Skip to content

Commit

Permalink
More options for elasticsearch secret creation
Browse files Browse the repository at this point in the history
Sometimes you don't want to include secret data in Git manifest
for security reasons, e.g. when storing manifests in Git and
deploying with ArgoCD.

However, you may still want to generate a secret itself and then
edit it's data section later, e.g. manually with kubectl.

Provide more options of generating the secret while keeping
backwards compatibility.

related: #45140

Signed-off-by: Andrii Korotkov <[email protected]>
  • Loading branch information
andrii-korotkov-verkada committed Dec 22, 2024
1 parent 279f1fa commit 0dddfe9
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 8 deletions.
18 changes: 10 additions & 8 deletions chart/templates/secrets/elasticsearch-secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@
################################
## Elasticsearch Secret
#################################
{{- if (and .Values.elasticsearch.enabled (not .Values.elasticsearch.secretName)) }}
{{- if (and .Values.elasticsearch.enabled (or (not .Values.elasticsearch.secretName) .Values.elasticsearch.alwaysGenerateSecret)) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "airflow.fullname" . }}-elasticsearch
name: {{ template "elasticsearch_secret" . }}
labels:
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}
Expand All @@ -33,12 +33,14 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
type: Opaque
{{- with .Values.elasticsearch.connection }}
{{- if . }}
data:
{{- with .Values.elasticsearch.connection }}
{{- if and .user .pass }}
connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery)) "host" (printf "%s:%s" .host ((default 9200 .port) | toString) ) ) | b64enc | quote }}
{{- else }}
connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "host" (printf "%s:%s" .host ((default 9200 .port) | toString))) | b64enc | quote }}
{{- end }}
{{- if and .user .pass }}
connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery)) "host" (printf "%s:%s" .host ((default 9200 .port) | toString) ) ) | b64enc | quote }}
{{- else }}
connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "host" (printf "%s:%s" .host ((default 9200 .port) | toString))) | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
5 changes: 5 additions & 0 deletions chart/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -8000,6 +8000,11 @@
],
"default": null
},
"alwaysGenerateSecret": {
"description": "Whether to generate a secret even if secretName is specified.",
"type": "boolean",
"default": false
},
"connection": {
"description": "Elasticsearch connection configuration.",
"type": "object",
Expand Down
2 changes: 2 additions & 0 deletions chart/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2463,6 +2463,8 @@ elasticsearch:
enabled: false
# A secret containing the connection
secretName: ~
# Whether to generate a secret even if secretName is specified
alwaysGenerateSecret: false
# Or an object representing the connection
# Example:
# connection:
Expand Down

0 comments on commit 0dddfe9

Please sign in to comment.