volker.raschek/reposilite-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(secret): enforce basic auth credentials

Browse Source 
This patch remove generation of a random string for the username and password of
the basic auth credentials.

The problem with the random generated basic auth credentials is, that this leads
to a new shasum of the secret. GitOps tools like ArgoCD detects a drift trigger
a rolling update.

To avoid this must now the basic auth credentials be defined to enable
prometheus metrics.
This commit is contained in:
Markus Pesch
2025-10-22 17:14:53 +02:00
parent d2c329e1be
commit d790cd3ec4
6 changed files with 39 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
templates/secretPrometheusBasicAuth.yaml
View File

@@ -14,6 +14,6 @@ metadata:
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
password: {{ default (randAlphaNum 16) .Values.prometheus.metrics.secret.new.basicAuthPassword }}
username: {{ default (randAlphaNum 16) .Values.prometheus.metrics.secret.new.basicAuthUsername }}
password: {{ required "Password for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthPassword }}
username: {{ required "Username for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthUsername }}
{{- end }}