From dc734e48e880f4396163cf67f4b0762612d10aaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Sat, 2 Dec 2023 22:20:09 +0100 Subject: [PATCH 1/5] [velero] Pass config trough tpl and implement reload trigger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/velero/Chart.yaml | 2 +- charts/velero/templates/deployment.yaml | 7 +++++-- charts/velero/templates/node-agent-daemonset.yaml | 9 ++++++--- charts/velero/templates/secret.yaml | 8 ++++++++ charts/velero/values.yaml | 8 +++++++- 5 files changed, 27 insertions(+), 7 deletions(-) diff --git a/charts/velero/Chart.yaml b/charts/velero/Chart.yaml index 365d63bf..db25de04 100644 --- a/charts/velero/Chart.yaml +++ b/charts/velero/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.12.2 kubeVersion: ">=1.16.0-0" description: A Helm chart for velero name: velero -version: 5.1.5 +version: 5.1.6 home: https://github.com/vmware-tanzu/velero icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png sources: diff --git a/charts/velero/templates/deployment.yaml b/charts/velero/templates/deployment.yaml index 1afa03c1..4dd12bb5 100644 --- a/charts/velero/templates/deployment.yaml +++ b/charts/velero/templates/deployment.yaml @@ -40,7 +40,7 @@ spec: {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange) }} annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -50,6 +50,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} + {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} {{- end }} spec: {{- if .Values.image.imagePullSecrets }} @@ -218,7 +221,7 @@ spec: {{- with .Values.configuration.extraEnvVars }} {{- range $key, $value := . }} - name: {{ default "none" $key }} - value: {{ default "none" $value | quote }} + value: {{ tpl (default "none" $value) $ | quote }} {{- end }} {{- end }} {{- with .Values.credentials.extraEnvVars }} diff --git a/charts/velero/templates/node-agent-daemonset.yaml b/charts/velero/templates/node-agent-daemonset.yaml index f503b524..f4edac77 100644 --- a/charts/velero/templates/node-agent-daemonset.yaml +++ b/charts/velero/templates/node-agent-daemonset.yaml @@ -33,7 +33,7 @@ spec: {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange) }} annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -43,6 +43,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} + {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} {{- end }} spec: {{- if .Values.image.imagePullSecrets }} @@ -150,7 +153,7 @@ spec: {{- with .Values.configuration.extraEnvVars }} {{- range $key, $value := . }} - name: {{ default "none" $key }} - value: {{ default "none" $value | quote }} + value: {{ tpl (default "none" $value) $ | quote }} {{- end }} {{- end }} {{- with .Values.credentials.extraEnvVars }} @@ -191,7 +194,7 @@ spec: {{- with .Values.nodeAgent.affinity }} affinity: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} {{- with .Values.nodeAgent.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} diff --git a/charts/velero/templates/secret.yaml b/charts/velero/templates/secret.yaml index 4dbaf884..44a2773e 100644 --- a/charts/velero/templates/secret.yaml +++ b/charts/velero/templates/secret.yaml @@ -16,9 +16,17 @@ metadata: type: Opaque data: {{- range $key, $value := .Values.credentials.secretContents }} + {{- if $.Values.credentials.tplConfig }} + {{ $key }}: {{ tpl $value $ | b64enc | quote }} + {{- else }} {{ $key }}: {{ $value | b64enc | quote }} + {{- end }} {{- end }} {{- range $key, $value := .Values.credentials.extraEnvVars }} + {{- if $.Values.credentials.tplConfig }} + {{ $key }}: {{ tpl $value $ | b64enc | quote }} + {{- else }} {{ $key }}: {{ $value | b64enc | quote }} + {{- end }} {{- end }} {{- end -}} diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml index 8051813b..6f468519 100644 --- a/charts/velero/values.yaml +++ b/charts/velero/values.yaml @@ -471,7 +471,7 @@ serviceAccount: credentials: # Whether a secret should be used. Set to false if, for examples: # - using kube2iam or kiam to provide AWS IAM credentials instead of providing the key file. (AWS only) - # - using workload identity instead of providing the key file. (GCP only) + # - using workload identity instead of providing the key file. (Azure/GCP only) useSecret: true # Name of the secret to create if `useSecret` is true and `existingSecret` is empty name: @@ -497,6 +497,12 @@ credentials: # that will be used to load environment variables into velero and node-agent. # Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables extraSecretRef: "" + # If true, the velero controller will be restarted if the secret has been changed. + restartOnChange: false + # Pass the secretContents and extraSecretRef configuration directives through Helm's templating engine. + # If the configuration contains {{, they'll need to be properly escaped so that they are not interpreted by Helm + # ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function + tplConfig: false # Whether to create backupstoragelocation crd, if false => do not create a default backup location backupsEnabled: true From a7549e60ebf2640b1b37cffcf528b67dfb8e21bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Sun, 3 Dec 2023 16:13:46 +0100 Subject: [PATCH 2/5] Remove tplConfig MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/velero/templates/secret.yaml | 8 -------- charts/velero/values.yaml | 4 ---- 2 files changed, 12 deletions(-) diff --git a/charts/velero/templates/secret.yaml b/charts/velero/templates/secret.yaml index 44a2773e..0cd9d57b 100644 --- a/charts/velero/templates/secret.yaml +++ b/charts/velero/templates/secret.yaml @@ -16,17 +16,9 @@ metadata: type: Opaque data: {{- range $key, $value := .Values.credentials.secretContents }} - {{- if $.Values.credentials.tplConfig }} {{ $key }}: {{ tpl $value $ | b64enc | quote }} - {{- else }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} {{- end }} {{- range $key, $value := .Values.credentials.extraEnvVars }} - {{- if $.Values.credentials.tplConfig }} {{ $key }}: {{ tpl $value $ | b64enc | quote }} - {{- else }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} {{- end }} {{- end -}} diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml index 6f468519..6e45f797 100644 --- a/charts/velero/values.yaml +++ b/charts/velero/values.yaml @@ -499,10 +499,6 @@ credentials: extraSecretRef: "" # If true, the velero controller will be restarted if the secret has been changed. restartOnChange: false - # Pass the secretContents and extraSecretRef configuration directives through Helm's templating engine. - # If the configuration contains {{, they'll need to be properly escaped so that they are not interpreted by Helm - # ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function - tplConfig: false # Whether to create backupstoragelocation crd, if false => do not create a default backup location backupsEnabled: true From 89a1e0fe6f0106615acda9ce44457f5529718e9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 4 Dec 2023 13:07:20 +0100 Subject: [PATCH 3/5] Remove restartOnChange and add finer checksum MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/velero/templates/_helpers.tpl | 8 ++++++++ charts/velero/templates/deployment.yaml | 6 +++--- charts/velero/templates/node-agent-daemonset.yaml | 6 +++--- charts/velero/values.yaml | 2 -- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/charts/velero/templates/_helpers.tpl b/charts/velero/templates/_helpers.tpl index beed7f71..00d97db4 100644 --- a/charts/velero/templates/_helpers.tpl +++ b/charts/velero/templates/_helpers.tpl @@ -86,3 +86,11 @@ For examples: {{- $minorVersion := .Capabilities.KubeVersion.Minor | regexFind "[0-9]+" -}} {{- printf "%s.%s" .Capabilities.KubeVersion.Major $minorVersion -}} {{- end -}} + + +{{/* +Calculate the checksum of the credentials secret. +*/}} +{{- define "chart.config-checksum" -}} +{{- tpl (print .Values.credentials.secretContents .Values.credentials.extraEnvVars ) $ | sha256sum -}} +{{- end -}} diff --git a/charts/velero/templates/deployment.yaml b/charts/velero/templates/deployment.yaml index 4dd12bb5..155cfbd2 100644 --- a/charts/velero/templates/deployment.yaml +++ b/charts/velero/templates/deployment.yaml @@ -40,7 +40,7 @@ spec: {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange) }} + {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret)) }} annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -50,8 +50,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) }} + checksum/secret: {{ template "chart.config-checksum" . }} {{- end }} {{- end }} spec: diff --git a/charts/velero/templates/node-agent-daemonset.yaml b/charts/velero/templates/node-agent-daemonset.yaml index f4edac77..f5104e3d 100644 --- a/charts/velero/templates/node-agent-daemonset.yaml +++ b/charts/velero/templates/node-agent-daemonset.yaml @@ -33,7 +33,7 @@ spec: {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange) }} + {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret)) }} annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -43,8 +43,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) }} + checksum/secret: {{ template "chart.config-checksum" . }} {{- end }} {{- end }} spec: diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml index 6e45f797..51058b98 100644 --- a/charts/velero/values.yaml +++ b/charts/velero/values.yaml @@ -497,8 +497,6 @@ credentials: # that will be used to load environment variables into velero and node-agent. # Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables extraSecretRef: "" - # If true, the velero controller will be restarted if the secret has been changed. - restartOnChange: false # Whether to create backupstoragelocation crd, if false => do not create a default backup location backupsEnabled: true From 81d21381a9871934bf416493f25e2c22cb41d337 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 4 Dec 2023 13:09:15 +0100 Subject: [PATCH 4/5] bump version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/velero/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/velero/Chart.yaml b/charts/velero/Chart.yaml index db25de04..e7de334e 100644 --- a/charts/velero/Chart.yaml +++ b/charts/velero/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.12.2 kubeVersion: ">=1.16.0-0" description: A Helm chart for velero name: velero -version: 5.1.6 +version: 5.1.7 home: https://github.com/vmware-tanzu/velero icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png sources: From 225569dde76185c0a56d7564e5f1909e35fd0a0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Tue, 12 Dec 2023 17:57:18 +0100 Subject: [PATCH 5/5] Update Chart.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/velero/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/velero/Chart.yaml b/charts/velero/Chart.yaml index e7de334e..bf53e5e5 100644 --- a/charts/velero/Chart.yaml +++ b/charts/velero/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.12.2 kubeVersion: ">=1.16.0-0" description: A Helm chart for velero name: velero -version: 5.1.7 +version: 5.2.0 home: https://github.com/vmware-tanzu/velero icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png sources: