From f2f042749d070fdba8b2a00fa62c2d529f6eebb5 Mon Sep 17 00:00:00 2001 From: Jaime Conde Date: Tue, 8 Apr 2025 16:17:29 +0200 Subject: [PATCH] feat(intercom): Secret refactor Allows operators to specify existingSecrets as well as pass plain values from which the chart will create its own secrets. --- .../apps/nubus/helmfile-child.yaml.gotmpl | 2 +- .../nubus/values-intercom-service.yaml.gotmpl | 32 ++++++++++++------- .../environments/default/charts.yaml.gotmpl | 8 +++-- .../environments/default/images.yaml.gotmpl | 8 +++-- 4 files changed, 31 insertions(+), 19 deletions(-) diff --git a/helmfile/apps/nubus/helmfile-child.yaml.gotmpl b/helmfile/apps/nubus/helmfile-child.yaml.gotmpl index 7cf92bed..473dd00a 100644 --- a/helmfile/apps/nubus/helmfile-child.yaml.gotmpl +++ b/helmfile/apps/nubus/helmfile-child.yaml.gotmpl @@ -19,7 +19,7 @@ repositories: username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}" + url: "{{ default .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}" # openDesk Keycloak Bootstrap Chart - name: "opendesk-keycloak-bootstrap-repo" keyring: "../../files/gpg-pubkeys/opencode.gpg" diff --git a/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl b/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl index 16405893..bd8c0ea6 100644 --- a/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl +++ b/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl @@ -51,7 +51,8 @@ global: {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} ics: - secret: {{ .Values.secrets.intercom.secret | quote }} + session: + secret: {{ .Values.secrets.intercom.secret | quote }} issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" originRegex: "{{ .Values.global.domain }}" enableSessionCookie: true @@ -63,19 +64,22 @@ ics: domain: {{ .Values.global.domain | quote }} oidc: id: "opendesk-intercom" - secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }} + clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }} matrix: - asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }} subdomain: {{ .Values.global.hosts.synapse | quote }} serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}" + auth: + applicationServiceSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }} nordeck: subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }} portal: - apiKey: {{ .Values.secrets.centralnavigation.apiKey | quote }} + auth: + sharedSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }} redis: host: {{ .Values.cache.intercomService.host | quote }} port: {{ .Values.cache.intercomService.port }} - password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }} + auth: + password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }} openxchange: oci: true url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" @@ -89,7 +93,7 @@ ics: audience: "opendesk-nextcloud" image: imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.intercom.registry | quote }} + registry: {{ .Values.images.intercom.registry | quote }} repository: {{ .Values.images.intercom.repository | quote }} tag: {{ .Values.images.intercom.tag | quote }} @@ -118,15 +122,19 @@ provisioning: config: nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}" keycloak: - url: "http://ums-keycloak:8080/realms/{{ .Values.platform.realm }}/" - username: "kcadmin" realm: {{ .Values.platform.realm | quote }} connection: - host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" - baseUrl: "http://ums-keycloak:8080" - credentialSecret: - name: "ums-opendesk-keycloak-credentials" + protocol: "http" + host: "ums-keycloak" + port: 8080 + auth: + username: "kcadmin" + existingSecret: + name: "ums-opendesk-keycloak-credentials" + keyMapping: + password: "admin_password" key: "admin_password" + # FIXME: Remove this ics_client: clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }} credentialSecret: diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl index 312c09d5..283d32db 100644 --- a/helmfile/environments/default/charts.yaml.gotmpl +++ b/helmfile/environments/default/charts.yaml.gotmpl @@ -138,10 +138,12 @@ charts: # upstreamRepository: "nubus/charts/intercom-service" # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ["2", "0", "1"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/charts-mirror" + # registry: "registry.opencode.de" + # repository: "bmi/opendesk/components/supplier/univention/charts-mirror" + registry: "artifacts.software-univention.de" + repository: "nubus-dev/charts" name: "intercom-service" - version: "2.12.0" + version: "2.13.0-pre-jconde-migrate-secrets" verify: true jitsi: # providerCategory: "Platform" diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index 98305e13..e277488c 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -152,9 +152,11 @@ images: # upstreamRepository: "nubus/images/intercom-service" # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ["2", "1", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service" - tag: "2.12.0@sha256:380476d849fb353dc167ba52a6b0f6235b3fa7561c082e65c37e2242cedb0df1" + # registry: "registry.opencode.de" + # repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service" + registry: "artifacts.software-univention.de" + repository: "nubus-dev/images/intercom-service" + tag: "2.13.0-pre-jconde-migrate-secrets" jibri: # providerCategory: "Supplier" # providerResponsible: "Nordeck"