From 0c7acf778a3c3716fe44bd3c4a1cc0f18360d7e6 Mon Sep 17 00:00:00 2001 From: Smart Mekiliuwa Date: Thu, 28 May 2026 22:56:20 +0100 Subject: [PATCH 1/2] prepare chart release v3.7.7 --- Chart.lock | 8 ++++---- Chart.yaml | 8 ++++---- README.md | 7 ++++--- charts/agent/Chart.yaml | 4 ++-- charts/agent/templates/_helpers.tpl | 8 ++++++++ charts/agent/templates/deployment.yaml | 24 ++++++++++++++++++++++++ charts/agent/templates/jwt-secret.yaml | 15 +++++++++++++++ charts/agent/templates/rollout.yaml | 24 ++++++++++++++++++++++++ charts/agent/values.yaml | 4 +++- charts/server/Chart.yaml | 4 ++-- charts/server/templates/_helpers.tpl | 8 ++++++++ charts/server/templates/deployment.yaml | 12 ++++++++++++ charts/server/templates/rollout.yaml | 12 ++++++++++++ charts/server/values.yaml | 2 +- values.yaml | 7 +++++-- 15 files changed, 128 insertions(+), 19 deletions(-) create mode 100644 charts/agent/templates/jwt-secret.yaml diff --git a/Chart.lock b/Chart.lock index 049efa3..ee3a8ae 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,9 +7,9 @@ dependencies: version: 17.11.3 - name: agent repository: "" - version: 3.7.6 + version: 3.7.7 - name: server repository: "" - version: 3.7.6 -digest: sha256:25afc9b03cd96a3fa18053eedbf24f0a47747536278a093c7918d6a46ddaa9e3 -generated: "2026-03-23T21:35:32.093441+01:00" + version: 3.7.7 +digest: sha256:b4f07cde63f5a8f23f7f8ba0c1c3fceeb01558a67e2ee067382854ad4553b0e1 +generated: "2026-05-28T21:06:56.373195+01:00" diff --git a/Chart.yaml b/Chart.yaml index 5473a55..ea502c3 100755 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: convoy description: Open Source Webhooks Gateway type: application -version: "3.7.6" -appVersion: "v26.3.5" +version: "3.7.7" +appVersion: "v26.3.7" keywords: - Webhooks - Kubernetes @@ -26,11 +26,11 @@ dependencies: # Vendored subcharts under charts/agent and charts/server (see charts/ directory). - name: agent - version: 3.7.6 + version: 3.7.7 repository: "" condition: agent.enabled - name: server - version: 3.7.6 + version: 3.7.7 repository: "" condition: server.enabled diff --git a/README.md b/README.md index 9058561..bbdc335 100755 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # convoy -![Version: 3.7.6](https://img.shields.io/badge/Version-3.7.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v26.3.5](https://img.shields.io/badge/AppVersion-v26.3.5-informational?style=flat-square) +![Version: 3.7.7](https://img.shields.io/badge/Version-3.7.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v26.3.7](https://img.shields.io/badge/AppVersion-v26.3.7-informational?style=flat-square) Open Source Webhooks Gateway @@ -78,6 +78,7 @@ helm install convoy . | agent.env.dispatcher.deny_list[0] | string | `"127.0.0.1/8"` | | | agent.env.dispatcher.deny_list[1] | string | `"169.254.169.254/32"` | | | agent.env.dispatcher.insecure_skip_verify | bool | `false` | | +| agent.env.auth.jwt.enabled | bool | `true` | | | agent.env.enable_feature_flag | list | `[]` | | | agent.env.enable_profiling | bool | `false` | | | agent.env.environment | string | `"oss"` | | @@ -135,7 +136,7 @@ helm install convoy . | global.convoy.image | string | `"getconvoy/convoy"` | Docker image tags for all convoy components | | global.convoy.jwt_refresh_secret | string | `"convoy-refresh-secret"` | JWT Refresh Secret key | | global.convoy.jwt_secret | string | `"convoy-secret"` | JWT Secret key | -| global.convoy.jwt_secret_name | string | `""` | If this secret parameter is not empty, JWT secret values will be ignored. The secrets should be in the 'jwt_secret' and 'jwt_refresh_secret' keys | +| global.convoy.jwt_secret_name | string | `""` | Existing Kubernetes Secret name for JWT secrets. Recommended for production. When set, JWT secret values are ignored; the secret must contain 'jwt_secret' and 'jwt_refresh_secret' keys. | | global.convoy.license_key | string | `""` | License Key | | global.convoy.license_key_secret_name | string | `""` | If this secret parameter is not empty, the inline license key value will be ignored. The license key should be present in the 'license_key' key of the specified secret. | | global.convoy.log_level | string | `"error"` | Logger Level for all convoy components | @@ -152,7 +153,7 @@ helm install convoy . | global.convoy.sentry_dsn | string | `""` | Sentry DSN | | global.convoy.sentry_environment | string | `"oss"` | Sentry environment | | global.convoy.sentry_sample_rate | float | `1` | Sentry sample rate for error sampling (0.0 to 1.0) | -| global.convoy.tag | string | `"v26.3.5"` | Docker image tags for all convoy components | +| global.convoy.tag | string | `"v26.3.7"` | Docker image tags for all convoy components | | global.convoy.tracer_enabled | bool | `false` | Tracing config for all convoy services | | global.convoy.tracer_type | string | `"otel"` | Tracing provider type | | global.externalDatabase.database | string | `"convoy"` | Database name for the external database | diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml index 40e81ad..c4dbf88 100755 --- a/charts/agent/Chart.yaml +++ b/charts/agent/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: agent description: Convoy Agent Chart type: application -version: "3.7.6" -appVersion: "v26.3.5" +version: "3.7.7" +appVersion: "v26.3.7" maintainers: - name: Convoy Engineering Team email: engineering@getconvoy.io diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl index 0c29f5d..fc12abf 100755 --- a/charts/agent/templates/_helpers.tpl +++ b/charts/agent/templates/_helpers.tpl @@ -49,3 +49,11 @@ Selector labels app.kubernetes.io/name: {{ include "convoy-agent.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{- define "convoy-agent.jwtSecretName" -}} +{{- if .Values.global.convoy.jwt_secret_name -}} +{{- .Values.global.convoy.jwt_secret_name -}} +{{- else -}} +{{- include "convoy-agent.fullname" . }}-jwt +{{- end -}} +{{- end }} diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml index 62df5fa..25c73a1 100755 --- a/charts/agent/templates/deployment.yaml +++ b/charts/agent/templates/deployment.yaml @@ -62,6 +62,18 @@ spec: - name: CONVOY_DB_OPTIONS value: {{ .Values.global.externalDatabase.options | quote }} {{- end }} + - name: CONVOY_JWT_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-agent.jwtSecretName" . }}" + key: jwt_secret + - name: CONVOY_JWT_REFRESH_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-agent.jwtSecretName" . }}" + key: jwt_refresh_secret + - name: CONVOY_JWT_REALM_ENABLED + value: {{ .Values.env.auth.jwt.enabled | quote }} command: [ "/cmd" ] args: [ "migrate", "up" ] {{- with .Values.securityContext }} @@ -100,6 +112,18 @@ spec: - name: CONVOY_DISPATCHER_CACERT_PATH value: "/etc/convoy/ca.crt" {{- end }} + - name: CONVOY_JWT_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-agent.jwtSecretName" . }}" + key: jwt_secret + - name: CONVOY_JWT_REFRESH_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-agent.jwtSecretName" . }}" + key: jwt_refresh_secret + - name: CONVOY_JWT_REALM_ENABLED + value: {{ .Values.env.auth.jwt.enabled | quote }} {{- if and .Values.env.auth.file.secret (ne .Values.env.auth.file.secret "") }} - name: CONVOY_BASIC_AUTH_CONFIG valueFrom: diff --git a/charts/agent/templates/jwt-secret.yaml b/charts/agent/templates/jwt-secret.yaml new file mode 100644 index 0000000..c06ecd6 --- /dev/null +++ b/charts/agent/templates/jwt-secret.yaml @@ -0,0 +1,15 @@ +{{- if and (not .Values.global.convoy.jwt_secret_name) (or .Values.global.convoy.jwt_secret .Values.global.convoy.jwt_refresh_secret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "convoy-agent.jwtSecretName" . }} + labels: + app.kubernetes.io/name: {{ include "convoy-agent.name" . }} + helm.sh/chart: {{ include "convoy-agent.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + jwt_secret: {{ .Values.global.convoy.jwt_secret | default (randAlphaNum 32) | b64enc | quote }} + jwt_refresh_secret: {{ .Values.global.convoy.jwt_refresh_secret | default (randAlphaNum 32) | b64enc | quote }} +{{- end }} diff --git a/charts/agent/templates/rollout.yaml b/charts/agent/templates/rollout.yaml index 596860d..9de17e9 100644 --- a/charts/agent/templates/rollout.yaml +++ b/charts/agent/templates/rollout.yaml @@ -64,6 +64,18 @@ spec: - name: CONVOY_DB_OPTIONS value: {{ .Values.global.externalDatabase.options | quote }} {{- end }} + - name: CONVOY_JWT_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-agent.jwtSecretName" . }}" + key: jwt_secret + - name: CONVOY_JWT_REFRESH_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-agent.jwtSecretName" . }}" + key: jwt_refresh_secret + - name: CONVOY_JWT_REALM_ENABLED + value: {{ .Values.env.auth.jwt.enabled | quote }} command: [ "/cmd" ] args: [ "migrate", "up" ] {{- with .Values.securityContext }} @@ -102,6 +114,18 @@ spec: - name: CONVOY_DISPATCHER_CACERT_PATH value: "/etc/convoy/ca.crt" {{- end }} + - name: CONVOY_JWT_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-agent.jwtSecretName" . }}" + key: jwt_secret + - name: CONVOY_JWT_REFRESH_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-agent.jwtSecretName" . }}" + key: jwt_refresh_secret + - name: CONVOY_JWT_REALM_ENABLED + value: {{ .Values.env.auth.jwt.enabled | quote }} {{- if and .Values.env.auth.file.secret (ne .Values.env.auth.file.secret "") }} - name: CONVOY_BASIC_AUTH_CONFIG valueFrom: diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml index 5e283cc..c948da8 100755 --- a/charts/agent/values.yaml +++ b/charts/agent/values.yaml @@ -73,6 +73,8 @@ env: sign_up_enabled: false log_level: "error" auth: + jwt: + enabled: true file: basic: [] # -- If this secret parameter is not empty, basic auth inline value will be ignored. The basic auth config should be in the 'basic_auth_config' key @@ -154,7 +156,7 @@ env: image: repository: getconvoy/convoy pullPolicy: IfNotPresent - tag: v26.3.5 + tag: v26.3.7 nameOverride: "convoy-agent" fullNameOverride: "convoy-agent" diff --git a/charts/server/Chart.yaml b/charts/server/Chart.yaml index fee5335..ef5d22f 100755 --- a/charts/server/Chart.yaml +++ b/charts/server/Chart.yaml @@ -15,13 +15,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "3.7.6" +version: "3.7.7" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v26.3.5" +appVersion: "v26.3.7" maintainers: - name: Convoy Engineering Team diff --git a/charts/server/templates/_helpers.tpl b/charts/server/templates/_helpers.tpl index 1284001..610f9cb 100755 --- a/charts/server/templates/_helpers.tpl +++ b/charts/server/templates/_helpers.tpl @@ -49,3 +49,11 @@ Selector labels app.kubernetes.io/name: {{ include "convoy-server.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{- define "convoy-server.jwtSecretName" -}} +{{- if .Values.global.convoy.jwt_secret_name -}} +{{- .Values.global.convoy.jwt_secret_name -}} +{{- else -}} +{{- include "convoy-server.fullname" . }}-jwt +{{- end -}} +{{- end }} diff --git a/charts/server/templates/deployment.yaml b/charts/server/templates/deployment.yaml index 5d2006b..f89cc25 100755 --- a/charts/server/templates/deployment.yaml +++ b/charts/server/templates/deployment.yaml @@ -62,6 +62,18 @@ spec: - name: CONVOY_DB_OPTIONS value: {{ .Values.global.externalDatabase.options | quote }} {{- end }} + - name: CONVOY_JWT_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-server.jwtSecretName" . }}" + key: jwt_secret + - name: CONVOY_JWT_REFRESH_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-server.jwtSecretName" . }}" + key: jwt_refresh_secret + - name: CONVOY_JWT_REALM_ENABLED + value: {{ .Values.env.auth.jwt.enabled | quote }} command: [ "/cmd" ] args: [ "migrate", "up" ] {{- with .Values.securityContext }} diff --git a/charts/server/templates/rollout.yaml b/charts/server/templates/rollout.yaml index 4326e9a..18ffbbf 100644 --- a/charts/server/templates/rollout.yaml +++ b/charts/server/templates/rollout.yaml @@ -64,6 +64,18 @@ spec: - name: CONVOY_DB_OPTIONS value: {{ .Values.global.externalDatabase.options | quote }} {{- end }} + - name: CONVOY_JWT_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-server.jwtSecretName" . }}" + key: jwt_secret + - name: CONVOY_JWT_REFRESH_SECRET + valueFrom: + secretKeyRef: + name: "{{ include "convoy-server.jwtSecretName" . }}" + key: jwt_refresh_secret + - name: CONVOY_JWT_REALM_ENABLED + value: {{ .Values.env.auth.jwt.enabled | quote }} command: [ "/cmd" ] args: [ "migrate", "up" ] {{- with .Values.securityContext }} diff --git a/charts/server/values.yaml b/charts/server/values.yaml index 568cf5e..83416e3 100755 --- a/charts/server/values.yaml +++ b/charts/server/values.yaml @@ -157,7 +157,7 @@ env: image: repository: getconvoy/convoy pullPolicy: Always - tag: v26.3.5 + tag: v26.3.7 nameOverride: "convoy-server" fullNameOverride: "convoy-server" diff --git a/values.yaml b/values.yaml index f87a9bc..82a2540 100755 --- a/values.yaml +++ b/values.yaml @@ -3,7 +3,7 @@ global: # -- Docker image tags for all convoy components image: &image "getconvoy/convoy" # -- Docker image tags for all convoy components - tag: &tag "v26.3.5" + tag: &tag "v26.3.7" # -- Logger Level for all convoy components log_level: &logLevel "error" # -- Convoy Environment @@ -12,7 +12,7 @@ global: jwt_secret: &jwtSecret "convoy-secret" # -- JWT Refresh Secret key jwt_refresh_secret: &jwtRefreshSecret "convoy-refresh-secret" - # -- If this secret parameter is not empty, JWT secret values will be ignored. The secrets should be in the 'jwt_secret' and 'jwt_refresh_secret' keys + # -- Existing Kubernetes Secret name for JWT secrets. Recommended for production. When set, JWT secret values are ignored; the secret must contain 'jwt_secret' and 'jwt_refresh_secret' keys. jwt_secret_name: "" # -- Tracing config for all convoy services tracer_enabled: &tracerEnabled false @@ -188,6 +188,9 @@ agent: proxy: "" sign_up_enabled: false log_level: *logLevel + auth: + jwt: + enabled: true smtp: enabled: false from: "" From daed61a4ad1fef1f984c372812bd8ba5f37d1f3f Mon Sep 17 00:00:00 2001 From: Smart Mekiliuwa Date: Fri, 29 May 2026 11:09:14 +0100 Subject: [PATCH 2/2] fix jwt fallback for migrate init containers --- README.md | 2 ++ charts/agent/templates/deployment.yaml | 14 ++++++++++++++ charts/agent/templates/rollout.yaml | 14 ++++++++++++++ charts/agent/values.yaml | 2 ++ charts/server/templates/deployment.yaml | 7 +++++++ charts/server/templates/rollout.yaml | 7 +++++++ values.yaml | 2 ++ 7 files changed, 48 insertions(+) diff --git a/README.md b/README.md index bbdc335..73a288d 100755 --- a/README.md +++ b/README.md @@ -79,6 +79,8 @@ helm install convoy . | agent.env.dispatcher.deny_list[1] | string | `"169.254.169.254/32"` | | | agent.env.dispatcher.insecure_skip_verify | bool | `false` | | | agent.env.auth.jwt.enabled | bool | `true` | | +| agent.env.auth.jwt.refresh_secret | string | `"convoy-refresh-secret"` | | +| agent.env.auth.jwt.secret | string | `"convoy-secret"` | | | agent.env.enable_feature_flag | list | `[]` | | | agent.env.enable_profiling | bool | `false` | | | agent.env.environment | string | `"oss"` | | diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml index 25c73a1..24fce32 100755 --- a/charts/agent/templates/deployment.yaml +++ b/charts/agent/templates/deployment.yaml @@ -62,6 +62,7 @@ spec: - name: CONVOY_DB_OPTIONS value: {{ .Values.global.externalDatabase.options | quote }} {{- end }} + {{- if or .Values.global.convoy.jwt_secret_name .Values.global.convoy.jwt_secret .Values.global.convoy.jwt_refresh_secret }} - name: CONVOY_JWT_SECRET valueFrom: secretKeyRef: @@ -72,6 +73,12 @@ spec: secretKeyRef: name: "{{ include "convoy-agent.jwtSecretName" . }}" key: jwt_refresh_secret + {{- else }} + - name: CONVOY_JWT_SECRET + value: {{ .Values.env.auth.jwt.secret | quote }} + - name: CONVOY_JWT_REFRESH_SECRET + value: {{ .Values.env.auth.jwt.refresh_secret | quote }} + {{- end }} - name: CONVOY_JWT_REALM_ENABLED value: {{ .Values.env.auth.jwt.enabled | quote }} command: [ "/cmd" ] @@ -112,6 +119,7 @@ spec: - name: CONVOY_DISPATCHER_CACERT_PATH value: "/etc/convoy/ca.crt" {{- end }} + {{- if or .Values.global.convoy.jwt_secret_name .Values.global.convoy.jwt_secret .Values.global.convoy.jwt_refresh_secret }} - name: CONVOY_JWT_SECRET valueFrom: secretKeyRef: @@ -122,6 +130,12 @@ spec: secretKeyRef: name: "{{ include "convoy-agent.jwtSecretName" . }}" key: jwt_refresh_secret + {{- else }} + - name: CONVOY_JWT_SECRET + value: {{ .Values.env.auth.jwt.secret | quote }} + - name: CONVOY_JWT_REFRESH_SECRET + value: {{ .Values.env.auth.jwt.refresh_secret | quote }} + {{- end }} - name: CONVOY_JWT_REALM_ENABLED value: {{ .Values.env.auth.jwt.enabled | quote }} {{- if and .Values.env.auth.file.secret (ne .Values.env.auth.file.secret "") }} diff --git a/charts/agent/templates/rollout.yaml b/charts/agent/templates/rollout.yaml index 9de17e9..86ae7e7 100644 --- a/charts/agent/templates/rollout.yaml +++ b/charts/agent/templates/rollout.yaml @@ -64,6 +64,7 @@ spec: - name: CONVOY_DB_OPTIONS value: {{ .Values.global.externalDatabase.options | quote }} {{- end }} + {{- if or .Values.global.convoy.jwt_secret_name .Values.global.convoy.jwt_secret .Values.global.convoy.jwt_refresh_secret }} - name: CONVOY_JWT_SECRET valueFrom: secretKeyRef: @@ -74,6 +75,12 @@ spec: secretKeyRef: name: "{{ include "convoy-agent.jwtSecretName" . }}" key: jwt_refresh_secret + {{- else }} + - name: CONVOY_JWT_SECRET + value: {{ .Values.env.auth.jwt.secret | quote }} + - name: CONVOY_JWT_REFRESH_SECRET + value: {{ .Values.env.auth.jwt.refresh_secret | quote }} + {{- end }} - name: CONVOY_JWT_REALM_ENABLED value: {{ .Values.env.auth.jwt.enabled | quote }} command: [ "/cmd" ] @@ -114,6 +121,7 @@ spec: - name: CONVOY_DISPATCHER_CACERT_PATH value: "/etc/convoy/ca.crt" {{- end }} + {{- if or .Values.global.convoy.jwt_secret_name .Values.global.convoy.jwt_secret .Values.global.convoy.jwt_refresh_secret }} - name: CONVOY_JWT_SECRET valueFrom: secretKeyRef: @@ -124,6 +132,12 @@ spec: secretKeyRef: name: "{{ include "convoy-agent.jwtSecretName" . }}" key: jwt_refresh_secret + {{- else }} + - name: CONVOY_JWT_SECRET + value: {{ .Values.env.auth.jwt.secret | quote }} + - name: CONVOY_JWT_REFRESH_SECRET + value: {{ .Values.env.auth.jwt.refresh_secret | quote }} + {{- end }} - name: CONVOY_JWT_REALM_ENABLED value: {{ .Values.env.auth.jwt.enabled | quote }} {{- if and .Values.env.auth.file.secret (ne .Values.env.auth.file.secret "") }} diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml index c948da8..b297aca 100755 --- a/charts/agent/values.yaml +++ b/charts/agent/values.yaml @@ -75,6 +75,8 @@ env: auth: jwt: enabled: true + secret: "convoy-secret" + refresh_secret: "convoy-refresh-secret" file: basic: [] # -- If this secret parameter is not empty, basic auth inline value will be ignored. The basic auth config should be in the 'basic_auth_config' key diff --git a/charts/server/templates/deployment.yaml b/charts/server/templates/deployment.yaml index f89cc25..e6a0afa 100755 --- a/charts/server/templates/deployment.yaml +++ b/charts/server/templates/deployment.yaml @@ -62,6 +62,7 @@ spec: - name: CONVOY_DB_OPTIONS value: {{ .Values.global.externalDatabase.options | quote }} {{- end }} + {{- if or .Values.global.convoy.jwt_secret_name .Values.global.convoy.jwt_secret .Values.global.convoy.jwt_refresh_secret }} - name: CONVOY_JWT_SECRET valueFrom: secretKeyRef: @@ -72,6 +73,12 @@ spec: secretKeyRef: name: "{{ include "convoy-server.jwtSecretName" . }}" key: jwt_refresh_secret + {{- else }} + - name: CONVOY_JWT_SECRET + value: {{ .Values.env.auth.jwt.secret | quote }} + - name: CONVOY_JWT_REFRESH_SECRET + value: {{ .Values.env.auth.jwt.refresh_secret | quote }} + {{- end }} - name: CONVOY_JWT_REALM_ENABLED value: {{ .Values.env.auth.jwt.enabled | quote }} command: [ "/cmd" ] diff --git a/charts/server/templates/rollout.yaml b/charts/server/templates/rollout.yaml index 18ffbbf..a1b96ad 100644 --- a/charts/server/templates/rollout.yaml +++ b/charts/server/templates/rollout.yaml @@ -64,6 +64,7 @@ spec: - name: CONVOY_DB_OPTIONS value: {{ .Values.global.externalDatabase.options | quote }} {{- end }} + {{- if or .Values.global.convoy.jwt_secret_name .Values.global.convoy.jwt_secret .Values.global.convoy.jwt_refresh_secret }} - name: CONVOY_JWT_SECRET valueFrom: secretKeyRef: @@ -74,6 +75,12 @@ spec: secretKeyRef: name: "{{ include "convoy-server.jwtSecretName" . }}" key: jwt_refresh_secret + {{- else }} + - name: CONVOY_JWT_SECRET + value: {{ .Values.env.auth.jwt.secret | quote }} + - name: CONVOY_JWT_REFRESH_SECRET + value: {{ .Values.env.auth.jwt.refresh_secret | quote }} + {{- end }} - name: CONVOY_JWT_REALM_ENABLED value: {{ .Values.env.auth.jwt.enabled | quote }} command: [ "/cmd" ] diff --git a/values.yaml b/values.yaml index 82a2540..62e18eb 100755 --- a/values.yaml +++ b/values.yaml @@ -191,6 +191,8 @@ agent: auth: jwt: enabled: true + secret: *jwtSecret + refresh_secret: *jwtRefreshSecret smtp: enabled: false from: ""