diff --git a/helm-charts/Chart.yaml b/helm-charts/Chart.yaml index 63e932909..00c7ffcd4 100644 --- a/helm-charts/Chart.yaml +++ b/helm-charts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: choreo-apk description: A Helm chart for APK components type: application -version: 1.3.0-13 +version: 1.3.0-14 appVersion: "1.3.0" dependencies: - name: postgresql diff --git a/helm-charts/templates/secret-providers/secret-provider-aws.yaml b/helm-charts/templates/secret-providers/secret-provider-aws.yaml new file mode 100644 index 000000000..0756e1e3a --- /dev/null +++ b/helm-charts/templates/secret-providers/secret-provider-aws.yaml @@ -0,0 +1,144 @@ +{{- if .Values.wso2.apk.secretProviderClass.enabled }} +{{- if eq .Values.wso2.apk.secretProviderClass.provider "aws" }} +--- +# Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. +# +# WSO2 LLC. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: {{ template "apk-helm.resource.prefix" . }}-secrets + namespace: {{ .Release.Namespace }} +spec: + provider: aws + secretObjects: + - secretName: {{ template "apk-helm.resource.prefix" . }}-secrets + type: Opaque + data: + - objectName: ratelimiter_redis_credentials + key: ratelimiter_redis_credentials + - secretName: {{ template "apk-helm.resource.prefix" . }}-system-listener-tls + type: Opaque + data: + - objectName: system-api-listener.key + key: tls.key + - objectName: system-api-listener.crt + key: tls.crt + - secretName: {{ template "apk-helm.resource.prefix" . }}-router-tls + type: Opaque + data: + - objectName: router.key + key: tls.key + - objectName: router.crt + key: tls.crt + parameters: + objects: | + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterRedisCredentials.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: ratelimiter_redis_credentials + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterRedisCredentials.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: adapter.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: adapter.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: adapter-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.routerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: router.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.routerKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: router.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: router-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: ratelimiter.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: ratelimiter.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: ratelimiter-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: commoncontroller.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: commoncontroller.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: commoncontroller-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: system-api-listener.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: system-api-listener.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer-jwks.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer-jwks.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer-jwks-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCaCert.aws.version | quote }} + {{- if .Values.wso2.apk.dp.gatewayRuntime.tracing .Values.wso2.apk.dp.gatewayRuntime.tracing.enabled .Values.wso2.apk.dp.gatewayRuntime.tracing.configProperties .Values.wso2.apk.dp.gatewayRuntime.tracing.configProperties.tls .Values.wso2.apk.dp.gatewayRuntime.tracing.configProperties.tls.enabled }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: tracing-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: tracing.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCert.aws.version | quote }} + {{- end }} +{{- end }} +{{- end }} diff --git a/helm-charts/values.yaml b/helm-charts/values.yaml index 2a9b8c815..e7f71108f 100644 --- a/helm-charts/values.yaml +++ b/helm-charts/values.yaml @@ -53,14 +53,23 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" adapterKey: vault: key: "" path: "" + aws: + secretName: "" + version: "" adapterCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" adapterCaCert: azure: secretName: "" @@ -68,14 +77,23 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerKey: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerCaCert: azure: secretName: "" @@ -83,14 +101,23 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" routerKey: vault: key: "" path: "" + aws: + secretName: "" + version: "" routerCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" routerCaCert: azure: secretName: "" @@ -98,14 +125,23 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" ratelimiterKey: vault: key: "" path: "" + aws: + secretName: "" + version: "" ratelimiterCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" ratelimiterCaCert: azure: secretName: "" @@ -113,14 +149,23 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" commonControllerKey: vault: key: "" path: "" + aws: + secretName: "" + version: "" commonControllerCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" commonControllerCaCert: azure: secretName: "" @@ -128,6 +173,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" systemApiListenerKey: azure: secretName: "" @@ -135,6 +183,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" systemApiListenerCert: azure: secretName: "" @@ -142,6 +193,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerJwksKey: azure: secretName: "" @@ -149,10 +203,16 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerJwksCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerJwksCaCert: azure: secretName: "" @@ -160,6 +220,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" tracingCaCert: azure: secretName: "" @@ -167,6 +230,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" tracingCert: azure: secretName: "" @@ -174,6 +240,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" helmHooks: webhooksCleanupEnabled: true webhooksCleanup: