Keygenerator is a helper Docker image that provides tools to generate SSL public/private key pairs and store them in Kubernetes secrets when they don't already exist. This functionality is used to create self-signed certificates for internal communication between different services or pods within abcdesktop.
In the Helm chart, the keysgenerator image is utilized by jobs to generate keys by executing the following command:
openssl genrsa -out abcdesktop_jwt_desktop_payload_private_key.pem {{ .Values.keysgenerator.jwtdesktoppayloadkeylength }} && \
openssl rsa -in abcdesktop_jwt_desktop_payload_private_key.pem -outform PEM -pubout -out _abcdesktop_jwt_desktop_payload_public_key.pem && \
openssl rsa -pubin -in _abcdesktop_jwt_desktop_payload_public_key.pem -RSAPublicKey_out -out abcdesktop_jwt_desktop_payload_public_key.pem && \
if ! kubectl get secret abcdesktopjwtdesktoppayload --namespace={{ .Release.Namespace }} >/dev/null 2>&1;
then
if ! kubectl create secret generic abcdesktopjwtdesktoppayload --from-file=abcdesktop_jwt_desktop_payload_private_key.pem --from-file=abcdesktop_jwt_desktop_payload_public_key.pem --namespace={{ .Release.Namespace }};
then
echo "Failed to create secret"
exit 1
fi
else
echo "Secret already exists"
exit 0
fiThe following jobs are executed once during Helm chart installation or upgrade. If the target secret already exists, it will not be recreated. Otherwise, it will be created with newly generated public/private key pairs:
- generate-jwtdesktoppayload-keys
- generate-jwtdesktopsigning-keys
- generate-jwtusersigning-keys
- generate-mongod-keyfile