Alternate secret support (#189)

* Allow pega credential secret to be overridden in a subchart. * Allow pega-credentials-secret to be overridden when used as subchart to support secret values coming from multiple k8s secrets (via a projected volume potentially). Co-authored-by: dorid <[email protected]>
pegasystems · Sep 18, 2020 · f57af65 · f57af65
1 parent 23f7985
commit f57af65
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 38 deletions.
diff --git a/charts/pega/charts/installer/templates/_pega-installer-job.tpl b/charts/pega/charts/installer/templates/_pega-installer-job.tpl
@@ -22,12 +22,7 @@ spec:
         persistentVolumeClaim:
           claimName: {{ .root.Values.distributionKitVolumeClaimName }}
 {{- end }}      
-      - name: {{ template "pegaVolumeCredentials" }}
-        secret:
-          # This name will be referred in the volume mounts kind.
-          secretName: {{ template "pegaCredentialsSecret" }}
-          # Used to specify permissions on files within the volume.
-          defaultMode: 420
+{{- include "pegaCredentialVolumeTemplate" . | indent 6 }}
       - name: {{ template "pegaVolumeInstall" }}
         configMap:
           # This name will be referred in the volume mounts kind.

diff --git a/charts/pega/templates/_helpers.tpl b/charts/pega/templates/_helpers.tpl
@@ -218,3 +218,13 @@ true
 #Override this template to generate additional pod annotations that are dynamically composed during helm deployment (do not indent annotations)
 {{- define "generatedPodAnnotations" }}
 {{- end }}
+
+#Override this template in a subchart if your secret values are provided by seperate secrets
+{{- define "pegaCredentialVolumeTemplate" }}
+- name: {{ template "pegaVolumeCredentials" }}
+  secret:
+    # This name will be referred in the volume mounts kind.
+    secretName: {{ template "pegaCredentialsSecret" }}
+    # Used to specify permissions on files within the volume.
+    defaultMode: 420
+{{- end}}
diff --git a/charts/pega/templates/_pega-credentials-secret.tpl b/charts/pega/templates/_pega-credentials-secret.tpl
@@ -0,0 +1,28 @@
+{{- define "pegaCredentialsSecretTemplate" }}
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ template "pegaCredentialsSecret" }}
+  namespace: {{ .Release.Namespace }}
+data:
+  # Base64 encdoded username for connecting to the Pega DB
+  DB_USERNAME: {{ .Values.global.jdbc.username | b64enc }}
+  # Base64 encdoded password for connecting to the Pega DB
+  DB_PASSWORD: {{ .Values.global.jdbc.password | b64enc }}
+
+ {{ if (eq (include "performDeployment" .) "true") }}
+  # Base64 encdoded username for connecting to cassandra
+  CASSANDRA_USERNAME: {{ .Values.dds.username | b64enc }}
+  # Base64 encdoded password for connecting to cassandra
+  CASSANDRA_PASSWORD: {{ .Values.dds.password | b64enc }}
+  {{ range $index, $dep := .Values.global.tier}}
+  {{ if and ($dep.pegaDiagnosticUser) (eq $dep.name "web") }}
+  # Base64 encdoded username for a Tomcat user that will be created with the PegaDiagnosticUser role
+  PEGA_DIAGNOSTIC_USER: {{ $dep.pegaDiagnosticUser | b64enc }}
+  # Base64 encdoded password for a Tomcat user that will be created with the PegaDiagnosticUser role
+  PEGA_DIAGNOSTIC_PASSWORD: {{ $dep.pegaDiagnosticPassword | b64enc }}
+  {{ end }}
+  {{ end }}
+{{ end }}
+type: Opaque
+{{- end }}
diff --git a/charts/pega/templates/_pega-deployment.tpl b/charts/pega/templates/_pega-deployment.tpl
@@ -45,12 +45,7 @@ spec:
           name: {{ .name }}
           # Used to specify permissions on files within the volume.
           defaultMode: 420
-      - name: {{ template "pegaVolumeCredentials" }}
-        secret:
-          # This name will be referred in the volume mounts kind.
-          secretName: {{ template "pegaCredentialsSecret" }}
-          # Used to specify permissions on files within the volume.
-          defaultMode: 420
+{{- include "pegaCredentialVolumeTemplate" . | indent 6 }}
 {{- if .custom }}
 {{- if .custom.volumes }}
       # Additional custom volumes

diff --git a/charts/pega/templates/pega-credentials-secret.yaml b/charts/pega/templates/pega-credentials-secret.yaml
@@ -1,26 +1 @@
-kind: Secret
-apiVersion: v1
-metadata:
-  name: {{ template "pegaCredentialsSecret" }}
-  namespace: {{ .Release.Namespace }}
-data:
-  # Base64 encdoded username for connecting to the Pega DB
-  DB_USERNAME: {{ .Values.global.jdbc.username | b64enc }}
-  # Base64 encdoded password for connecting to the Pega DB
-  DB_PASSWORD: {{ .Values.global.jdbc.password | b64enc }}
-
- {{ if (eq (include "performDeployment" .) "true") }}
-  # Base64 encdoded username for connecting to cassandra
-  CASSANDRA_USERNAME: {{ .Values.dds.username | b64enc }}
-  # Base64 encdoded password for connecting to cassandra
-  CASSANDRA_PASSWORD: {{ .Values.dds.password | b64enc }}
-  {{ range $index, $dep := .Values.global.tier}}
-  {{ if and ($dep.pegaDiagnosticUser) (eq $dep.name "web") }}
-  # Base64 encdoded username for a Tomcat user that will be created with the PegaDiagnosticUser role
-  PEGA_DIAGNOSTIC_USER: {{ $dep.pegaDiagnosticUser | b64enc }}
-  # Base64 encdoded password for a Tomcat user that will be created with the PegaDiagnosticUser role
-  PEGA_DIAGNOSTIC_PASSWORD: {{ $dep.pegaDiagnosticPassword | b64enc }}
-  {{ end }}
-  {{ end }}
-{{ end }}
-type: Opaque
+{{- include "pegaCredentialsSecretTemplate" . }}