From 8ea5e2cb01366e125ba7a8df86e83eebbb858d02 Mon Sep 17 00:00:00 2001 From: Thushani Jayasekera Date: Wed, 29 Oct 2025 21:58:34 +0530 Subject: [PATCH 1/6] Add aws secretprovider template --- .../secret-providers/secret-provider-aws.yaml | 114 ++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 helm-charts/templates/secret-providers/secret-provider-aws.yaml diff --git a/helm-charts/templates/secret-providers/secret-provider-aws.yaml b/helm-charts/templates/secret-providers/secret-provider-aws.yaml new file mode 100644 index 000000000..202afbc7d --- /dev/null +++ b/helm-charts/templates/secret-providers/secret-provider-aws.yaml @@ -0,0 +1,114 @@ +{{- if .Values.wso2.apk.secretProviderClass.enabled }} +{{- if eq .Values.wso2.apk.secretProviderClass.provider "aws" }} +--- +# Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. +# +# WSO2 LLC. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: {{ template "apk-helm.resource.prefix" . }}-secrets + namespace: {{ .Release.Namespace }} +spec: + provider: aws + secretObjects: + - secretName: {{ template "apk-helm.resource.prefix" . }}-secrets + type: Opaque + data: + - objectName: ratelimiter_redis_credentials + key: ratelimiter_redis_credentials + - secretName: {{ template "apk-helm.resource.prefix" . }}-system-listener-tls + type: Opaque + data: + - objectName: system-api-listener.key + key: tls.key + - objectName: system-api-listener.crt + key: tls.crt + - secretName: {{ template "apk-helm.resource.prefix" . }}-router-tls + type: Opaque + data: + - objectName: apk-server.key + key: tls.key + - objectName: apk-server.key + key: tls.crt + - secretName: {{ template "apk-helm.resource.prefix" . }}-apk-server-tls + type: kubernetes.io/tls + data: + - objectName: apk-server.key + key: tls.key + - objectName: apk-server.key + key: tls.crt + - secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-jwks-tls + type: kubernetes.io/tls + data: + - objectName: enforcer-jwks.key + key: tls.key + - objectName: enforcer-jwks.key + key: tls.crt + parameters: + objects: | + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterRedisCredentials.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: ratelimiter_redis_credentials + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterRedisCredentials.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.apkServerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: apk-server.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.apkServerKey.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer-jwks.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: system-api-listener.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: adapter-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCaCert.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCaCert.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: router-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCaCert.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: ratelimiter-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCaCert.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: commoncontroller-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCaCert.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer-jwks-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCaCert.aws.secretKey | quote }} + {{- if .Values.wso2.apk.dp.gatewayRuntime.tracing .Values.wso2.apk.dp.gatewayRuntime.tracing.enabled .Values.wso2.apk.dp.gatewayRuntime.tracing.configProperties .Values.wso2.apk.dp.gatewayRuntime.tracing.configProperties.tls .Values.wso2.apk.dp.gatewayRuntime.tracing.configProperties.tls.enabled }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCaCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: tracing-ca.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCaCert.aws.secretKey | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: tracing.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCert.aws.secretKey | quote }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file From fa4e625e0a634b358038cc64cd3633a8cdaec5e9 Mon Sep 17 00:00:00 2001 From: Thushani Jayasekera Date: Wed, 29 Oct 2025 22:00:48 +0530 Subject: [PATCH 2/6] Add new line --- helm-charts/templates/secret-providers/secret-provider-aws.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/templates/secret-providers/secret-provider-aws.yaml b/helm-charts/templates/secret-providers/secret-provider-aws.yaml index 202afbc7d..d7588a22b 100644 --- a/helm-charts/templates/secret-providers/secret-provider-aws.yaml +++ b/helm-charts/templates/secret-providers/secret-provider-aws.yaml @@ -111,4 +111,4 @@ spec: objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCert.aws.secretKey | quote }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From 9e34957c7f8310436f67787d499f2e768ae22954 Mon Sep 17 00:00:00 2001 From: Thushani Jayasekera Date: Wed, 29 Oct 2025 22:04:22 +0530 Subject: [PATCH 3/6] Update default values yaml file --- helm-charts/values.yaml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/helm-charts/values.yaml b/helm-charts/values.yaml index 2a9b8c815..6ae706837 100644 --- a/helm-charts/values.yaml +++ b/helm-charts/values.yaml @@ -46,6 +46,9 @@ wso2: azure: secretName: "" version: "" + aws: + secretName: "" + secretKey: "" ratelimiterRedisCredentials: azure: secretName: "" @@ -53,6 +56,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" adapterKey: vault: key: "" @@ -68,6 +74,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" enforcerKey: vault: key: "" @@ -83,6 +92,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" routerKey: vault: key: "" @@ -98,6 +110,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" ratelimiterKey: vault: key: "" @@ -113,6 +128,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" commonControllerKey: vault: key: "" @@ -128,6 +146,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" systemApiListenerKey: azure: secretName: "" @@ -135,6 +156,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" systemApiListenerCert: azure: secretName: "" @@ -149,6 +173,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" enforcerJwksCert: vault: key: "" @@ -160,6 +187,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" tracingCaCert: azure: secretName: "" @@ -167,6 +197,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" tracingCert: azure: secretName: "" @@ -174,6 +207,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + secretKey: "" helmHooks: webhooksCleanupEnabled: true webhooksCleanup: From 816f129b7a6050a5f105df030e14ff6b605b8e77 Mon Sep 17 00:00:00 2001 From: Thushani Jayasekera Date: Wed, 29 Oct 2025 22:06:58 +0530 Subject: [PATCH 4/6] Update chart version --- helm-charts/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/Chart.yaml b/helm-charts/Chart.yaml index 63e932909..00c7ffcd4 100644 --- a/helm-charts/Chart.yaml +++ b/helm-charts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: choreo-apk description: A Helm chart for APK components type: application -version: 1.3.0-13 +version: 1.3.0-14 appVersion: "1.3.0" dependencies: - name: postgresql From 56425e2db50b07d09a7efdf3f804061bd98ec909 Mon Sep 17 00:00:00 2001 From: Thushani Jayasekera Date: Wed, 29 Oct 2025 23:02:15 +0530 Subject: [PATCH 5/6] Rename secretKey to version --- .../secret-providers/secret-provider-aws.yaml | 24 +++++++++---------- helm-charts/values.yaml | 24 +++++++++---------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/helm-charts/templates/secret-providers/secret-provider-aws.yaml b/helm-charts/templates/secret-providers/secret-provider-aws.yaml index d7588a22b..d7014b548 100644 --- a/helm-charts/templates/secret-providers/secret-provider-aws.yaml +++ b/helm-charts/templates/secret-providers/secret-provider-aws.yaml @@ -63,52 +63,52 @@ spec: - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterRedisCredentials.aws.secretName | quote }} objectType: secretsmanager objectAlias: ratelimiter_redis_credentials - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterRedisCredentials.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterRedisCredentials.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.apkServerKey.aws.secretName | quote }} objectType: secretsmanager objectAlias: apk-server.key - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.apkServerKey.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.apkServerKey.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.secretName | quote }} objectType: secretsmanager objectAlias: enforcer-jwks.key - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.secretName | quote }} objectType: secretsmanager objectAlias: system-api-listener.key - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: adapter-ca.crt - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCaCert.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCaCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: enforcer-ca.crt - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCaCert.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCaCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: router-ca.crt - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCaCert.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCaCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: ratelimiter-ca.crt - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCaCert.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCaCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: commoncontroller-ca.crt - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCaCert.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCaCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: enforcer-jwks-ca.crt - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCaCert.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCaCert.aws.version | quote }} {{- if .Values.wso2.apk.dp.gatewayRuntime.tracing .Values.wso2.apk.dp.gatewayRuntime.tracing.enabled .Values.wso2.apk.dp.gatewayRuntime.tracing.configProperties .Values.wso2.apk.dp.gatewayRuntime.tracing.configProperties.tls .Values.wso2.apk.dp.gatewayRuntime.tracing.configProperties.tls.enabled }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: tracing-ca.crt - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCaCert.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCaCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: tracing.crt - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCert.aws.secretKey | quote }} + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.tracingCert.aws.version | quote }} {{- end }} {{- end }} {{- end }} diff --git a/helm-charts/values.yaml b/helm-charts/values.yaml index 6ae706837..791f2a493 100644 --- a/helm-charts/values.yaml +++ b/helm-charts/values.yaml @@ -48,7 +48,7 @@ wso2: version: "" aws: secretName: "" - secretKey: "" + version: "" ratelimiterRedisCredentials: azure: secretName: "" @@ -58,7 +58,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" adapterKey: vault: key: "" @@ -76,7 +76,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" enforcerKey: vault: key: "" @@ -94,7 +94,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" routerKey: vault: key: "" @@ -112,7 +112,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" ratelimiterKey: vault: key: "" @@ -130,7 +130,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" commonControllerKey: vault: key: "" @@ -148,7 +148,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" systemApiListenerKey: azure: secretName: "" @@ -158,7 +158,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" systemApiListenerCert: azure: secretName: "" @@ -175,7 +175,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" enforcerJwksCert: vault: key: "" @@ -189,7 +189,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" tracingCaCert: azure: secretName: "" @@ -199,7 +199,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" tracingCert: azure: secretName: "" @@ -209,7 +209,7 @@ wso2: path: "" aws: secretName: "" - secretKey: "" + version: "" helmHooks: webhooksCleanupEnabled: true webhooksCleanup: From b5cf0a60128ec3ee6f5751554da0ab8ffe74a83f Mon Sep 17 00:00:00 2001 From: Thushani Jayasekera Date: Thu, 30 Oct 2025 09:51:01 +0530 Subject: [PATCH 6/6] Update secret provider template for AWS integration --- .../secret-providers/secret-provider-aws.yaml | 82 +++++++++++++------ helm-charts/values.yaml | 39 ++++++++- 2 files changed, 92 insertions(+), 29 deletions(-) diff --git a/helm-charts/templates/secret-providers/secret-provider-aws.yaml b/helm-charts/templates/secret-providers/secret-provider-aws.yaml index d7014b548..0756e1e3a 100644 --- a/helm-charts/templates/secret-providers/secret-provider-aws.yaml +++ b/helm-charts/templates/secret-providers/secret-provider-aws.yaml @@ -40,23 +40,9 @@ spec: - secretName: {{ template "apk-helm.resource.prefix" . }}-router-tls type: Opaque data: - - objectName: apk-server.key + - objectName: router.key key: tls.key - - objectName: apk-server.key - key: tls.crt - - secretName: {{ template "apk-helm.resource.prefix" . }}-apk-server-tls - type: kubernetes.io/tls - data: - - objectName: apk-server.key - key: tls.key - - objectName: apk-server.key - key: tls.crt - - secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-jwks-tls - type: kubernetes.io/tls - data: - - objectName: enforcer-jwks.key - key: tls.key - - objectName: enforcer-jwks.key + - objectName: router.crt key: tls.crt parameters: objects: | @@ -64,38 +50,82 @@ spec: objectType: secretsmanager objectAlias: ratelimiter_redis_credentials objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterRedisCredentials.aws.version | quote }} - - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.apkServerKey.aws.secretName | quote }} - objectType: secretsmanager - objectAlias: apk-server.key - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.apkServerKey.aws.version | quote }} - - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.secretName | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterKey.aws.secretName | quote }} objectType: secretsmanager - objectAlias: enforcer-jwks.key - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.version | quote }} - - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.secretName | quote }} + objectAlias: adapter.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCert.aws.secretName | quote }} objectType: secretsmanager - objectAlias: system-api-listener.key - objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.version | quote }} + objectAlias: adapter.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: adapter-ca.crt objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.adapterCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: enforcer-ca.crt objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.routerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: router.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.routerKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: router.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: router-ca.crt objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.routerCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: ratelimiter.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: ratelimiter.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: ratelimiter-ca.crt objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.ratelimiterCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: commoncontroller.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: commoncontroller.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: commoncontroller-ca.crt objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.commonControllerCaCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: system-api-listener.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: system-api-listener.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.systemApiListenerCert.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer-jwks.key + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksKey.aws.version | quote }} + - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCert.aws.secretName | quote }} + objectType: secretsmanager + objectAlias: enforcer-jwks.crt + objectVersion: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCert.aws.version | quote }} - objectName: {{ .Values.wso2.apk.secretProviderClass.secrets.enforcerJwksCaCert.aws.secretName | quote }} objectType: secretsmanager objectAlias: enforcer-jwks-ca.crt diff --git a/helm-charts/values.yaml b/helm-charts/values.yaml index 791f2a493..e7f71108f 100644 --- a/helm-charts/values.yaml +++ b/helm-charts/values.yaml @@ -46,9 +46,6 @@ wso2: azure: secretName: "" version: "" - aws: - secretName: "" - version: "" ratelimiterRedisCredentials: azure: secretName: "" @@ -63,10 +60,16 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" adapterCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" adapterCaCert: azure: secretName: "" @@ -81,10 +84,16 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerCaCert: azure: secretName: "" @@ -99,10 +108,16 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" routerCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" routerCaCert: azure: secretName: "" @@ -117,10 +132,16 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" ratelimiterCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" ratelimiterCaCert: azure: secretName: "" @@ -135,10 +156,16 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" commonControllerCert: vault: key: "" path: "" + aws: + secretName: "" + version: "" commonControllerCaCert: azure: secretName: "" @@ -166,6 +193,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerJwksKey: azure: secretName: "" @@ -180,6 +210,9 @@ wso2: vault: key: "" path: "" + aws: + secretName: "" + version: "" enforcerJwksCaCert: azure: secretName: ""