Changes for conjur secretHandler

Co-authored-by: Frederic <frederic.vanreet@icloud.com>
Co-authored-by: stef.graces <stef.graces@nubera.eu>

Author: stgrace

stackl-agent/templates/stackl-agent/deployment.yaml

@@ -21,7 +21,7 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ template "stackl.agent" . }}-stackl-agent
+      serviceAccountName: {{ template "stackl.agent" . }}
       containers:
         - name: stackl-agent
           image: "{{ .Values.stacklAgent.image }}"
@@ -64,3 +64,39 @@ spec:
             - name: "VAULT_MOUNT_POINT"
               value: "{{ . }}"
             {{- end }}
+            {{- with .Values.stacklAgent.conjurVerify }}
+            - name: CONJUR_VERIFY
+              value: "{{ . }}"
+            {{- end }}
+            {{- with .Values.stacklAgent.authenticatorClientContainerName }}
+            - name: AUTHENTICATOR_CLIENT_CONTAINER_NAME
+              value: "{{ . }}"
+            {{- end }}
+            {{- with .Values.stacklAgent.conjurApplianceUrl }}
+            - name: CONJUR_APPLIANCE_URL
+              value: "{{ . }}"
+            {{- end }}
+            {{- with .Values.stacklAgent.conjurAccount }}
+            - name: CONJUR_ACCOUNT
+              value: "{{ . }}"
+            {{- end }}
+            {{- with .Values.stacklAgent.conjurAuthnTokenFile }}
+            - name: CONJUR_AUTHN_TOKEN_FILE
+              value: "{{ . }}"
+            {{- end }}
+            {{- with .Values.stacklAgent.conjurAuthnUrl }}
+            - name: CONJUR_AUTHN_URL
+              value: "{{ . }}"
+            {{- end }}
+            {{- with .Values.stacklAgent.conjurAuthnLogin }}
+            - name: CONJUR_AUTHN_LOGIN
+              value: "{{ . }}"
+            {{- end }}
+            {{- with .Values.stacklAgent.conjurSslConfigMap }}
+            - name: CONJUR_SSL_CONFIG_MAP
+              value: "{{ . }}"
+            {{- end }}
+            {{- with .Values.stacklAgent.conjurSslConfigMapKey }}
+            - name: CONJUR_SSL_CONFIG_MAP_KEY
+              value: "{{ . }}"
+            {{- end }}

stackl-agent/templates/stackl-agent/service-account.yaml

@@ -2,15 +2,15 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "stackl.agent" . }}-stackl-agent
+  name: {{ template "stackl.agent" . }}
   labels:
     {{ include "stackl.labels" . | nindent 4 }}
     component: agent
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ template "stackl.agent" . }}-stackl-jobs
+  name: {{ template "stackl.agent" . }}-jobs
   labels:
     {{ include "stackl.labels" . | nindent 4 }}
     component: agent
@@ -39,12 +39,12 @@ metadata:
   labels:
     {{ include "stackl.labels" . | nindent 4 }}
     component: agent
-  name: {{ template "stackl.agent" . }}-stackl-agent
+  name: {{ template "stackl.agent" . }}
 roleRef:
-  name: {{ template "stackl.agent" . }}-stackl-jobs
+  name: {{ template "stackl.agent" . }}-jobs
   kind: Role
   apiGroup: rbac.authorization.k8s.io
 subjects:
   - kind: ServiceAccount
-    name: {{ template "stackl.agent" . }}-stackl-agent
+    name: {{ template "stackl.agent" . }}
     namespace: {{ .Release.Namespace }}

stackl-agent/values.yaml

@@ -4,7 +4,7 @@ image:
 mode: prod
 
 stacklAgent:
-  image: stacklio/stackl-agent:0.2.0rc1
+  image: stacklio/stackl-agent:v0.2.0
   name: stackl-agent
   replicaCount: 1
   stacklHost:  stackl-core:8080
@@ -13,9 +13,20 @@ stacklAgent:
   agentType: kubernetes
   redisHost: stackl-redis
   redisPort: 6379
+  # secretHandler: vault
   # vaultAddr: https://vault.example.com
   # vaultRole: stackl
   # vaultMountPoint: auth/kubernetes
+  # conjurVerify: "False"
+  # authenticatorClientContainerName: conjur-auth-client
+  # secretHandler: conjur
+  # conjurApplianceUrl: https://conjur-conjur-oss.conjur.svc.cluster.local
+  # conjurAccount: default
+  # conjurAuthnTokenFile: /run/conjur/access-token
+  # conjurAuthnUrl: https://conjur-conjur-oss.conjur.svc.cluster.local/authn-k8s/stackl
+  # conjurAuthnLogin: host/conjur/authn-k8s/stackl/apps/conjur-namespace
+  # conjurSslConfigMap: conjur-cert
+  # conjurSslConfigMapKey: ssl-certificate
 
 # example imagePullSecrets: [name: pull-secret-name]
 imagePullSecrets: []

stackl/Chart.yaml

@@ -4,6 +4,6 @@ description: Stackl description
 
 type: application
 
-version: v0.1.2
+version: v0.2.0
 
-appVersion: v0.1.2
+appVersion: v0.2.0

stackl/templates/stackl-core/deployment.yaml

@@ -41,10 +41,6 @@ spec:
               value: "{{ .Values.datastore.type }}"
             - name: "STACKL_DATASTORE_PATH"
               value: "{{ .Values.datastore.path }}"
-            - name: "STACKL_TASK_BROKER"
-              value: "{{ .Values.taskBroker.type }}"
-            - name: "STACKL_MESSAGE_CHANNEL"
-              value: "{{ .Values.messageChannel.type }}"
             - name: "LOGLEVEL"
               value: "DEBUG"
             - name: "REDIS_HOST"

stackl/values.yaml

@@ -17,14 +17,8 @@ datastore:
 #  type: LFS
 #  path: /lfs_store
 
-taskBroker:
-  type: Custom
-
-messageChannel:
-  type: Redis
-
 stacklCore:
-  image: stacklio/stackl-core:0.2.0rc1
+  image: stacklio/stackl-core:v0.2.0
   name: stackl-core
   serviceType: NodePort
   ingress:
@@ -46,12 +40,12 @@ stacklCore:
   replicaCount: 1
 
 stacklRedis:
-  image: redis:5.0.5
+  image: stacklio/redis:v5.0.3
   name: stackl-redis
   replicaCount: 1
 
 stacklOpa:
-  image: openpolicyagent/opa:0.20.5
+  image: stacklio/opa:v0.21.1
   name: stackl-opa
   ingress:
     enabled: true