Pr2clearml rand sensitive info (#1)

* adding new secret rand condition + change chare name * adjusting values.yaml information * removing hard-coded secrets * returning name to origin for PR * also removing secureAuthTokenSecret * update version + annotation
2025-04-17 01:31:13 +00:00 · 2025-04-13 17:28:45 +02:00 · 2025-04-13 17:28:45 +02:00 · 59dd720d13
commit 59dd720d13
parent 747c018adb
3 changed files with 24 additions and 24 deletions
--- a/charts/clearml/Chart.yaml
+++ b/charts/clearml/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: clearml
 description: MLOps platform
 type: application
-version: "7.14.4"
+version: "7.14.5"
 appVersion: "2.0"
 kubeVersion: ">= 1.21.0-0 < 1.33.0-0"
 home: https://clear.ml
@ -32,5 +32,5 @@ dependencies:
    condition: elasticsearch.enabled
 annotations:
  artifacthub.io/changes: |
-    - kind: fixed
-      description: "casted port to string before concatenation"
+    - kind: added
+      description: "Generate default random secrets for clearml-conf if values are not provided"
--- a/charts/clearml/templates/clearml-secrets.yaml
+++ b/charts/clearml/templates/clearml-secrets.yaml
@ -3,13 +3,13 @@ kind: Secret
 metadata:
  name: clearml-conf
 data:
-  apiserver_key: {{ .Values.clearml.apiserverKey | b64enc }}
-  apiserver_secret: {{ .Values.clearml.apiserverSecret | b64enc }}
-  fileserver_key: {{ .Values.clearml.fileserverKey | b64enc }}
-  fileserver_secret: {{ .Values.clearml.fileserverSecret | b64enc }}
-  secure_auth_token_secret: {{ .Values.clearml.secureAuthTokenSecret | b64enc }}
-  test_user_key: {{ .Values.clearml.testUserKey | b64enc }}
-  test_user_secret: {{ .Values.clearml.testUserSecret | b64enc }}
+  apiserver_key: {{ if .Values.clearml.apiserverKey }}{{ .Values.clearml.apiserverKey | b64enc | quote }}{{ else }}{{ randAlpha 20 | upper | b64enc | quote }}{{ end }}
+  apiserver_secret: {{ if .Values.clearml.apiserverSecret }}{{ .Values.clearml.apiserverSecret | b64enc | quote }}{{ else }}{{ randAlpha 49 | upper | b64enc | quote }}{{ end }}
+  fileserver_key: {{ if .Values.clearml.fileserverKey }}{{ .Values.clearml.fileserverKey | b64enc | quote }}{{ else }}{{ randAlpha 20 | upper | b64enc | quote }}{{ end }}
+  fileserver_secret: {{ if .Values.clearml.fileserverSecret }}{{ .Values.clearml.fileserverSecret | b64enc | quote }}{{ else }}{{ randAlpha 49 | upper | b64enc | quote }}{{ end }}
+  secure_auth_token_secret: {{ if .Values.clearml.secureAuthTokenSecret }}{{ .Values.clearml.secureAuthTokenSecret | b64enc | quote }}{{ else }}{{ randAlpha 50 | b64enc | quote }}{{ end }}
+  test_user_key: {{ if .Values.clearml.testUserKey }}{{ .Values.clearml.testUserKey | b64enc | quote }}{{ else }}{{ randAlpha 20 | upper | b64enc | quote }}{{ end }}
+  test_user_secret: {{ if .Values.clearml.testUserSecret }}{{ .Values.clearml.testUserSecret | b64enc | quote }}{{ else }}{{ randAlpha 50 | upper | b64enc | quote }}{{ end }}
 ---
 {{- if .Values.imageCredentials.enabled }}
 {{- if not .Values.imageCredentials.existingSecret }}
--- a/charts/clearml/values.yaml
+++ b/charts/clearml/values.yaml
@ -26,24 +26,24 @@ clearml:
  cookieDomain: ""
  # -- Company name
  defaultCompany: "d1bd92a3b039400cbafc60a7a5b1e52b"
-  # -- Api Server basic auth key
-  apiserverKey: GGS9F4M6XB2DXJ5AFT9F
-  # -- Api Server basic auth secret
-  apiserverSecret: 2oGujVFhPfaozhpuz2GzQfA5OyxmMsR3WVJpsCR5hrgHFs20PO
-  # -- File Server basic auth key
-  fileserverKey: XXCRJ123CEE2KSQ068WO
-  # -- File Server basic auth secret
-  fileserverSecret: YIy8EVAC7QCT4FtgitxAQGyW7xRHDZ4jpYlTE7HKiscpORl1hG
+  # -- Api Server basic auth key (will be randomly generated if empty)
+  apiserverKey: ""
+  # -- Api Server basic auth secret (will be randomly generated if empty)
+  apiserverSecret: ""
+  # -- File Server basic auth key (will be randomly generated if empty)
+  fileserverKey: ""
+  # -- File Server basic auth secret (will be randomly generated if empty)
+  fileserverSecret: ""
  # -- Readiness probe basic auth key
  readinessprobeKey: GK4PRTVT3706T25K6BA1
  # -- Readiness probe basic auth secret
  readinessprobeSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
-  # -- Secure Auth secret
-  secureAuthTokenSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
-  # -- Test Server basic auth key
-  testUserKey: "ENP39EQM4SLACGD5FXB7"
-  # -- Test File Server basic auth secret
-  testUserSecret: "lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"
+  # -- Secure Auth secret (will be randomly generated if empty)
+  secureAuthTokenSecret: ""
+  # -- Test Server basic auth key (will be randomly generated if empty)
+  testUserKey: ""
+  # -- Test File Server basic auth secret (will be randomly generated if empty)
+  testUserSecret: ""
  # -- Override the API Urls displayed when showing an example of the SDK's clearml.conf configuration
  clientConfigurationApiUrl: ""
  # -- Override the Files Urls displayed when showing an example of the SDK's clearml.conf configuration