Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting up helm values/secrets to deploy opsdroid to kubernetes #27

Open
cosimo opened this issue Feb 23, 2023 · 1 comment
Open

Setting up helm values/secrets to deploy opsdroid to kubernetes #27

cosimo opened this issue Feb 23, 2023 · 1 comment

Comments

@cosimo
Copy link

cosimo commented Feb 23, 2023

Hi! Thanks for setting up this helm chart repository, it helps get things up and running.
I'm not familiar with helm and I've been trying to understand how to embed secrets in my values.yaml file. I've been looking into this for some time, but I haven't figured it out just yet. In particular, I'm having a hard time with how to provide a opsdroid.configuration value in my values.yaml which would contain secrets.

Here's the steps I did.

  1. I added a secrets.yaml file with all the secret values I want to add to my opsdroid configuration, such as datadog api key, aws access key, etc... The secrets file is created with helm secrets encrypt and it's working correctly (the secrets are correctly propagated to kubernetes and are available in the pod as env variables).

  2. I changed the templates/opsdroid-secrets.yaml to be as follows:

apiVersion: v1
kind: Secret
metadata:
  name: opsdroid-config
type: Opaque
data:
  slack_app_token: {{ .Values.slack_app_token | b64enc | quote }}
  slack_bot_token: {{ .Values.slack_bot_token | b64enc | quote }}
  datadog_api_key: {{ .Values.datadog_api_key | b64enc | quote }}
  datadog_application_key: {{ .Values.datadog_application_key | b64enc | quote }}
  aws_access_key_id: {{ .Values.aws_access_key_id | b64enc | quote }}
  aws_secret_access_key: {{ .Values.aws_secret_access_key | b64enc | quote }}
  ...

Originally, this template is instead doing something that I don't understand:

data:
  {{- range .Values.opsdroid.environment }}
  {{ .name }}: '{{ .value | b64enc }}'
  {{- end }}

it seems to be referring to the environment variables defined in values? How would that work?
Are there any examples of this?

  1. Adding values.yaml references to the secrets I just created, as follows:
# values.yaml
---
opsdroid:
  image:
    ...

  ...

  environment: 
    - name: datadog_api_key 
      valueFrom:  
        secretKeyRef:
          name: opsdroid-config
          key: datadog_api_key
    ...

This bit seems to be working correctly, as the env vars are propagated to the pod.
What doesn't work is the following configuration part:

  ...
  configuration: |
     # Here is my actual opsdroid configuration, which needs to refer to the secrets
     logging:
        ...
     welcome-message: false
     connectors:
       slack:
          app-token: "....what do I put here to refer to the secrets?"
          ...

Nothing I tried works, which seems to suggest I need to change approach, but how?
Any suggestions would be welcome, as I've been struggling with this for a few hours now.

Thanks @jacobtomlinson !
@ryanm101
Copy link
Contributor

see my PR #28

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cosimo @ryanm101