From df57ccaa8701a527954bd2a813fedec1b7c86af0 Mon Sep 17 00:00:00 2001 From: Stefan Scheglmann Date: Sun, 8 Dec 2019 16:12:58 +0100 Subject: [PATCH] Existing secret support for helm chart (#267) * Enable use of existsing secret for server key/cert * type fix * Bump chart version * defaults for crt/key, conditional changed, Readme fixed --- chart/docker-auth/Chart.yaml | 2 +- chart/docker-auth/README.md | 7 +++++-- chart/docker-auth/templates/configmap.yaml | 5 +++++ chart/docker-auth/templates/deployment.yaml | 4 ++++ chart/docker-auth/templates/secret.yaml | 3 +++ chart/docker-auth/values.yaml | 6 ++++++ 6 files changed, 24 insertions(+), 3 deletions(-) diff --git a/chart/docker-auth/Chart.yaml b/chart/docker-auth/Chart.yaml index 0432297a..3bdfabe1 100644 --- a/chart/docker-auth/Chart.yaml +++ b/chart/docker-auth/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.4.0" description: Docker Registry V2 authentication server name: docker-auth -version: 1.0.0 +version: 1.0.1 keywords: - docker - registry diff --git a/chart/docker-auth/README.md b/chart/docker-auth/README.md index b8f4718a..f975a30a 100644 --- a/chart/docker-auth/README.md +++ b/chart/docker-auth/README.md @@ -76,8 +76,11 @@ The following table lists the configurable parameters of the docker-auth chart a | Parameter | Description | Default | | --------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | | **Secret** | -| `secret.data.server.certificate` | Content of server.pem | | -| `secret.data.server.key` | Content of server.key | | +| `secret.data.server.certificate` | Content of server.pem (mutually exclusive with secretName, keyName, certificateName) | | +| `secret.data.server.key` | Content of server.key (mutually exclusive with secretName, keyName, certificateName) | | +| `secret.secretName` | The name of the secret containing server key and certificate (mutually exclusive with secret.data.server.key/certificate) | | +| `secret.certificateFileName` | The name of the server certificate file (mutually exclusive with secret.data.server.key/certificate) | tls.crt | +| `secret.keyFileName` | The name of the server key file (mutually exclusive with secret.data.server.key/certificate) | tls.key | | **Configmap** | | `configmap.data.token.issuer` | Must match issuer in the Registry config | `Acme auth server` | | `configmap.data.token.expiration` | Token Expiration | `900` | diff --git a/chart/docker-auth/templates/configmap.yaml b/chart/docker-auth/templates/configmap.yaml index 4cf9cd01..59f6d056 100644 --- a/chart/docker-auth/templates/configmap.yaml +++ b/chart/docker-auth/templates/configmap.yaml @@ -9,8 +9,13 @@ data: token: issuer: "{{ .Values.configmap.data.token.issuer }}" # Must match issuer in the Registry config. expiration: {{ .Values.configmap.data.token.expiration }} +{{- if .Values.secret.secretName }} + certificate: "/config/certs/{{ default "tls.crt" .Values.secret.certificateFileName }}" + key: "/config/certs/{{ default "tls.key" .Values.secret.keyFileName }}" +{{- else }} certificate: "/config/certs/server.pem" key: "/config/certs/server.key" +{{- end }} users: {{ .Values.configmap.data.users | toYaml | nindent 6 }} acl: diff --git a/chart/docker-auth/templates/deployment.yaml b/chart/docker-auth/templates/deployment.yaml index 60c72cfe..9e3b4cd8 100644 --- a/chart/docker-auth/templates/deployment.yaml +++ b/chart/docker-auth/templates/deployment.yaml @@ -48,7 +48,11 @@ spec: name: {{ include "docker-auth.name" . }} - name: {{ include "docker-auth.name" . }}-secret secret: +{{- if .Values.secret.secretName }} + secretName: {{ .Values.secret.secretName }} +{{- else }} secretName: {{ include "docker-auth.name" . }} +{{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/chart/docker-auth/templates/secret.yaml b/chart/docker-auth/templates/secret.yaml index a835f325..3e969241 100644 --- a/chart/docker-auth/templates/secret.yaml +++ b/chart/docker-auth/templates/secret.yaml @@ -1,3 +1,5 @@ +{{- if not .Values.secret.secretName }} +--- apiVersion: v1 kind: Secret metadata: @@ -6,3 +8,4 @@ type: Opaque data: server.pem: {{ .Values.secret.data.server.certificate | b64enc | quote }} server.key: {{ .Values.secret.data.server.key | b64enc | quote }} +{{- end }} diff --git a/chart/docker-auth/values.yaml b/chart/docker-auth/values.yaml index 38e1ccf8..4adb386e 100644 --- a/chart/docker-auth/values.yaml +++ b/chart/docker-auth/values.yaml @@ -18,6 +18,12 @@ secret: key: |+ -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- +# For reusing an existing secret (e.g. generated by cert-manager), define secretName, certificateFileName and keyFileName +# These settings are mutually exclusive with the values provided in secret.data. Once secretName is set the secret +# generated with the values above will be not be used in the deployment. +# secretName: +# certificateFileName: tls.crt +# keyFileName: tls.key configmap: data: token: