From ab018820cb4465a8335e780eabb787c8ad745504 Mon Sep 17 00:00:00 2001 From: Pavel Jancik Date: Mon, 24 Apr 2023 15:36:06 +0200 Subject: [PATCH 1/2] feat: Helm templates in provided secret names. Added support for helm templates in the following entries: * `.existingSecret` * `.sentinel.existingSecret` * `.haproxy.tls.secretName` * `.tls.secretName` * `.restore.existingSecret` We are using this great `redis-ha` chart as a sub-chart and we provide TLS secret and credentials via secrets (existing). We would like not to hardcode these name in values.yaml (i.e., tweak them for each installation) but instead use some reasonable default like `{{ .Release.Name }}-redis-creds` Replacing: `.Values.existingSecret` by ` tpl (.Values.existingSecret | default "" ) .` Note that `| default ""` is required because the `existingSecret` is commented in the chart default values.yaml and thus undefined for helm templating --> without the default values the rendering would result into errors. Signed-off-by: Pavel Jancik --- .../redis-ha/templates/redis-auth-secret.yaml | 2 +- .../redis-ha/templates/redis-ha-secret.yaml | 2 +- .../templates/redis-ha-serviceaccount.yaml | 4 +- .../templates/redis-ha-statefulset.yaml | 44 +++++++++---------- .../templates/redis-haproxy-deployment.yaml | 10 ++--- .../redis-ha/templates/redis-tls-secret.yaml | 2 +- .../templates/sentinel-auth-secret.yaml | 2 +- charts/redis-ha/values.yaml | 8 +++- 8 files changed, 39 insertions(+), 35 deletions(-) diff --git a/charts/redis-ha/templates/redis-auth-secret.yaml b/charts/redis-ha/templates/redis-auth-secret.yaml index a1fd6311..1a878ef9 100644 --- a/charts/redis-ha/templates/redis-auth-secret.yaml +++ b/charts/redis-ha/templates/redis-auth-secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.auth (not .Values.existingSecret) -}} +{{- if and .Values.auth (not (tpl (.Values.existingSecret | default "" ) . )) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/redis-ha/templates/redis-ha-secret.yaml b/charts/redis-ha/templates/redis-ha-secret.yaml index 91cc7f26..79e77e36 100644 --- a/charts/redis-ha/templates/redis-ha-secret.yaml +++ b/charts/redis-ha/templates/redis-ha-secret.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.restore.existingSecret }} +{{- if not (tpl (.Values.restore.existingSecret | default "" ) . ) }} {{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}} diff --git a/charts/redis-ha/templates/redis-ha-serviceaccount.yaml b/charts/redis-ha/templates/redis-ha-serviceaccount.yaml index e8894c1e..b37881ff 100644 --- a/charts/redis-ha/templates/redis-ha-serviceaccount.yaml +++ b/charts/redis-ha/templates/redis-ha-serviceaccount.yaml @@ -16,10 +16,10 @@ metadata: secrets: {{- end }} {{- if .Values.auth }} -- name: {{ default (include "redis-ha.fullname" .) .Values.existingSecret }} +- name: {{ default (include "redis-ha.fullname" .) (tpl (.Values.existingSecret | default "" ) . ) }} {{- end }} {{- if .Values.sentinel.auth }} -- name: {{ default (printf "%s-sentinel" (include "redis-ha.fullname" .)) .Values.sentinel.existingSecret }} +- name: {{ default (printf "%s-sentinel" (include "redis-ha.fullname" .)) (tpl (.Values.sentinel.existingSecret | default "" ) . ) }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 0 }} diff --git a/charts/redis-ha/templates/redis-ha-statefulset.yaml b/charts/redis-ha/templates/redis-ha-statefulset.yaml index 251beba1..6202b1bd 100644 --- a/charts/redis-ha/templates/redis-ha-statefulset.yaml +++ b/charts/redis-ha/templates/redis-ha-statefulset.yaml @@ -154,8 +154,8 @@ spec: - name: AUTH valueFrom: secretKeyRef: - {{- if .Values.existingSecret }} - name: {{ .Values.existingSecret }} + {{- if tpl (.Values.existingSecret | default "" ) . }} + name: {{ tpl (.Values.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }} {{- end }} @@ -165,8 +165,8 @@ spec: - name: SENTINELAUTH valueFrom: secretKeyRef: - {{- if .Values.sentinel.existingSecret }} - name: {{ .Values.sentinel.existingSecret }} + {{- if tpl (.Values.sentinel.existingSecret | default "" ) . }} + name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }}-sentinel {{- end }} @@ -200,8 +200,8 @@ spec: && mv -v /data/dump.rdb_ /data/dump.rdb" envFrom: - secretRef: - {{- if .Values.restore.existingSecret }} - name: {{ .Values.existingSecret }} + {{- if tpl (.Values.restore.existingSecret | default "" ) . }} + name: {{ tpl (.Values.existingSecret | default "" ) . }} # This one is suspicious, one would expect restore.existingSecret as well {{- else }} name: {{ include "redis-ha.fullname" . }}-secret {{- end }} @@ -234,8 +234,8 @@ spec: securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} envFrom: - secretRef: - {{- if .Values.restore.existingSecret }} - name: {{ .Values.existingSecret }} + {{- if tpl (.Values.restore.existingSecret | default "" ) . }} + name: {{ tpl (.Values.existingSecret | default "" ) . }} # This one is suspicious, one would expect restore.existingSecret as well {{- else }} name: {{ include "redis-ha.fullname" . }}-secret {{- end }} @@ -260,8 +260,8 @@ spec: - name: AUTH valueFrom: secretKeyRef: - {{- if .Values.existingSecret }} - name: {{ .Values.existingSecret }} + {{- if tpl (.Values.existingSecret | default "" ) . }} + name: {{ tpl (.Values.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }} {{- end }} @@ -331,8 +331,8 @@ spec: - name: AUTH valueFrom: secretKeyRef: - {{- if .Values.existingSecret }} - name: {{ .Values.existingSecret }} + {{- if tpl (.Values.existingSecret | default "" ) . }} + name: {{ tpl (.Values.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }} {{- end }} @@ -342,8 +342,8 @@ spec: - name: SENTINELAUTH valueFrom: secretKeyRef: - {{- if .Values.sentinel.existingSecret }} - name: {{ .Values.sentinel.existingSecret }} + {{- if tpl (.Values.sentinel.existingSecret | default "" ) . }} + name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }}-sentinel {{- end }} @@ -416,8 +416,8 @@ spec: - name: AUTH valueFrom: secretKeyRef: - {{- if .Values.existingSecret }} - name: {{ .Values.existingSecret }} + {{- if tpl (.Values.existingSecret | default "" ) . }} + name: {{ tpl (.Values.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }} {{- end }} @@ -427,8 +427,8 @@ spec: - name: SENTINELAUTH valueFrom: secretKeyRef: - {{- if .Values.sentinel.existingSecret }} - name: {{ .Values.sentinel.existingSecret }} + {{- if tpl (.Values.sentinel.existingSecret | default "" ) . }} + name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }}-sentinel {{- end }} @@ -467,8 +467,8 @@ spec: - name: REDIS_PASSWORD valueFrom: secretKeyRef: - {{- if .Values.existingSecret }} - name: {{ .Values.existingSecret }} + {{- if tpl (.Values.existingSecret | default "" ) . }} + name: {{ tpl (.Values.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }} {{- end }} @@ -541,8 +541,8 @@ spec: {{- if .Values.redis.tlsPort }} - name: tls-certs secret: - {{- if .Values.tls.secretName }} - secretName: {{ .Values.tls.secretName }} + {{- if tpl (.Values.tls.secretName | default "" ) . }} + secretName: {{ tpl (.Values.tls.secretName | default "" ) . }} {{- else }} secretName: {{ template "redis-ha.fullname" . }}-tls-secret {{- end }} diff --git a/charts/redis-ha/templates/redis-haproxy-deployment.yaml b/charts/redis-ha/templates/redis-haproxy-deployment.yaml index 8ca265c3..94df8680 100644 --- a/charts/redis-ha/templates/redis-haproxy-deployment.yaml +++ b/charts/redis-ha/templates/redis-haproxy-deployment.yaml @@ -121,8 +121,8 @@ spec: - name: AUTH valueFrom: secretKeyRef: - {{- if .Values.existingSecret }} - name: {{ .Values.existingSecret }} + {{- if tpl (.Values.existingSecret | default "" ) . }} + name: {{ tpl (.Values.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }} {{- end }} @@ -132,8 +132,8 @@ spec: - name: SENTINELAUTH valueFrom: secretKeyRef: - {{- if .Values.sentinel.existingSecret }} - name: {{ .Values.sentinel.existingSecret }} + {{- if tpl (.Values.sentinel.existingSecret | default "" ) . }} + name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }} {{- else }} name: {{ template "redis-ha.fullname" . }}-sentinel {{- end }} @@ -183,7 +183,7 @@ spec: {{- if .Values.haproxy.tls.enabled }} - name: pemfile secret: - secretName: {{ .Values.haproxy.tls.secretName }} + secretName: {{ tpl .Values.haproxy.tls.secretName . }} {{- end }} - name: config-volume configMap: diff --git a/charts/redis-ha/templates/redis-tls-secret.yaml b/charts/redis-ha/templates/redis-tls-secret.yaml index d3034706..e430f3a4 100644 --- a/charts/redis-ha/templates/redis-tls-secret.yaml +++ b/charts/redis-ha/templates/redis-tls-secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.redis.tlsPort (not .Values.tls.secretName) -}} +{{- if and .Values.redis.tlsPort (not (tpl (.Values.tls.secretName | default "" ) . )) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/redis-ha/templates/sentinel-auth-secret.yaml b/charts/redis-ha/templates/sentinel-auth-secret.yaml index d351be65..ced9aac8 100644 --- a/charts/redis-ha/templates/sentinel-auth-secret.yaml +++ b/charts/redis-ha/templates/sentinel-auth-secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.sentinel.auth (not .Values.sentinel.existingSecret) -}} +{{- if and .Values.sentinel.auth (not (tpl ( .Values.sentinel.existingSecret | default "" ) . )) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/redis-ha/values.yaml b/charts/redis-ha/values.yaml index 0f14820f..a47bad83 100644 --- a/charts/redis-ha/values.yaml +++ b/charts/redis-ha/values.yaml @@ -71,6 +71,7 @@ haproxy: ## Enable TLS termination on HAproxy, This will create a volume mount tls: enabled: false + ## Supports templates like "{{ .Release.Name }}-haproxy-tls" secretName: "" keyName: certMountPath: /tmp/ @@ -331,7 +332,8 @@ sentinel: # password: password - ## Use existing secret containing key `authKey` (ignores sentinel.password) + ## Use existing secret containing key `authKey` (ignores sentinel.password). + ## Supports templates like "{{ .Release.Name }}-sentinel-creds" # existingSecret: sentinel-secret ## Defines the key holding the sentinel password in existing secret. @@ -555,6 +557,7 @@ auth: false ## Use existing secret containing key `authKey` (ignores redisPassword) ## Can also store AWS S3 or SSH secrets in this secret +## Supports templates like "{{ .Release.Name }}-creds" # existingSecret: ## Defines the key holding the redis password in existing secret. @@ -595,7 +598,8 @@ emptyDir: {} tls: ## Fill the name of secret if you want to use your own TLS certificates. ## The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file - ## These secret will be genrated using files from certs folder if the secretName is not set and redis.tlsPort is set + ## Supports templates like "{{ .Release.Name }}-tls" + ## This secret will be generated using files from certs folder if the secretName is not set and redis.tlsPort is set # secretName: tls-secret ## Name of certificate file From fdad3031eb160d2d6ca0ca37fd253949bbb49d40 Mon Sep 17 00:00:00 2001 From: Pavel Jancik Date: Mon, 24 Apr 2023 16:31:25 +0200 Subject: [PATCH 2/2] increasing version of the chart Signed-off-by: Pavel Jancik --- charts/redis-ha/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/redis-ha/Chart.yaml b/charts/redis-ha/Chart.yaml index a04c9aa2..b48a3db8 100644 --- a/charts/redis-ha/Chart.yaml +++ b/charts/redis-ha/Chart.yaml @@ -5,7 +5,7 @@ keywords: - redis - keyvalue - database -version: 4.23.0 +version: 4.23.1 appVersion: 7.0.9 description: This Helm chart provides a highly available Redis implementation with a master/slave configuration and uses Sentinel sidecars for failover management icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png