From cd9f42e14383075446b506157f3211085373a146 Mon Sep 17 00:00:00 2001
From: Nicolas <nicolas@mathmast.com>
Date: Mon, 18 Aug 2025 17:38:47 +0800
Subject: [PATCH] Changed the secret configuration of central storage

---
 .../central-storage-config.yaml               |  4 +++-
 .../templates/central-storage/deployment.yaml |  2 ++
 .../central-storage/freeleapssecret.yaml      |  2 +-
 .../helm-pkg/centralStorage/values.prod.yaml  | 24 ++++++++++++++++---
 freeleaps/helm-pkg/centralStorage/values.yaml | 22 +++++++++++++++++
 5 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/freeleaps/helm-pkg/centralStorage/templates/central-storage/central-storage-config.yaml b/freeleaps/helm-pkg/centralStorage/templates/central-storage/central-storage-config.yaml
index ed2879e0..c101489b 100644
--- a/freeleaps/helm-pkg/centralStorage/templates/central-storage/central-storage-config.yaml
+++ b/freeleaps/helm-pkg/centralStorage/templates/central-storage/central-storage-config.yaml
@@ -13,7 +13,9 @@ data:
   MONGODB_PORT: {{ .Values.centralStorage.configs.mongodbPort | toString | b64enc }}
   METRICS_ENABLED: {{ .Values.centralStorage.configs.metricsEnabled | default false | toString | b64enc }}
   PROBES_ENABLED: {{ .Values.centralStorage.configs.probesEnabled | default false | toString | b64enc }}
-  DEBUG_MODE: {{ .Values.centralStorage.configs.debugMode | default false | toString | b64enc }}
+  {{- if .Values.centralStorage.configs.debugMode }}
+  DEBUG_MODE: {{ .Values.centralStorage.configs.debugMode | toString | b64enc }}
+  {{- end }}
   LOG_BASE_PATH: {{ .Values.logIngest.logPath | b64enc | quote }}
   BACKEND_LOG_FILE_NAME: {{ .Values.centralStorage.configs.appName | b64enc | quote }}
   APPLICATION_ACTIVITY_LOG: {{ .Values.centralStorage.configs.appName | printf "%s-activity" | b64enc | quote }}
\ No newline at end of file
diff --git a/freeleaps/helm-pkg/centralStorage/templates/central-storage/deployment.yaml b/freeleaps/helm-pkg/centralStorage/templates/central-storage/deployment.yaml
index 4ebf5979..c762571c 100644
--- a/freeleaps/helm-pkg/centralStorage/templates/central-storage/deployment.yaml
+++ b/freeleaps/helm-pkg/centralStorage/templates/central-storage/deployment.yaml
@@ -100,12 +100,14 @@ spec:
           {{- end}}
           env:
             {{- range $key, $value := .Values.centralStorage.configs }}
+            {{- if not (or (eq $key "mongodbUri") (eq $key "azureStorageDocumentApiKey") (eq $key "azureStorageDocumentApiEndpoint")) }}
             - name: {{ $key | snakecase | upper }}
               valueFrom:
                 secretKeyRef:
                   name: central-storage-config
                   key: {{ $key | snakecase | upper }}
             {{- end }}
+            {{- end }}
             # Inject secrets from FreeleapsSecret object
             {{- if .Values.centralStorage.secrets }}
             {{ $targetSecretName := .Values.centralStorage.secrets.target.name }}
diff --git a/freeleaps/helm-pkg/centralStorage/templates/central-storage/freeleapssecret.yaml b/freeleaps/helm-pkg/centralStorage/templates/central-storage/freeleapssecret.yaml
index 68874ae9..79005529 100644
--- a/freeleaps/helm-pkg/centralStorage/templates/central-storage/freeleapssecret.yaml
+++ b/freeleaps/helm-pkg/centralStorage/templates/central-storage/freeleapssecret.yaml
@@ -1,7 +1,7 @@
 apiVersion: freeleaps.com/v1alpha1
 kind: FreeleapsSecret
 metadata:
-  name: freeleaps-central-storage-alpha-secrets
+  name: {{ .Values.centralStorage.secrets.target.name }}
   namespace: {{ .Release.Namespace }}
 spec:
   secretStoreRef:
diff --git a/freeleaps/helm-pkg/centralStorage/values.prod.yaml b/freeleaps/helm-pkg/centralStorage/values.prod.yaml
index ee7ef8c7..1905576e 100644
--- a/freeleaps/helm-pkg/centralStorage/values.prod.yaml
+++ b/freeleaps/helm-pkg/centralStorage/values.prod.yaml
@@ -73,11 +73,29 @@ centralStorage:
     serviceApiAccessPort: 8005
     mongodbName: freeleaps2
     mongodbPort: 27017
-    mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority
-    azureStorageDocumentApiKey: xbiFtFeQ6v5dozgVM99fZ9huUomL7QcLu6s0y8zYHtIXZ8XdneKDMcg4liQr/9oNlVoRFcZhWjLY+ASt9cjICQ==
-    azureStorageDocumentApiEndpoint: https://freeleaps1document.blob.core.windows.net/
     metricsEnabled: 'true'
     probesEnabled: 'true'
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-central-storage-prod-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-prod-mongodb-uri"
+          type: Secret
+      - key: azureStorageDocumentApiKey
+        remoteRef:
+          key: "freeleaps-prod-azure-storage-document-api-key"
+          type: Secret
+      - key: azureStorageDocumentApiEndpoint
+        remoteRef:
+          key: "freeleaps-prod-azure-storage-document-api-endpoint"
+          type: Secret
   vpa:
     minAllowed:
       enabled: true
diff --git a/freeleaps/helm-pkg/centralStorage/values.yaml b/freeleaps/helm-pkg/centralStorage/values.yaml
index 2973ee1e..a2cab729 100644
--- a/freeleaps/helm-pkg/centralStorage/values.yaml
+++ b/freeleaps/helm-pkg/centralStorage/values.yaml
@@ -69,6 +69,28 @@ central-storage:
     metricsEnabled: "false"
     # PROBES_ENABLED
     probesEnabled: "false"
+  # AKV secrets configuration
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-central-storage-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-mongodb-uri"
+          type: Secret
+      - key: azureStorageDocumentApiKey
+        remoteRef:
+          key: "freeleaps-azure-storage-document-api-key"
+          type: Secret
+      - key: azureStorageDocumentApiEndpoint
+        remoteRef:
+          key: "freeleaps-azure-storage-document-api-endpoint"
+          type: Secret
   vpa:
     minAllowed:
       enabled: false