Merge pull request #20 from CyberHeroRS/feat-secrets

ScribblerCoder · web-flow · commit 23b8a98f9c2c · 2025-10-15T01:07:40.000+03:00
Allow external secrets for S3 and MariaDB
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
@@ -49,6 +49,18 @@ spec:
               name: {{ include "ctfd.fullname" . }}
           env: 
             {{- .Values.ctfd.env | toYaml | nindent 12 }}
+            {{- if and (not .Values.minio.enabled) .Values.ctfd.uploadprovider.s3.secretRef.name }}
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.ctfd.uploadprovider.s3.secretRef.name }}
+                  key: {{ .Values.ctfd.uploadprovider.s3.secretRef.idKey }}
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef: 
+                  name: {{ .Values.ctfd.uploadprovider.s3.secretRef.name }}
+                  key: {{ .Values.ctfd.uploadprovider.s3.secretRef.secretKey }}
+            {{- end }}
             {{- if .Values.minio.enabled }}
             - name: AWS_ACCESS_KEY_ID
               valueFrom:
@@ -61,6 +73,13 @@ spec:
                   name: {{ .Release.Name }}-minio
                   key: rootPassword
             {{- end }}
+            {{- if (index .Values "mariadb-galera").external.secretRef.name }}
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ (index .Values "mariadb-galera").external.secretRef.name }}
+                  key: {{ (index .Values "mariadb-galera").external.secretRef.databaseUrlKey }}
+            {{- end }}
           ports:
             - name: http
               containerPort: {{ .Values.ctfd.service.port }}
diff --git a/templates/secret.yaml b/templates/secret.yaml
@@ -4,12 +4,16 @@ metadata:
   name: {{ include "ctfd.fullname" . }}
 type: Opaque
 data:
+{{- if not (index .Values "mariadb-galera").external.secretRef.name }}
   DATABASE_URL: {{ include "ctfd.DATABASE_URL" . | b64enc }}
+{{- end }}
   REDIS_URL: {{ include "ctfd.REDIS_URL" . | b64enc }}
   SECRET_KEY: {{ randAlphaNum 64 | b64enc }}
 {{- if not .Values.minio.enabled }}
+  {{- if not .Values.ctfd.uploadprovider.s3.secretRef.name }}
   AWS_ACCESS_KEY_ID: {{ .Values.ctfd.uploadprovider.s3.access_key_id | b64enc }}
   AWS_SECRET_ACCESS_KEY: {{ .Values.ctfd.uploadprovider.s3.secret_access_key | b64enc }}
+  {{- end }}
   AWS_S3_BUCKET: {{ .Values.ctfd.uploadprovider.s3.bucket | b64enc }}
   AWS_S3_ENDPOINT_URL: {{ .Values.ctfd.uploadprovider.s3.endpoint_url | b64enc }}
 {{- end }}
diff --git a/values.yaml b/values.yaml
@@ -55,6 +55,10 @@ ctfd:
 
   uploadprovider:
     s3:
+      secretRef:
+        name: null
+        secretKey: AWS_SECRET_ACCESS_KEY
+        idKey: AWS_ACCESS_KEY_ID
       # -- AWS S3 bucket name
       bucket: ""  # external bucket (you should disable Minio. See below)
       # -- AWS S3 bucket region
@@ -220,6 +224,9 @@ mariadb-galera:
   external:
     port: 3306
     host: external-mariadb-host
+    secretRef:
+      name: null
+      databaseUrlKey: DATABASE_URL
     username: ""
     password: ""
     database: ""
