From 5ebff144fca435d7387fe9a22bd43ccedb01bed2 Mon Sep 17 00:00:00 2001 From: jessebot Date: Sun, 19 Jan 2025 14:53:44 +0100 Subject: [PATCH] add APP_KEY generation and parameter --- charts/pixelfed/Chart.yaml | 2 +- charts/pixelfed/templates/deployment.yaml | 12 ++++++++++++ charts/pixelfed/templates/secret_app_key.yaml | 13 +++++++++++++ charts/pixelfed/values.yaml | 11 +++++++++++ 4 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 charts/pixelfed/templates/secret_app_key.yaml diff --git a/charts/pixelfed/Chart.yaml b/charts/pixelfed/Chart.yaml index 200b092..51e8ada 100644 --- a/charts/pixelfed/Chart.yaml +++ b/charts/pixelfed/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.1 +version: 0.12.0 # This is the version number of the application being deployed. # renovate:image=ghcr.io/mattlqx/docker-pixelfed diff --git a/charts/pixelfed/templates/deployment.yaml b/charts/pixelfed/templates/deployment.yaml index f864415..16fdbde 100644 --- a/charts/pixelfed/templates/deployment.yaml +++ b/charts/pixelfed/templates/deployment.yaml @@ -67,6 +67,18 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} + # pixelfed app key + - name: APP_KEY + valueFrom: + secretKeyRef: + {{- if and .Values.pixelfed.app.existingSecret .Values.pixelfed.app.existingSecretKey }} + name: {{ .Values.pixelfed.app.existingSecret }} + key: {{ .Values.pixelfed.app.existingSecretKey }} + {{- else }} + name: {{ include "pixelfed.fullname" . }}-app-key + key: key + {{- end }} + # valkey AKA redis {{- if and .Values.externalValkey.enabled .Values.externalValkey.existingSecretKeys.host }} - name: REDIS_HOST diff --git a/charts/pixelfed/templates/secret_app_key.yaml b/charts/pixelfed/templates/secret_app_key.yaml new file mode 100644 index 0000000..3506346 --- /dev/null +++ b/charts/pixelfed/templates/secret_app_key.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.pixelfed.app.existingSecret }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "pixelfed.fullname" . }}-app-key +data: + {{ if .Values.pixelfed.app.key }} + key: {{ .Values.pixelfed.app.key | b64enc }} + {{- else }} + key: {{ randAlphaNum 32 | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/pixelfed/values.yaml b/charts/pixelfed/values.yaml index bc2ce2d..0177088 100644 --- a/charts/pixelfed/values.yaml +++ b/charts/pixelfed/values.yaml @@ -305,6 +305,17 @@ pixelfed: # app specific settings app: + # -- This key is used by the Illuminate encrypter service and should + # be set to a random, 32 character string, otherwise these encrypted strings + # will not be safe. If you don't generate one, we'll generate one for you + # however it will change everytime you upgrade the helm chart, so it should + # only be used for testing. In production, please set this, or pixelfed.app.existingSecret + key: "" + # -- use an existing Kuberentes Secret to store the app key + # If set, ignores pixelfed.app.key + existingSecret: "" + # -- key in pixelfed.app.existingSecret to use for the app key + existingSecretKey: "" # -- The name of your server/instance name: "Pixelfed" # -- The app environment, keep it set to "production"