Store credentials in secret rather then directly in the values

J12934 · J12934 · commit c9f19d3ea359 · 2020-04-16T20:58:42.000+02:00
diff --git a/persistence/persistence-elastic/templates/persistence-provider.yaml b/persistence/persistence-elastic/templates/persistence-provider.yaml
@@ -16,12 +16,24 @@ spec:
 {{- end }}
 {{- if and .Values.authentication.user.username .Values.authentication.user.password }}
     - name: ELASTICSEARCH_USERNAME
-      value: {{ .Values.authentication.user.username | quote }}
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "persistence-elastic.fullname" . }}
+          key: username
     - name: ELASTICSEARCH_PASSWORD
-      value: {{ .Values.authentication.user.password | quote }}
-{{- else if .Values.authentication.apikey.key }}
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "persistence-elastic.fullname" . }}
+          key: password
+{{- else if and .Values.authentication.apiKey.id .Values.authentication.apiKey.key }}
     - name: ELASTICSEARCH_APIKEY_ID
-      value: {{ .Values.authentication.apikey.id | quote }}
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "persistence-elastic.fullname" . }}
+          key: apiKey
     - name: ELASTICSEARCH_APIKEY
-      value: {{ .Values.authentication.apikey.key | quote }}
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "persistence-elastic.fullname" . }}
+          key: apiKeyId
 {{- end }}
diff --git a/persistence/persistence-elastic/templates/secret.yaml b/persistence/persistence-elastic/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.authentication.user.username .Values.authentication.user.password .Values.authentication.apiKey.key .Values.authentication.apiKey.id }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "persistence-elastic.fullname" . }}
+type: Opaque
+data:  
+{{- if and .Values.authentication.user.username .Values.authentication.user.password  }}
+  username: {{ .Values.authentication.user.username | b64enc | quote }}
+  password: {{ .Values.authentication.user.password | b64enc | quote }}
+{{- end }}
+{{- if and .Values.authentication.apiKey.key .Values.authentication.apiKey.id  }}
+  apiKey: {{ .Values.authentication.apiKey.key | b64enc | quote }}
+  apiKeyId: {{ .Values.authentication.apiKey.id | b64enc | quote }}
+{{- end }}
+{{- end }}
diff --git a/persistence/persistence-elastic/values.yaml b/persistence/persistence-elastic/values.yaml
@@ -18,8 +18,8 @@ authentication:
   user:
     username: null
     password: null
-  apikey:
-    # Todo(@J12934) figure out when the "id" field is required for api keys.
+  apiKey:
+    id: null
     key: null
 
 elasticsearch:
