mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-08 00:11:38 +01:00
41 lines
1.4 KiB
Markdown
41 lines
1.4 KiB
Markdown
<!--
|
|
SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
|
SPDX-License-Identifier: Apache-2.0
|
|
-->
|
|
|
|
<h1>External Secrets</h1>
|
|
|
|
This document covers how to utilise external secrets and special requirements.
|
|
|
|
<!-- TOC -->
|
|
* [General](#general)
|
|
* [Components](#components)
|
|
* [MinIO](#minio)
|
|
<!-- TOC -->
|
|
|
|
# General
|
|
|
|
For most components when set the external secret will supersede e.g. a password in a `values.yaml` file.
|
|
|
|
The file [`external_secrets.yaml`](/helmfile/environments/default/external_secrets.yaml.gotmpl) lists all possible references to external secrets that are currently implemented in openDesk.
|
|
|
|
# Components
|
|
|
|
This section covers information and special requirements to external secrets that some Helm Charts expect.
|
|
|
|
## MinIO
|
|
|
|
Like described in the [upstream `values.yaml`](https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml#L1595) credentials and information about a user in external secrets listed in `usersExistingSecrets` have to be formatted as follows:
|
|
|
|
```yaml
|
|
stringData:
|
|
username1: |
|
|
username=test-username
|
|
password=test-password
|
|
disabled=false
|
|
policies=readwrite,consoleAdmin,diagnostics
|
|
setPolicies=fa
|
|
```
|
|
|
|
Further we need the credentials introduced at MinIO in various other components that didn't implement the special format from MinIO. Hence we have to create key-value-pairs of the passwords for them.
|