diff --git a/charts/intel/README.md b/charts/intel/README.md index bafd7a8..a0aa20f 100644 --- a/charts/intel/README.md +++ b/charts/intel/README.md @@ -31,6 +31,8 @@ The following table lists configurable parameters of the CodeTogether Intel char | `imageCredentials.password` | Docker registry password | `my-customer-password` | | `imageCredentials.email` | Docker registry email | `unused` | | `codetogether.url` | Full URL for the CodeTogether Intel server | `https://` | +| `hqpropertiessecret.enabled` | (Optional) If true, the value in hqpropertiessecret.ref will be used in place of the hqproperties values | `false` | +| `hqpropertiessecret.ref` | (Optional) Name of a Kubernetes secret containing the hqproperties secret. If provided, will override the other values in the hqproperties section | `kubernetes-secret-name` | | `hqproperties.hq.sso.client.id` | Client ID for Single Sign-On (SSO) | `CLIENTID.apps.googleusercontent.com` | | `hqproperties.hq.sso.client.secret` | Client Secret for Single Sign-On (SSO) | `CLIENTSECRET` | | `hqproperties.hq.sso.client.issuer.url` | Issuer URL for Single Sign-On (SSO) | `https://accounts.google.com` | @@ -51,7 +53,6 @@ The following table lists configurable parameters of the CodeTogether Intel char | `java.customCacerts.enabled` | Enables mounting a custom Java trust store (cacerts) | `false` | | `java.customCacerts.cacertsSecretName` | Name of the Kubernetes secret containing the `cacerts` file | `custom-java-cacerts` | | `java.customCacerts.trustStorePasswordKey` | (Optional) Key inside the Kubernetes secret containing the trust store password | `trustStorePassword` | -| `cassandra.passwordSecret` | (Optional) Name of a Kubernetes secret containing the Cassandra database password. | | | `ingress.enabled` | Enables ingress controller resource | `true` | | `ingress.annotations` | Annotations for ingress | `{}` | | `ingress.tls.secretName` | TLS secret name for ingress | `codetogether-intel-tls` | diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index a15aec4..573af19 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -107,7 +107,13 @@ spec: volumes: - name: properties-volume secret: - secretName: {{ if .Values.fullnameOverride }}{{ .Values.fullnameOverride }}-hqproperties{{ else }}hqproperties{{ end }} + secretName: {{- if .Values.hqpropertiessecret.enabled }} + {{- .Values.hqpropertiessecret.ref }} + {{- else if .Values.fullnameOverride }} + {{- printf "%s-hqproperties" .Values.fullnameOverride }} + {{- else }} + {{- "hqproperties" }} + {{- end }} {{- if .Values.java.customCacerts.enabled }} - name: java-cacerts secret: diff --git a/charts/intel/templates/secret-properties.yaml b/charts/intel/templates/secret-properties.yaml index 998c94b..a1d1746 100644 --- a/charts/intel/templates/secret-properties.yaml +++ b/charts/intel/templates/secret-properties.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.hqpropertiessecret.enabled }} apiVersion: v1 kind: Secret metadata: @@ -5,14 +6,7 @@ metadata: type: Opaque stringData: cthq.properties: |- - {{- $cassandraPassword := "" }} - {{- if and (hasKey .Values "cassandra") (hasKey .Values.cassandra "passwordSecret") .Values.cassandra.passwordSecret (lookup "v1" "Secret" .Release.Namespace .Values.cassandra.passwordSecret) }} - {{- $cassandraPassword := (lookup "v1" "Secret" .Release.Namespace .Values.cassandra.passwordSecret).data.cassandraPassword | b64dec }} - {{- end }} {{- range $key, $value := .Values.hqproperties }} - {{- if and (eq $key "hq.cassandra.db.password") $cassandraPassword }} - {{ $key }}={{ $cassandraPassword }} - {{- else }} - {{ $key }}={{ $value }} - {{- end }} - {{- end }} \ No newline at end of file + {{ $key }}={{ $value }} + {{- end }} +{{- end }} diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml index ba8cf44..c33abdb 100644 --- a/charts/intel/values.yaml +++ b/charts/intel/values.yaml @@ -59,11 +59,10 @@ hqproperties: # default datacenter name is 'datacenter1' # hq.cassandra.db.localdatacenter: datacenter1 -# Optional property, if provided the value from the secret will be used as the cassandra DB password -# This will overwrite the value in the hqproperties hq.cassandra.db.password -# The secret must have a key named 'cassandraPassword' -cassandra: - passwordSecret: "" +# Optional properties, if enabled is true, the values in the secret will be used as the hqproperties secret +hqpropertiessecret: + enabled: false + ref: "intel-test-hqproperties-arbitrary" java: customCacerts: