From ba83309730bbb406ffc1bde931a7410e4edf93fb Mon Sep 17 00:00:00 2001 From: Andrii Korotkov Date: Sun, 22 Dec 2024 05:04:10 -0800 Subject: [PATCH] More options for elasticsearch secret creation Sometimes you don't want to include secret data in Git manifest for security reasons, e.g. when storing manifests in Git and deploying with ArgoCD. However, you may still want to generate a secret itself and then edit it's data section later, e.g. manually with kubectl. Provide more options of generating the secret while keeping backwards compatibility. Helps with: #45140 Signed-off-by: Andrii Korotkov --- .../secrets/elasticsearch-secret.yaml | 18 ++++++++++-------- chart/values.schema.json | 5 +++++ chart/values.yaml | 2 ++ 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/chart/templates/secrets/elasticsearch-secret.yaml b/chart/templates/secrets/elasticsearch-secret.yaml index aea70f7af91c8..4dbaf69a5c01b 100644 --- a/chart/templates/secrets/elasticsearch-secret.yaml +++ b/chart/templates/secrets/elasticsearch-secret.yaml @@ -20,11 +20,11 @@ ################################ ## Elasticsearch Secret ################################# -{{- if (and .Values.elasticsearch.enabled (not .Values.elasticsearch.secretName)) }} +{{- if (and .Values.elasticsearch.enabled (or (not .Values.elasticsearch.secretName) .Values.elasticsearch.alwaysGenerateSecret)) }} apiVersion: v1 kind: Secret metadata: - name: {{ include "airflow.fullname" . }}-elasticsearch + name: {{ template "elasticsearch_secret" . }} labels: release: {{ .Release.Name }} chart: {{ .Chart.Name }} @@ -33,12 +33,14 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} type: Opaque +{{- with .Values.elasticsearch.connection }} +{{- if . }} data: - {{- with .Values.elasticsearch.connection }} - {{- if and .user .pass }} - connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery)) "host" (printf "%s:%s" .host ((default 9200 .port) | toString) ) ) | b64enc | quote }} - {{- else }} - connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "host" (printf "%s:%s" .host ((default 9200 .port) | toString))) | b64enc | quote }} - {{- end }} + {{- if and .user .pass }} + connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery)) "host" (printf "%s:%s" .host ((default 9200 .port) | toString) ) ) | b64enc | quote }} + {{- else }} + connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "host" (printf "%s:%s" .host ((default 9200 .port) | toString))) | b64enc | quote }} {{- end }} {{- end }} +{{- end }} +{{- end }} diff --git a/chart/values.schema.json b/chart/values.schema.json index 52939b48c5c98..85aff7de01dcd 100644 --- a/chart/values.schema.json +++ b/chart/values.schema.json @@ -8000,6 +8000,11 @@ ], "default": null }, + "alwaysGenerateSecret": { + "description": "Whether to generate a secret even if secretName is specified.", + "type": "boolean", + "default": false + }, "connection": { "description": "Elasticsearch connection configuration.", "type": "object", diff --git a/chart/values.yaml b/chart/values.yaml index adf68c3a194d3..e9804ea3e2a14 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -2463,6 +2463,8 @@ elasticsearch: enabled: false # A secret containing the connection secretName: ~ + # Whether to generate a secret even if secretName is specified + alwaysGenerateSecret: false # Or an object representing the connection # Example: # connection: