update app version & add secret with password

Author: nikmel2803

Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: codex-docs
 description: A Helm chart for CodeX Docs
 type: application
-version: 0.0.4
-appVersion: "v0.1.2"
+version: 0.1.4
+appVersion: "v0.2.0"

templates/_helpers.tpl

@@ -60,3 +60,50 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Returns the available value for certain key in an existing secret (if it exists),
+otherwise it generates a random value.
+*/}}
+{{- define "getValueFromSecret" }}
+{{- $len := (default 16 .Length) | int -}}
+{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
+{{- if $obj }}
+{{- index $obj .Key | b64dec -}}
+{{- else -}}
+{{- randAlphaNum $len -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Return codex.docs password
+*/}}
+{{- define "codexdocs.password" -}}
+{{- if empty .Values.auth.password -}}
+{{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "codexdocs.fullname" .) "Length" 20 "Key" "docs-password")  -}}
+{{- else -}}
+{{- .Values.auth.password -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password secret.
+*/}}
+{{- define "codexdocs.secretName" -}}
+{{- if .Values.auth.existingSecret -}}
+{{- printf "%s" .Values.auth.existingSecret -}}
+{{- else -}}
+{{- printf "%s" (include "codexdocs.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password key to be retrieved from secret.
+*/}}
+{{- define "codexdocs.secretPasswordKey" -}}
+{{- if and .Values.auth.existingSecret .Values.auth.existingSecretPasswordKey -}}
+{{- printf "%s" .Values.auth.existingSecretPasswordKey -}}
+{{- else -}}
+{{- printf "docs-password" -}}
+{{- end -}}
+{{- end -}}

templates/deployment.yaml

@@ -43,6 +43,12 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "codexdocs.secretName" . }}
+                  key: {{ template "codexdocs.secretPasswordKey" . }}
           volumeMounts:
             - name: config
               mountPath: /usr/src/app/.codexdocsrc

templates/secret.yaml

@@ -0,0 +1,11 @@
+{{- if not .Values.auth.existingSecret -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "codexdocs.fullname" . }}
+  labels:
+    {{- include "codexdocs.labels" . | nindent 4 }}
+type: Opaque
+data:
+  docs-password: {{ include "codexdocs.password" . | b64enc | quote }}
+{{- end -}}

values.yaml

@@ -24,6 +24,21 @@ configuration:
     "uploads": "/usr/src/app/public/uploads"
     "secret": "iamasecretstring"
 
+# Authentication parameters
+auth:
+  # Auth password
+  # Defaults to a random 20-character alphanumeric string if not set
+  #
+  password: ""
+  # The name of an existing secret with auth credentials
+  # NOTE: When it's set, the previous `auth.password` parameter is ignored
+  #
+  existingSecret: ""
+  # Password key to be retrieved from existing secret
+  # NOTE: ignored unless `auth.existingSecret` parameter is set
+  #
+  existingSecretPasswordKey: ""
+
 image:
   repository: ghcr.io/codex-team/codex.docs
   pullPolicy: Always