Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stable/redis-ha: Helm templates in provided secret names. #253

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+40 −36
Open

stable/redis-ha: Helm templates in provided secret names. #253

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ab01882
feat: Helm templates in provided secret names.
pavel-jancik Apr 24, 2023
fdad303
increasing version of the chart
pavel-jancik Apr 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/redis-ha/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ keywords:
- redis
- keyvalue
- database
version: 4.23.0
version: 4.23.1
appVersion: 7.0.9
description: This Helm chart provides a highly available Redis implementation with a master/slave configuration and uses Sentinel sidecars for failover management
icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png
Expand Down
2 changes: 1 addition & 1 deletion charts/redis-ha/templates/redis-auth-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and .Values.auth (not .Values.existingSecret) -}}
{{- if and .Values.auth (not (tpl (.Values.existingSecret | default "" ) . )) -}}
apiVersion: v1
kind: Secret
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/redis-ha/templates/redis-ha-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if not .Values.restore.existingSecret }}
{{- if not (tpl (.Values.restore.existingSecret | default "" ) . ) }}


{{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}}
Expand Down
4 changes: 2 additions & 2 deletions charts/redis-ha/templates/redis-ha-serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ metadata:
secrets:
{{- end }}
{{- if .Values.auth }}
- name: {{ default (include "redis-ha.fullname" .) .Values.existingSecret }}
- name: {{ default (include "redis-ha.fullname" .) (tpl (.Values.existingSecret | default "" ) . ) }}
{{- end }}
{{- if .Values.sentinel.auth }}
- name: {{ default (printf "%s-sentinel" (include "redis-ha.fullname" .)) .Values.sentinel.existingSecret }}
- name: {{ default (printf "%s-sentinel" (include "redis-ha.fullname" .)) (tpl (.Values.sentinel.existingSecret | default "" ) . ) }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 0 }}
Expand Down
44 changes: 22 additions & 22 deletions charts/redis-ha/templates/redis-ha-statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,8 +154,8 @@ spec:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- if tpl (.Values.existingSecret | default "" ) . }}
name: {{ tpl (.Values.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
Expand All @@ -165,8 +165,8 @@ spec:
- name: SENTINELAUTH
valueFrom:
secretKeyRef:
{{- if .Values.sentinel.existingSecret }}
name: {{ .Values.sentinel.existingSecret }}
{{- if tpl (.Values.sentinel.existingSecret | default "" ) . }}
name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}-sentinel
{{- end }}
Expand Down Expand Up @@ -200,8 +200,8 @@ spec:
&& mv -v /data/dump.rdb_ /data/dump.rdb"
envFrom:
- secretRef:
{{- if .Values.restore.existingSecret }}
name: {{ .Values.existingSecret }}
{{- if tpl (.Values.restore.existingSecret | default "" ) . }}
name: {{ tpl (.Values.existingSecret | default "" ) . }} # This one is suspicious, one would expect restore.existingSecret as well
{{- else }}
name: {{ include "redis-ha.fullname" . }}-secret
{{- end }}
Expand Down Expand Up @@ -234,8 +234,8 @@ spec:
securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}
envFrom:
- secretRef:
{{- if .Values.restore.existingSecret }}
name: {{ .Values.existingSecret }}
{{- if tpl (.Values.restore.existingSecret | default "" ) . }}
name: {{ tpl (.Values.existingSecret | default "" ) . }} # This one is suspicious, one would expect restore.existingSecret as well
{{- else }}
name: {{ include "redis-ha.fullname" . }}-secret
{{- end }}
Expand All @@ -260,8 +260,8 @@ spec:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- if tpl (.Values.existingSecret | default "" ) . }}
name: {{ tpl (.Values.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
Expand Down Expand Up @@ -331,8 +331,8 @@ spec:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- if tpl (.Values.existingSecret | default "" ) . }}
name: {{ tpl (.Values.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
Expand All @@ -342,8 +342,8 @@ spec:
- name: SENTINELAUTH
valueFrom:
secretKeyRef:
{{- if .Values.sentinel.existingSecret }}
name: {{ .Values.sentinel.existingSecret }}
{{- if tpl (.Values.sentinel.existingSecret | default "" ) . }}
name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}-sentinel
{{- end }}
Expand Down Expand Up @@ -416,8 +416,8 @@ spec:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- if tpl (.Values.existingSecret | default "" ) . }}
name: {{ tpl (.Values.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
Expand All @@ -427,8 +427,8 @@ spec:
- name: SENTINELAUTH
valueFrom:
secretKeyRef:
{{- if .Values.sentinel.existingSecret }}
name: {{ .Values.sentinel.existingSecret }}
{{- if tpl (.Values.sentinel.existingSecret | default "" ) . }}
name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}-sentinel
{{- end }}
Expand Down Expand Up @@ -467,8 +467,8 @@ spec:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- if tpl (.Values.existingSecret | default "" ) . }}
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the tpl replace in the conditional necessary?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, the idea is that if the template resolves to the empty string, then it should be equivalent to the case, as if the existing secret is not provided.

Assume, e.g., the case when you have redis as subchart:

global:
  secret:
    passwordsSecret: "" # Specify the user provided secret with password, if empty the chars will generate a random password
    
redis:
  existingSecret: '{{ .Values.global.secret.passwordsSecret }}'

In this case you have non empty (redis).existingSecret value with template, which however resolves to empty string.
I believe in these cases you want to behave exactly as if the existingSecret is empty; that is why we should have tpl even in the conditions.

This behavior is tested in Test 5 (at the bottom of) , in mine comment above.

name: {{ tpl (.Values.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
Expand Down Expand Up @@ -541,8 +541,8 @@ spec:
{{- if .Values.redis.tlsPort }}
- name: tls-certs
secret:
{{- if .Values.tls.secretName }}
secretName: {{ .Values.tls.secretName }}
{{- if tpl (.Values.tls.secretName | default "" ) . }}
secretName: {{ tpl (.Values.tls.secretName | default "" ) . }}
{{- else }}
secretName: {{ template "redis-ha.fullname" . }}-tls-secret
{{- end }}
Expand Down
10 changes: 5 additions & 5 deletions charts/redis-ha/templates/redis-haproxy-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,8 +121,8 @@ spec:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- if tpl (.Values.existingSecret | default "" ) . }}
name: {{ tpl (.Values.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
Expand All @@ -132,8 +132,8 @@ spec:
- name: SENTINELAUTH
valueFrom:
secretKeyRef:
{{- if .Values.sentinel.existingSecret }}
name: {{ .Values.sentinel.existingSecret }}
{{- if tpl (.Values.sentinel.existingSecret | default "" ) . }}
name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}-sentinel
{{- end }}
Expand Down Expand Up @@ -183,7 +183,7 @@ spec:
{{- if .Values.haproxy.tls.enabled }}
- name: pemfile
secret:
secretName: {{ .Values.haproxy.tls.secretName }}
secretName: {{ tpl .Values.haproxy.tls.secretName . }}
{{- end }}
- name: config-volume
configMap:
Expand Down
2 changes: 1 addition & 1 deletion charts/redis-ha/templates/redis-tls-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and .Values.redis.tlsPort (not .Values.tls.secretName) -}}
{{- if and .Values.redis.tlsPort (not (tpl (.Values.tls.secretName | default "" ) . )) -}}
apiVersion: v1
kind: Secret
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/redis-ha/templates/sentinel-auth-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and .Values.sentinel.auth (not .Values.sentinel.existingSecret) -}}
{{- if and .Values.sentinel.auth (not (tpl ( .Values.sentinel.existingSecret | default "" ) . )) -}}
apiVersion: v1
kind: Secret
metadata:
Expand Down
8 changes: 6 additions & 2 deletions charts/redis-ha/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ haproxy:
## Enable TLS termination on HAproxy, This will create a volume mount
tls:
enabled: false
## Supports templates like "{{ .Release.Name }}-haproxy-tls"
secretName: ""
keyName:
certMountPath: /tmp/
Expand Down Expand Up @@ -331,7 +332,8 @@ sentinel:

# password: password

## Use existing secret containing key `authKey` (ignores sentinel.password)
## Use existing secret containing key `authKey` (ignores sentinel.password).
## Supports templates like "{{ .Release.Name }}-sentinel-creds"
# existingSecret: sentinel-secret

## Defines the key holding the sentinel password in existing secret.
Expand Down Expand Up @@ -555,6 +557,7 @@ auth: false

## Use existing secret containing key `authKey` (ignores redisPassword)
## Can also store AWS S3 or SSH secrets in this secret
## Supports templates like "{{ .Release.Name }}-creds"
# existingSecret:

## Defines the key holding the redis password in existing secret.
Expand Down Expand Up @@ -595,7 +598,8 @@ emptyDir: {}
tls:
## Fill the name of secret if you want to use your own TLS certificates.
## The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file
## These secret will be genrated using files from certs folder if the secretName is not set and redis.tlsPort is set
## Supports templates like "{{ .Release.Name }}-tls"
## This secret will be generated using files from certs folder if the secretName is not set and redis.tlsPort is set
# secretName: tls-secret

## Name of certificate file
Expand Down