From 9ff140ce29232fc58520261b676bff5ea555792f Mon Sep 17 00:00:00 2001 From: Andrii Korotkov Date: Sun, 22 Dec 2024 05:04:10 -0800 Subject: [PATCH] More options for elasticsearch secret creation Sometimes you don't want to include secret data in Git manifest for security reasons, e.g. when storing manifests in Git and deploying with ArgoCD. However, you may still want to generate a secret itself and then edit it's data section later, e.g. manually with kubectl. Provide more options of generating the secret while keeping backwards compatibility. related: #45140 Signed-off-by: Andrii Korotkov --- .../secrets/elasticsearch-secret.yaml | 18 ++++++++++-------- chart/values.schema.json | 5 +++++ chart/values.yaml | 2 ++ 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/chart/templates/secrets/elasticsearch-secret.yaml b/chart/templates/secrets/elasticsearch-secret.yaml index aea70f7af91c8..4dbaf69a5c01b 100644 --- a/chart/templates/secrets/elasticsearch-secret.yaml +++ b/chart/templates/secrets/elasticsearch-secret.yaml @@ -20,11 +20,11 @@ ################################ ## Elasticsearch Secret ################################# -{{- if (and .Values.elasticsearch.enabled (not .Values.elasticsearch.secretName)) }} +{{- if (and .Values.elasticsearch.enabled (or (not .Values.elasticsearch.secretName) .Values.elasticsearch.alwaysGenerateSecret)) }} apiVersion: v1 kind: Secret metadata: - name: {{ include "airflow.fullname" . }}-elasticsearch + name: {{ template "elasticsearch_secret" . }} labels: release: {{ .Release.Name }} chart: {{ .Chart.Name }} @@ -33,12 +33,14 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} type: Opaque +{{- with .Values.elasticsearch.connection }} +{{- if . }} data: - {{- with .Values.elasticsearch.connection }} - {{- if and .user .pass }} - connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery)) "host" (printf "%s:%s" .host ((default 9200 .port) | toString) ) ) | b64enc | quote }} - {{- else }} - connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "host" (printf "%s:%s" .host ((default 9200 .port) | toString))) | b64enc | quote }} - {{- end }} + {{- if and .user .pass }} + connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery)) "host" (printf "%s:%s" .host ((default 9200 .port) | toString) ) ) | b64enc | quote }} + {{- else }} + connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "host" (printf "%s:%s" .host ((default 9200 .port) | toString))) | b64enc | quote }} {{- end }} {{- end }} +{{- end }} +{{- end }} diff --git a/chart/values.schema.json b/chart/values.schema.json index 52939b48c5c98..a8f0a49628a8b 100644 --- a/chart/values.schema.json +++ b/chart/values.schema.json @@ -8000,6 +8000,11 @@ ], "default": null }, + "alwaysGenerateSecret": { + "description": "Whether to generate a secret even if secret name is specified.", + "type": "boolean", + "default": false + }, "connection": { "description": "Elasticsearch connection configuration.", "type": "object", diff --git a/chart/values.yaml b/chart/values.yaml index adf68c3a194d3..f84418631daf0 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -2463,6 +2463,8 @@ elasticsearch: enabled: false # A secret containing the connection secretName: ~ + # Whether to generate a secret even if secret name is specified + alwaysGenerateSecret: false # Or an object representing the connection # Example: # connection: