD" }} secret: {{ index $secret "data" "secret" }} secretKey: {{ index $secret "data" "secretKey" }} +{{- if not .Values.core.secretName }} tls.key: {{ index $secret "data" "tls.key" }} tls.crt: {{ index $secret "data" "tls.crt" }} +{{- end }} {{- else -}} {{/* Generate new data From 4ad7351aedb1a92d9a0e96ae61b8fe7ab0b44c9c Mon Sep 17 00:00:00 2001 From: Joan Miquel Luque Date: Fri, 15 Sep 2023 13:29:16 +0200 Subject: [PATCH 5/9] Update templates/_helpers.tpl Co-authored-by: Jakub Jaruszewski Signed-off-by: Joan Miquel Luque Oliver --- templates/_helpers.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index da7d9f722..df3edc652 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -529,7 +529,9 @@ app: "{{ template "harbor.name" . }}" {{- if $secret -}} {{/* Reusing existing secret data */}} CSRF_KEY: {{ index $secret "data" "CSRF_KEY" }} +{{- if not .Values.existingSecretAdminPassword }} HARBOR_ADMIN_PASSWORD: {{ index $secret "data" "HARBOR_ADMIN_PASSWORD" }} +{{- end }} POSTGRESQL_PASSWORD: {{ index $secret "data" "POSTGRESQL_PASSWORD" }} REGISTRY_CREDENTIAL_PASSWORD: {{ index $secret "data" "REGISTRY_CREDENTIAL_PASSWORD" }} secret: {{ index $secret "data" "secret" }} From e5522915e160afd752270c52e48f505b641cd29b Mon Sep 17 00:00:00 2001 From: Joan Miquel Luque Date: Fri, 15 Sep 2023 13:29:39 +0200 Subject: [PATCH 6/9] Update templates/_helpers.tpl Co-authored-by: Jakub Jaruszewski Signed-off-by: Joan Miquel Luque Oliver --- templates/_helpers.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index df3edc652..f9b383b78 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -532,7 +532,9 @@ CSRF_KEY: {{ index $secret "data" "CSRF_KEY" }} {{- if not .Values.existingSecretAdminPassword }} HARBOR_ADMIN_PASSWORD: {{ index $secret "data" "HARBOR_ADMIN_PASSWORD" }} {{- end }} +{{- if not .Values.database.external.existingSecret }} POSTGRESQL_PASSWORD: {{ index $secret "data" "POSTGRESQL_PASSWORD" }} +{{- end }} REGISTRY_CREDENTIAL_PASSWORD: {{ index $secret "data" "REGISTRY_CREDENTIAL_PASSWORD" }} secret: {{ index $secret "data" "secret" }} secretKey: {{ index $secret "data" "secretKey" }} From 25a1185d84a0c2bdde6f238a35e3ebec760ae715 Mon Sep 17 00:00:00 2001 From: Joan Miquel Luque Date: Fri, 15 Sep 2023 13:29:49 +0200 Subject: [PATCH 7/9] Update templates/_helpers.tpl Co-authored-by: Jakub Jaruszewski Signed-off-by: Joan Miquel Luque Oliver --- templates/_helpers.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index f9b383b78..a3a1aab34 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -535,7 +535,9 @@ HARBOR_ADMIN_PASSWORD: {{ index $secret "data" "HARBOR_ADMIN_PASSWORD" }} {{- if not .Values.database.external.existingSecret }} POSTGRESQL_PASSWORD: {{ index $secret "data" "POSTGRESQL_PASSWORD" }} {{- end }} +{{- if not .Values.registry.credentials.existingSecret }} REGISTRY_CREDENTIAL_PASSWORD: {{ index $secret "data" "REGISTRY_CREDENTIAL_PASSWORD" }} +{{- end }} secret: {{ index $secret "data" "secret" }} secretKey: {{ index $secret "data" "secretKey" }} {{- if not .Values.core.secretName }} From 1a4fc1a488efc83fa8cfa7f233be46da4e1e5dd3 Mon Sep 17 00:00:00 2001 From: Joan Miquel Luque Date: Fri, 15 Sep 2023 13:29:58 +0200 Subject: [PATCH 8/9] Update templates/_helpers.tpl Co-authored-by: Jakub Jaruszewski Signed-off-by: Joan Miquel Luque Oliver --- templates/_helpers.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index a3a1aab34..c6752699c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -539,7 +539,9 @@ POSTGRESQL_PASSWORD: {{ index $secret "data" "POSTGRESQL_PASSWORD" }} REGISTRY_CREDENTIAL_PASSWORD: {{ index $secret "data" "REGISTRY_CREDENTIAL_PASSWORD" }} {{- end }} secret: {{ index $secret "data" "secret" }} +{{- if not .Values.existingSecretSecretKey }} secretKey: {{ index $secret "data" "secretKey" }} +{{- end }} {{- if not .Values.core.secretName }} tls.key: {{ index $secret "data" "tls.key" }} tls.crt: {{ index $secret "data" "tls.crt" }} From ad5963003bdb9da828488bbbda6dccd9e10d0e7f Mon Sep 17 00:00:00 2001 From: Joan Miquel Luque Oliver Date: Fri, 15 Sep 2023 13:34:35 +0200 Subject: [PATCH 9/9] Add missing CONFIG_OVERWRITE_JSON value Signed-off-by: Joan Miquel Luque Oliver --- templates/_helpers.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index c6752699c..8b1b0c469 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -528,6 +528,7 @@ app: "{{ template "harbor.name" . }}" {{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "harbor.core" .) ) -}} {{- if $secret -}} {{/* Reusing existing secret data */}} +CONFIG_OVERWRITE_JSON: {{ index $secret "data" "CONFIG_OVERWRITE_JSON" }} CSRF_KEY: {{ index $secret "data" "CSRF_KEY" }} {{- if not .Values.existingSecretAdminPassword }} HARBOR_ADMIN_PASSWORD: {{ index $secret "data" "HARBOR_ADMIN_PASSWORD" }}