icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The production environment of the authentication service also fully supports AKV.

Browse Source
This commit is contained in:
Nicolas 2025-08-18 17:44:17 +08:00
parent cd9f42e143
commit 86f989e405
4 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
freeleaps/helm-pkg/authentication/templates/authentication/authentication-config.yaml
View File

@ -9,13 +9,11 @@ data:
APP_NAME: {{ .Values.authentication.configs.appName | b64enc | quote }}
DEVSVC_WEBAPI_URL_BASE: {{ .Values.authentication.configs.devsvcWebapiUrlBase | b64enc | quote }}
NOTIFICATION_WEBAPI_URL_BASE: {{ .Values.authentication.configs.notificationWebapiUrlBase | b64enc | quote }}
JWT_SECRET_KEY: {{ .Values.authentication.configs.jwtSecretKey | b64enc | quote }}
JWT_ALGORITHM: {{ .Values.authentication.configs.jwtAlgorithm | b64enc | quote }}
SERVICE_API_ACCESS_HOST: {{ .Values.authentication.configs.serviceApiAccessHost | b64enc | quote }}
SERVICE_API_ACCESS_PORT: {{ .Values.authentication.configs.serviceApiAccessPort | toString | b64enc }}
MONGODB_NAME: {{ .Values.authentication.configs.mongodbName | b64enc | quote }}
MONGODB_PORT: {{ .Values.authentication.configs.mongodbPort | toString | b64enc }}
MONGODB_URI: {{ .Values.authentication.configs.mongodbUri | b64enc | quote }}
METRICS_ENABLED: {{ .Values.authentication.configs.metricsEnabled | default false | toString | b64enc }}
PROBES_ENABLED: {{ .Values.authentication.configs.probesEnabled | default false | toString | b64enc }}

4
freeleaps/helm-pkg/authentication/templates/authentication/deployment.yaml
View File

@ -100,13 +100,16 @@ spec:
{{- end}}
env:
{{- range $key, $value := .Values.authentication.configs }}
{{- if not (or (eq $key "jwtSecretKey") (eq $key "mongodbUri")) }}
- name: {{ $key | snakecase | upper }}
valueFrom:
secretKeyRef:
name: authentication-config
key: {{ $key | snakecase | upper }}
{{- end }}
{{- end }}
# inject from secret created by FreeleapsSecret object
{{- if .Values.authentication.secrets }}
{{ $targetSecretName := .Values.authentication.secrets.target.name }}
{{- range .Values.authentication.secrets.data }}
- name: {{ .key | snakecase | upper }}
@ -115,6 +118,7 @@ spec:
name: {{ $targetSecretName }}
key: {{ .key }}
{{- end }}
{{- end }}
{{- if .Values.logIngest.enabled }}
volumeMounts:
- name: app-logs

19
freeleaps/helm-pkg/authentication/values.prod.yaml
View File

@ -66,15 +66,30 @@ authentication:
appName: authentication
devsvcWebapiUrlBase: http://devsvc-service.freeleaps-prod.svc.freeleaps.cluster:8007/api/devsvc/
notificationWebapiUrlBase: http://notification-service.freeleaps-prod.svc.freeleaps.cluster:8003/api/notification/
jwtSecretKey: ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0
jwtAlgorithm: HS256
serviceApiAccessHost: 0.0.0.0
serviceApiAccessPort: 8004
mongodbName: freeleaps2
mongodbPort: 27017
mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority
metricsEnabled: 'true'
probesEnabled: 'true'
secrets:
secretStoreRef:
kind: FreeleapsSecretStore
name: freeleaps-main-secret-store
target:
name: "freeleaps-authentication-prod-secrets"
creationPolicy: "Owner"
refreshInterval: 30s
data:
- key: jwtSecretKey
remoteRef:
key: "freeleaps-prod-jwt-secret-key"
type: Secret
- key: mongodbUri
remoteRef:
key: "freeleaps-prod-mongodb-uri"
type: Secret
vpa:
minAllowed:
enabled: true

18
freeleaps/helm-pkg/authentication/values.yaml
View File

@ -84,6 +84,24 @@ authentication:
metricsEnabled: "false"
# PROBES_ENABLED
probesEnabled: "false"
# AKV secrets configuration
secrets:
secretStoreRef:
kind: FreeleapsSecretStore
name: freeleaps-main-secret-store
target:
name: "freeleaps-authentication-secrets"
creationPolicy: "Owner"
refreshInterval: 30s
data:
- key: jwtSecretKey
remoteRef:
key: "freeleaps-jwt-secret-key"
type: Secret
- key: mongodbUri
remoteRef:
key: "freeleaps-mongodb-uri"
type: Secret
vpa:
minAllowed:
enabled: false