diff --git a/couchdb/Chart.yaml b/couchdb/Chart.yaml index 1c825b8..e131d0b 100644 --- a/couchdb/Chart.yaml +++ b/couchdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: couchdb -version: 3.6.1 +version: 3.6.2 appVersion: 3.2.1 description: A database featuring seamless multi-master sync, that scales from big data to mobile, with an intuitive HTTP/JSON API and designed for diff --git a/couchdb/NEWS.md b/couchdb/NEWS.md new file mode 100644 index 0000000..2474ceb --- /dev/null +++ b/couchdb/NEWS.md @@ -0,0 +1,6 @@ +# NEWS + +## 3.6.2 + +- Change the `erlangCookie` to be auto-generated in a stateful fashion (i.e. we auto-generate it once, then leave that + value alone). ([#78](https://github.com/apache/couchdb-helm/issues/78)) diff --git a/couchdb/templates/NOTES.txt b/couchdb/templates/NOTES.txt index a3658bd..0727ca1 100644 --- a/couchdb/templates/NOTES.txt +++ b/couchdb/templates/NOTES.txt @@ -18,3 +18,15 @@ some required system databases: {{- end }} Then it's time to relax. + +{{- $erlangCookie := .Values.erlangFlags.setcookie }} +{{- if (empty $erlangCookie) }} + +NOTE: You are using an auto-generated value for the Erlang Cookie + - We recommend making this value persistent by setting it in: `erlangFlags.setcookie` + - Changing this value can cause problems for the Couch DB installation (particularly upgrades / config changes) + - You can get the current value with: +``` +kubectl -n {{ $.Release.Namespace }} get secret {{ include "couchdb.fullname" . }} --template='{{print "{{" }}index .data "erlangCookie" | base64decode{{ print "}}" }}' +``` +{{- end }} diff --git a/couchdb/templates/_helpers.tpl b/couchdb/templates/_helpers.tpl index f9d013e..2f5c1a4 100644 --- a/couchdb/templates/_helpers.tpl +++ b/couchdb/templates/_helpers.tpl @@ -43,6 +43,29 @@ Create a random string if the supplied key does not exist {{- end -}} {{- end -}} +{{- /* +Create a random string if the supplied "secret" key does not exist. Otherwise create the key in a persistent fashion +using `lookup` and `get`. The "key", "ns", and "secretName" keys need to be provided for this to work +*/ -}} +{{- define "couchdb.defaultsecret-stateful" -}} + {{- if .secret -}} + {{- .secret | b64enc | quote -}} + {{- else -}} + {{- /* generate secret, which will be overwritten if already exists */ -}} + {{- $autoSecret := randAlphaNum 20 | b64enc -}} + {{- if and (not (empty .key)) (not (empty .secretName)) }} + {{- $currentSecret := lookup "v1" "Secret" .ns .secretName }} + {{- if $currentSecret }} + {{- /* already exists, looking up */ -}} + {{- $autoSecret = get $currentSecret.data .key -}} + {{- end }} + {{- end }} + {{- print $autoSecret | quote -}} + {{- end -}} +{{- end -}} + + + {{/* Labels used to define Pods in the CouchDB statefulset */}} @@ -78,4 +101,4 @@ Fail if couchdbConfig.couchdb.uuid is undefined */}} {{- define "couchdb.uuid" -}} {{- required "A value for couchdbConfig.couchdb.uuid must be set" (.Values.couchdbConfig.couchdb | default dict).uuid -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/couchdb/templates/secrets.yaml b/couchdb/templates/secrets.yaml index 857543b..1028e53 100644 --- a/couchdb/templates/secrets.yaml +++ b/couchdb/templates/secrets.yaml @@ -12,7 +12,8 @@ type: Opaque data: adminUsername: {{ template "couchdb.defaultsecret" .Values.adminUsername }} adminPassword: {{ template "couchdb.defaultsecret" .Values.adminPassword }} - erlangCookie: {{ template "couchdb.defaultsecret" .Values.erlangFlags.setcookie }} + {{- $erlangCookieArgs := dict "key" "erlangCookie" "ns" $.Release.Namespace "secretName" (include "couchdb.fullname" .) "secret" .Values.erlangFlags.setcookie }} + erlangCookie: {{ template "couchdb.defaultsecret-stateful" $erlangCookieArgs }} cookieAuthSecret: {{ template "couchdb.defaultsecret" .Values.cookieAuthSecret }} {{- if .Values.adminHash }} password.ini: {{ tpl (.Files.Get "password.ini") . | b64enc }}