Merge branch '993-remove-default-passwords-in-values-yaml' into 'main'

Resolve "Remove default passwords in values.yaml"

Closes #993

See merge request !296

.gitlab-ci.yml

@@ -67,7 +67,8 @@ install-helmrelease:
         >> values-ci.yaml
     - cat values-ci.yaml
     - time kubectl delete --wait=true namespace "nc$CI_MERGE_REQUEST_IID" || true
-    - time helm --debug install --timeout 20m --create-namespace -n nc$CI_MERGE_REQUEST_IID --wait "nc$CI_MERGE_REQUEST_IID" . -f values-ci.yaml
+    - passgen() { < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c20; }
+    - time helm --debug install --timeout 20m --create-namespace -n nc$CI_MERGE_REQUEST_IID --wait "nc$CI_MERGE_REQUEST_IID" . -f values-ci.yaml --set nextcloud.nextcloud.password=$(passgen),nextcloud.mariadb.auth.password=$(passgen),nextcloud.mariadb.auth.rootPassword=$(passgen),redis.auth.password=$(passgen),onlyoffice.jwtSecret=$(passgen),rabbitmq.auth.password=$(passgen),rabbitmq.auth.erlangCookie=$(passgen),global.onlyofficeDb.password=$(passgen)
   environment:
     name: helmrelease/nc$CI_MERGE_REQUEST_IID
     url: https://files-nc$CI_MERGE_REQUEST_IID.gitlab.stackspin.net

CHANGELOG.md

 # Changelog
 
+## [0.14.1] - 2022-10-20
+
+* Remove default passwords in values.yaml and values-local.yaml.example
+
 ## [0.14.0] - 2022-10-18
 
 * Fix helm test when you try to use ssoLogin

README.md

@@ -18,15 +18,17 @@ correctly. See `values-local.yaml.example` for an example of domain
 configurations you might want to do. These instructions assume you copy
 `values-local.yaml.example` to `values-local.yaml` and edit it.
 
-**NOTE:** It is very important that you overwrite the following password and
+**NOTE:** It is very important that you uncomment and set the following password and
 secrets variables manually when you run helm install:
 
 - `nextcloud.nextcloud.password`
-- `nextcloud.mariadb.db.password`
-- `nextcloud.mariadb.rootUser.password`
+- `nextcloud.mariadb.auth.password`
+- `nextcloud.mariadb.auth.rootPassword`
+- `redis.auth.password`
 - `onlyoffice.jwtSecret`
-- `onlyoffice.database.password`
-- `rabbitmq.rabbitmq.password`
+- `rabbitmq.auth.password`
+- `rabbitmq.auth.erlangCookie`
+- `global.onlyofficeDb.password`
 
 ### Install from the remote repo
 

values-local.yaml.example

 nextcloud:
   nextcloud:
     host: "files.your.domain"
-    password: CHANGE_ME
+    # password: CHANGE_ME
 
   ingress:
     enabled: true
@@ -18,9 +18,9 @@ nextcloud:
 
   # Configure MariaDB chart
   mariadb:
-    auth:
-      password: CHANGE_ME
-      rootPassword: CHANGE_ME
+    auth: {}
+      # password: CHANGE_ME
+      # rootPassword: CHANGE_ME
     architecture: standalone
     # Enable persistence
     # primary:
@@ -29,9 +29,9 @@ nextcloud:
     #     enabled: true
     #     size: 512Mi
   redis:
-    auth:
+    auth: {}
       # Shared redis password for Nextcloud and OnlyOffice
-      password: CHANGE_ME
+      # password: CHANGE_ME
 
   # Creates a kubernetes cronJob object that runs nextcloud's cron.php
   # every 5 minutes (*/5 * * * *)
@@ -43,12 +43,12 @@ nextcloud:
   #   size: 2Gi
 
 global:
-  onlyofficeDb:
-    password: CHANGE_ME
+  onlyofficeDb: {}
+    # password: CHANGE_ME
 
 onlyoffice:
   server_name: "office.your.domain"
-  jwtSecret: CHANGE_ME
+  # jwtSecret: CHANGE_ME
   ingress:
     enabled: true
     annotations:
@@ -62,8 +62,8 @@ onlyoffice:
         secretName: office-cert
 
 rabbitmq:
-  auth:
-    password: CHANGE_ME
+  auth: {}
+    # password: CHANGE_ME
 
 # apps controls which apps will be installed and enabled in nextcloud
 # apps:

values.yaml

@@ -67,7 +67,7 @@ global:
     name: onlyoffice
     port: 3306
     user: onlyoffice
-    # password:
+    # password: password
 
 
 onlyoffice:
@@ -75,7 +75,7 @@ onlyoffice:
 
   replicaCount: 1
 
-  jwtSecret: secret
+  # jwtSecret: secret
 
   # Enable font generation during startup.
   # This takes a long time and is not needed if you don't provide custom
@@ -193,9 +193,9 @@ onlyoffice:
     failureThreshold: 120
 
 rabbitmq:
-  auth:
-    password: password
-    erlangCookie: stub
+  auth: {}
+    # password: password
+    # erlangCookie: stub
 
 sociallogin:
   update_profile_on_login: 1