You've already forked reposilite-charts
fix(secret): enforce basic auth credentials
This patch remove generation of a random string for the username and password of the basic auth credentials. The problem with the random generated basic auth credentials is, that this leads to a new shasum of the secret. GitOps tools like ArgoCD detects a drift trigger a rolling update. To avoid this must now the basic auth credentials be defined to enable prometheus metrics.
This commit is contained in:
@@ -14,6 +14,6 @@ metadata:
|
||||
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
stringData:
|
||||
password: {{ default (randAlphaNum 16) .Values.prometheus.metrics.secret.new.basicAuthPassword }}
|
||||
username: {{ default (randAlphaNum 16) .Values.prometheus.metrics.secret.new.basicAuthUsername }}
|
||||
password: {{ required "Password for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthPassword }}
|
||||
username: {{ required "Username for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthUsername }}
|
||||
{{- end }}
|
||||
|
@@ -13,6 +13,8 @@ tests:
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
|
||||
|
@@ -13,6 +13,8 @@ tests:
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
|
||||
|
@@ -13,9 +13,29 @@ tests:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Throw error for missing basic auth password
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
# prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Password for basic auth is required!"
|
||||
|
||||
- it: Throw error for missing basic auth username
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
# prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Username for basic auth is required!"
|
||||
|
||||
- it: Rendering secret with default values.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
@@ -51,13 +71,13 @@ tests:
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- exists:
|
||||
- isSubset:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
content:
|
||||
foo: bar
|
||||
- exists:
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
value:
|
||||
content:
|
||||
bar: foo
|
||||
- equal:
|
||||
path: metadata.name
|
||||
|
@@ -53,13 +53,13 @@ tests:
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- exists:
|
||||
- isSubset:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
content:
|
||||
foo: bar
|
||||
- exists:
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
value:
|
||||
content:
|
||||
bar: foo
|
||||
- equal:
|
||||
path: metadata.name
|
||||
|
@@ -78,35 +78,35 @@ tests:
|
||||
service.internalTrafficPolicy: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No internal traffic policy defined!
|
||||
errorMessage: No internal traffic policy defined!
|
||||
|
||||
- it: Require port.
|
||||
set:
|
||||
service.port: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No service port defined!
|
||||
errorMessage: No service port defined!
|
||||
|
||||
- it: Require scheme.
|
||||
set:
|
||||
service.scheme: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No service scheme defined!
|
||||
errorMessage: The scheme of the serviceMonitor is not defined!
|
||||
|
||||
- it: Require sessionAffinity.
|
||||
set:
|
||||
service.sessionAffinity: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No session affinity defined!
|
||||
errorMessage: No session affinity defined!
|
||||
|
||||
- it: Require service type.
|
||||
set:
|
||||
service.type: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No service type defined!
|
||||
errorMessage: No service type defined!
|
||||
|
||||
- it: Render service with custom annotations and labels.
|
||||
set:
|
||||
|
Reference in New Issue
Block a user