Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / c916187ddccbe0ae65e62b0474f84b1b7395b939^! / . / charts / openproject / templates / secret_s3.yaml
commitc916187ddccbe0ae65e62b0474f84b1b7395b939[log] [tgz]
authorgio <gio@v1.dodo.cloud>Sun Apr 21 10:46:35 2024 +0400
committergio <gio@v1.dodo.cloud>Sun Apr 21 12:06:32 2024 +0400
tree0d0c810134a46ff1ca5cdb0f7346e805e2da6b76
parent1de49585e44866e0cc4c4f1bbd9edf34965c0ec1 [diff] [blame]
OpenProject: Helm chart and application config

Change-Id: Ic3e963e72ed4fd7f3d8550feb55ed468dc561884

diff --git a/charts/openproject/templates/secret_s3.yaml b/charts/openproject/templates/secret_s3.yaml
new file mode 100644
index 0000000..354b01e
--- /dev/null
+++ b/charts/openproject/templates/secret_s3.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.s3.enabled }}
+---
+apiVersion: "v1"
+kind: "Secret"
+metadata:
+  name: "{{ include "common.names.fullname" . }}-s3"
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+stringData:
+  OPENPROJECT_ATTACHMENTS__STORAGE: fog
+  OPENPROJECT_FOG_CREDENTIALS_PROVIDER: AWS
+  {{/* Fall back to '_' as secret name if the name is not given. This way `lookup` will return null (since secrets with this name will and cannot exist) which it doesn't with an empty string. */}}
+  {{ $secret := (lookup "v1" "Secret" .Release.Namespace (default "_" .Values.s3.auth.existingSecret)) | default (dict "data" dict) -}}
+  OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: {{
+    default .Values.s3.auth.accessKeyId (get $secret.data .Values.s3.auth.secretKeys.accessKeyId | b64dec) | quote
+  }}
+  OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{
+    default .Values.s3.auth.secretAccessKey (get $secret.data .Values.s3.auth.secretKeys.secretAccessKey | b64dec) | quote
+  }}
+  {{ if .Values.s3.endpoint -}}
+  OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: {{ .Values.s3.endpoint }}
+  {{- end }}
+  {{ if .Values.s3.host -}}
+  OPENPROJECT_FOG_CREDENTIALS_HOST: {{ .Values.s3.host }}
+  {{- end }}
+  {{ if .Values.s3.port -}}
+  OPENPROJECT_FOG_CREDENTIALS_PORT: "{{ .Values.s3.port }}"
+  {{- end }}
+  OPENPROJECT_FOG_DIRECTORY: {{ .Values.s3.bucketName }}
+  OPENPROJECT_FOG_CREDENTIALS_REGION: {{ .Values.s3.region }}
+  OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "{{ .Values.s3.pathStyle }}"
+  OPENPROJECT_FOG_CREDENTIALS_AWS__SIGNATURE__VERSION: "{{ .Values.s3.signatureVersion }}"
+  # remove use_iam_profile fallback after some point
+  OPENPROJECT_FOG_CREDENTIALS_USE__IAM__PROFILE: {{ if or .Values.s3.use_iam_profile .Values.s3.useIamProfile }}"true"{{else}}"false"{{end}}
+  OPENPROJECT_FOG_CREDENTIALS_ENABLE__SIGNATURE__V4__STREAMING: {{ if .Values.s3.enableSignatureV4Streaming }}"true"{{else}}"false"{{end}}
+  OPENPROJECT_DIRECT__UPLOADS: {{ if .Values.s3.directUploads }}"true"{{else}}"false"{{end}}
+...
+{{- end }}