Skip to content

feat: Allow setting SEQ_FIRSTRUN_ADMINPASSWORD and SEQ_FIRSTRUN_ADMINPASSWORDHASH from Secret#65

Merged
KodrAus merged 1 commit intodatalust:mainfrom
mloskot:ml/feat/firstrun-password-from-secret
Jul 1, 2025
Merged

feat: Allow setting SEQ_FIRSTRUN_ADMINPASSWORD and SEQ_FIRSTRUN_ADMINPASSWORDHASH from Secret#65
KodrAus merged 1 commit intodatalust:mainfrom
mloskot:ml/feat/firstrun-password-from-secret

Conversation

@mloskot
Copy link
Copy Markdown
Contributor

@mloskot mloskot commented Jun 25, 2025
edited
Loading

If firstRunAdminPasswordSecret or firstRunAdminPasswordHashSecret object is defined with name of existing Kubernetes secret and its data key, hen envFrom is used to define the container environment variable with password or password hash value retrieved from the given secret key.

Closes #64

Warning

I'm Helm templates rookie, I'm not sure how to test it without releasing a new chart. There seem to be no test cases defined.

Examples

Here are values.yaml samples:

firstRunAdminPasswordSecret:
  name: my-seq-password
  key: password

Or, after update discussed in sub-thread that began in #65 (comment),

firstRunAdminPasswordHashSecret:
  name: my-seq-password-hash
  key: password

@mloskot mloskot mentioned this pull request Jun 25, 2025
Closed
KodrAus
KodrAus reviewed Jun 26, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@KodrAus KodrAus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this @mloskot! I haven't figure out decent CI for Helm yet so I tend to test changes to the chart locally with helm install, which can accept a local filepath to a chart.

I think we'll just need to update this if block: https://github.com/datalust/helm.datalust.co/blob/main/charts/seq/templates/deployment.yaml#L183 to also accept a value in .Values.firstRunAdminPasswordSecret.

@mloskot
Copy link
Copy Markdown
Contributor Author

mloskot commented Jun 26, 2025
edited
Loading

@KodrAus Pleasure. It's also an opportunity to finally learn some Helm charts development :)

I haven't figure out decent CI for Helm yet so I tend to test changes to the chart locally with helm install, which can accept a local filepath to a chart.

Yes, as I displayed in the resolved comment #65 (comment), I've learned these three tools:

helm lint
helm template --debug ...
helm install --dry-run --debug ...

I've also learned Helm v3 introduced schemas for values, so perhaps it is a good idea to stick values.schema.json next to values.yaml or is it an overkill? What do you think?

I think we'll just need to update this if block: https://github.com/datalust/helm.datalust.co/blob/main/charts/seq/templates/deployment.yaml#L183 to also accept a value in .Values.firstRunAdminPasswordSecret.

Good point. Done.

KodrAus
KodrAus reviewed Jun 27, 2025
View reviewed changes
@mloskot
Copy link
Copy Markdown
Contributor Author

mloskot commented Jun 28, 2025

@KodrAus What do you think about setting SEQ_FIRSTRUN_ADMINPASSWORDHASH / firstRunAdminPasswordHash from a secret passed via firstRunAdminPasswordHashSecret ?

@KodrAus
Copy link
Copy Markdown
Member

KodrAus commented Jun 30, 2025

@mloskot I don't see any harm in supporting it 👍 If you're feeling keen to roll that in to this PR we can take a look, otherwise I'm happy to merge this and leave that for the future. Since the password hash is already safe to leave in cleartext it's less of an issue I think.

KodrAus
KodrAus approved these changes Jun 30, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@KodrAus KodrAus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mloskot! This looks good to me.

@mloskot
feat: Allow setting SEQ_FIRSTRUN_ADMINPASSWORD and SEQ_FIRSTRUN_ADMIN…
1397857 
…PASSWORDHASHa from Secret

If `firstRunAdminPasswordSecret` or  `firstRunAdminPasswordHashSecret` object
is defined with `name` of existing Kubernetes secret and its data `key`,
then `envFrom` is used to define the container environment variable with
password or password hash value retrieved from the given secret key.

Closes #64

Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
@mloskot mloskot changed the title feat: Allow setting SEQ_FIRSTRUN_ADMINPASSWORD from Secret feat: Allow setting SEQ_FIRSTRUN_ADMINPASSWORD and SEQ_FIRSTRUN_ADMINPASSWORDHASHa from Secret Jun 30, 2025
@mloskot
Copy link
Copy Markdown
Contributor Author

mloskot commented Jun 30, 2025
edited
Loading

@KodrAus I think it makes sense to complete this PR. So, I've updated this PR with the implementation of firstRunAdminPasswordHashSecret. Having values.yaml with required values set, all the helm lint and helm template --debug commands succeeded for me.

KodrAus
KodrAus approved these changes Jul 1, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@KodrAus KodrAus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working through all this @mloskot. This looks good to me 👍

@KodrAus KodrAus changed the title feat: Allow setting SEQ_FIRSTRUN_ADMINPASSWORD and SEQ_FIRSTRUN_ADMINPASSWORDHASHa from Secret feat: Allow setting SEQ_FIRSTRUN_ADMINPASSWORD and SEQ_FIRSTRUN_ADMINPASSWORDHASH from Secret Jul 1, 2025
@KodrAus KodrAus merged commit 3691de6 into datalust:main Jul 1, 2025
1 check passed
@mloskot mloskot deleted the ml/feat/firstrun-password-from-secret branch July 2, 2025 06:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KodrAus KodrAus KodrAus approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow setting SEQ_FIRSTRUN_ADMINPASSWORD and SEQ_FIRSTRUN_ADMINPASSWORDHASH from Kubernetes secret

2 participants

@mloskot @KodrAus