diff --git a/charts/sn-platform-slim/templates/streamnative-console/streamnative-console-statefulset.yaml b/charts/sn-platform-slim/templates/streamnative-console/streamnative-console-statefulset.yaml index 7fabc66ef..c67f18110 100644 --- a/charts/sn-platform-slim/templates/streamnative-console/streamnative-console-statefulset.yaml +++ b/charts/sn-platform-slim/templates/streamnative-console/streamnative-console-statefulset.yaml @@ -134,6 +134,12 @@ spec: if [ -f "/pulsar-manager/secrets/pulsar-jwt/TOKEN" ]; then export TOKEN=$(cat /pulsar-manager/secrets/pulsar-jwt/TOKEN) fi + if [ -f "/pulsar-manager/secrets/db-password/DB_PASSWORD" ]; then + export DB_PASSWORD=$(cat /pulsar-manager/secrets/db-password/DB_PASSWORD) + fi + if [ -f "/pulsar-manager/secrets/db-password/NEW_PASSWORD" ]; then + export NEW_PASSWORD=$(cat /pulsar-manager/secrets/db-password/NEW_PASSWORD) + fi /pulsar-manager/entrypoint.sh env: - name: SPRING_CONFIGURATION_FILE @@ -148,18 +154,10 @@ spec: - name: GLOBAL_RESOURCE_READ_ONLY value: "true" {{- end }} - {{- if .Values.streamnative_console.configData.DB_PASSWORD }} - - name: DB_PASSWORD - value: {{ .Values.streamnative_console.configData.DB_PASSWORD | b64dec | quote }} - {{- end }} {{- if hasSuffix "-all" .Values.images.streamnative_console.tag }} - name: DB_BASE value: sqlite {{- end }} - {{- if .Values.streamnative_console.configData.NEW_PASSWORD }} - - name: NEW_PASSWORD - value: {{ .Values.streamnative_console.configData.NEW_PASSWORD | b64dec | quote }} - {{- end }} - name: CONNECTOR_ENABLED value: "{{ .Values.streamnative_console.configData.CONNECTOR_ENABLED | default "true" }}" {{- with .Values.streamnative_console.extraEnv }} @@ -299,6 +297,11 @@ spec: mountPath: /pulsar-manager/secrets/pulsar-jwt readOnly: true {{- end }} + {{- if .Values.streamnative_console.dbPasswordSecret }} + - name: db-password-secret + mountPath: /pulsar-manager/secrets/db-password + readOnly: true + {{- end }} - name: "{{ template "pulsar.fullname" . }}-{{ .Values.streamnative_console.component }}-gateway" image: "{{ .Values.images.streamnative_console.repository }}:{{ .Values.images.streamnative_console.tag }}" imagePullPolicy: {{ .Values.images.streamnative_console.pullPolicy }} @@ -437,6 +440,12 @@ spec: secretName: {{ .Values.streamnative_console.login.sso.pulsarJwt.config.SERVICE_ACCOUNT_SUPER_TOKEN_SECRET }} defaultMode: 0440 {{- end }} + {{- if .Values.streamnative_console.dbPasswordSecret }} + - name: db-password-secret + secret: + secretName: {{ .Values.streamnative_console.dbPasswordSecret }} + defaultMode: 0440 + {{- end }} {{- if .Values.streamnative_console.securityContext }} securityContext: {{- toYaml .Values.streamnative_console.securityContext | nindent 8 }} {{- end }} diff --git a/charts/sn-platform-slim/values.yaml b/charts/sn-platform-slim/values.yaml index dd3b50405..3dda202ba 100644 --- a/charts/sn-platform-slim/values.yaml +++ b/charts/sn-platform-slim/values.yaml @@ -2396,10 +2396,20 @@ streamnative_console: GRAFANA_AUTH_PROXY_USER: "" CONNECTOR_ENABLED: true OPENAPI_ENABLED: false - # please use base64 encoded your password - DB_PASSWORD: "" # Extra environment variables for streamnative-console container extraEnv: [] + # Secret name containing DB_PASSWORD and NEW_PASSWORD keys + # The secret should have two keys: DB_PASSWORD and NEW_PASSWORD + # Example command to create the secret: + # kubectl create secret generic my-db-password-secret \ + # --from-literal=DB_PASSWORD=your-db-password \ + # --from-literal=NEW_PASSWORD=your-new-password + # Example command to update the secret: + # kubectl create secret generic my-db-password-secret \ + # --from-literal=DB_PASSWORD=your-new-db-password \ + # --from-literal=NEW_PASSWORD=your-new-password \ + # --dry-run=client -o yaml | kubectl apply -f - + dbPasswordSecret: "" login: sso: diff --git a/charts/sn-platform/templates/streamnative-console/streamnative-console-statefulset.yaml b/charts/sn-platform/templates/streamnative-console/streamnative-console-statefulset.yaml index 43c9237de..8f0153a25 100644 --- a/charts/sn-platform/templates/streamnative-console/streamnative-console-statefulset.yaml +++ b/charts/sn-platform/templates/streamnative-console/streamnative-console-statefulset.yaml @@ -176,6 +176,12 @@ spec: if [ -f "/pulsar-manager/secrets/pulsar-jwt/TOKEN" ]; then export TOKEN=$(cat /pulsar-manager/secrets/pulsar-jwt/TOKEN) fi + if [ -f "/pulsar-manager/secrets/db-password/DB_PASSWORD" ]; then + export DB_PASSWORD=$(cat /pulsar-manager/secrets/db-password/DB_PASSWORD) + fi + if [ -f "/pulsar-manager/secrets/db-password/NEW_PASSWORD" ]; then + export NEW_PASSWORD=$(cat /pulsar-manager/secrets/db-password/NEW_PASSWORD) + fi /pulsar-manager/entrypoint.sh env: - name: SPRING_CONFIGURATION_FILE @@ -192,18 +198,10 @@ spec: - name: GLOBAL_RESOURCE_READ_ONLY value: "true" {{- end }} - {{- if .Values.streamnative_console.configData.DB_PASSWORD }} - - name: DB_PASSWORD - value: {{ .Values.streamnative_console.configData.DB_PASSWORD | b64dec | quote }} - {{- end }} {{- if hasSuffix "-all" .Values.images.streamnative_console.tag }} - name: DB_BASE value: sqlite {{- end }} - {{- if .Values.streamnative_console.configData.NEW_PASSWORD }} - - name: NEW_PASSWORD - value: {{ .Values.streamnative_console.configData.NEW_PASSWORD | b64dec | quote }} - {{- end }} - name: CONNECTOR_ENABLED value: "{{ .Values.streamnative_console.configData.CONNECTOR_ENABLED | default "true" }}" {{- with .Values.streamnative_console.extraEnv }} @@ -352,6 +350,11 @@ spec: mountPath: /pulsar-manager/secrets/pulsar-jwt readOnly: true {{- end }} + {{- if .Values.streamnative_console.dbPasswordSecret }} + - name: db-password-secret + mountPath: /pulsar-manager/secrets/db-password + readOnly: true + {{- end }} - name: "{{ template "pulsar.fullname" . }}-{{ .Values.streamnative_console.component }}-gateway" image: "{{ .Values.images.streamnative_console.repository }}:{{ .Values.images.streamnative_console.tag }}" {{- if .Values.streamnative_console.securityContext }} @@ -496,6 +499,12 @@ spec: secretName: {{ .Values.streamnative_console.login.sso.pulsarJwt.config.SERVICE_ACCOUNT_SUPER_TOKEN_SECRET }} defaultMode: 0440 {{- end }} + {{- if .Values.streamnative_console.dbPasswordSecret }} + - name: db-password-secret + secret: + secretName: {{ .Values.streamnative_console.dbPasswordSecret }} + defaultMode: 0440 + {{- end }} {{- if .Values.streamnative_console.securityContext }} securityContext: {{- toYaml .Values.streamnative_console.securityContext | nindent 8 }} {{- end }} diff --git a/charts/sn-platform/values.yaml b/charts/sn-platform/values.yaml index 4bef142d4..12118763c 100644 --- a/charts/sn-platform/values.yaml +++ b/charts/sn-platform/values.yaml @@ -2487,10 +2487,20 @@ streamnative_console: CONNECTOR_ENABLED: true CUSTOM_PAYLOAD_ENABLED: false OPENAPI_ENABLED: false - # please use base64 encoded your password - DB_PASSWORD: "" # Extra environment variables for streamnative-console container extraEnv: [] + # Secret name containing DB_PASSWORD and NEW_PASSWORD keys + # The secret should have two keys: DB_PASSWORD and NEW_PASSWORD + # Example command to create the secret: + # kubectl create secret generic my-db-password-secret \ + # --from-literal=DB_PASSWORD=your-db-password \ + # --from-literal=NEW_PASSWORD=your-new-password + # Example command to update the secret: + # kubectl create secret generic my-db-password-secret \ + # --from-literal=DB_PASSWORD=your-new-db-password \ + # --from-literal=NEW_PASSWORD=your-new-password \ + # --dry-run=client -o yaml | kubectl apply -f - + dbPasswordSecret: "" login: sso: