Refactor behaviour of helm string .secrets.existingSecret to boolean …

….tenant.configSecret.existingSecret (#2032) Refactor tenant-configuration.yaml to consider boolean .tenant.configSecret.existingSecret, instead of string .secrets.existingSecret. Current functionality uses counterintuitively the existence of string .secrets.existingSecret when creating a secret with MINIO_ROOT_USER and MINIO_ROOT_PASSWORD, versus using an existing secret with these and similar environment variables. Proposed functionality uses a clear boolean .tenant.configSecret.existingSecret instead.
minio · Mar 21, 2024 · 1792dfd · 1792dfd
1 parent 656229d
commit 1792dfd
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 5 deletions.
diff --git a/helm/tenant/templates/tenant-configuration.yaml b/helm/tenant/templates/tenant-configuration.yaml
@@ -1,4 +1,10 @@
-{{- if not .Values.secrets.existingSecret }}
+{{- if (.Values.secrets) }}
+{{- print "# WARNING: '.secrets' is deprecated since v5.0.15 and will be removed in next minor release (i.e. v5.1.0). Please use '.tenant.configSecret' instead." }}
+{{- end }}
+{{- if and (.Values.secrets) (.Values.tenant.configSecret) }}
+{{- fail "ERROR: '.secrets' and '.tenant.configSecret' are mutually exclusive. Please use 'tenant.configSecret' instead." }}
+{{- end }}
+{{- if and (.Values.secrets) (not (.Values.secrets).existingSecret) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -9,3 +15,14 @@ stringData:
     export MINIO_ROOT_USER={{ .Values.secrets.accessKey | quote }}
     export MINIO_ROOT_PASSWORD={{ .Values.secrets.secretKey | quote }}
 {{- end }}
+{{- if and (.Values.tenant.configSecret) (not (.Values.tenant.configSecret).existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ dig "tenant" "configSecret" "name" "" (.Values | merge (dict)) }}
+type: Opaque
+stringData:
+  config.env: |-
+    export MINIO_ROOT_USER={{ .Values.tenant.configSecret.accessKey | quote }}
+    export MINIO_ROOT_PASSWORD={{ .Values.tenant.configSecret.secretKey | quote }}
+{{- end }}
diff --git a/helm/tenant/values.yaml b/helm/tenant/values.yaml
@@ -1,4 +1,6 @@
 ###
+# WARNING: '.secrets' is deprecated since v5.0.15 and will be removed in next minor release (i.e. v5.1.0).
+# WARNING: Please use '.tenant.configSecret' instead.
 # Root key for dynamically creating a secret for use with configuring root MinIO User
 # Specify the ``name`` and then a list of environment variables. 
 #
@@ -20,20 +22,21 @@ secrets:
   accessKey: minio 
   secretKey: minio123
   ###
-  # The name of an existing Kubernetes secret to import to the MinIO Tenant
+  # If this variable is set, then enable the usage of an existing Kubernetes secret to set environment variables for the Tenant.
+  # The existing Kubernetes secret name must be placed under .tenant.configuration.name e.g. existing-minio-env-configuration
   # The secret must contain a key ``config.env``.
   # The values should be a series of export statements to set environment variables for the Tenant.
   # For example:
   #
   # .. code-block:: shell
   #
   #    stringData:
-  #       config.env: | -
+  #       config.env: |-
   #         export MINIO_ROOT_USER=ROOTUSERNAME
   #         export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD
   #
   #existingSecret:
-  #  name: myminio-env-configuration
+  #  name: enabled
 ###
 # Root key for MinIO Tenant Chart
 tenant:
@@ -85,6 +88,42 @@ tenant:
   configuration:
     name: myminio-env-configuration
   ###
+  # Root key for dynamically creating a secret for use with configuring root MinIO User
+  # Specify the ``name`` and then a list of environment variables.
+  #
+  # .. important::
+  #
+  #    Do not use this in production environments.
+  #    This field is intended for use with rapid development or testing only.
+  #
+  # For example:
+  #
+  # .. code-block:: yaml
+  #
+  #    name: myminio-env-configuration
+  #    accessKey: minio
+  #    secretKey: minio123
+  #
+  # configSecret:
+  #   name: myminio-env-configuration
+  #   accessKey: minio
+  #   secretKey: minio123
+  ###
+  # If this variable is set to true, then enable the usage of an existing Kubernetes secret to set environment variables for the Tenant.
+  # The existing Kubernetes secret name must be placed under .tenant.configuration.name e.g. existing-minio-env-configuration
+  # The secret must contain a key ``config.env``.
+  # The values should be a series of export statements to set environment variables for the Tenant.
+  # For example:
+  #
+  # .. code-block:: shell
+  #
+  #    stringData:
+  #       config.env: |-
+  #         export MINIO_ROOT_USER=ROOTUSERNAME
+  #         export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD
+  #
+  #   existingSecret: false
+  ###
   # Top level key for configuring MinIO Pool(s) in this Tenant.
   #
   # See `Operator CRD: Pools <https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html#pool>`__ for more information on all subfields.
@@ -451,7 +490,7 @@ ingress:
 #    kind: Secret
 #    type: Opaque
 #    metadata:
-#      name: {{ dig "secrets" "existingSecret" "" (.Values | merge (dict)) }}
+#      name: {{ dig "tenant" "configSecret" "name" "" (.Values | merge (dict)) }}
 #    stringData:
 #      config.env: |-
 #        export MINIO_ROOT_USER='minio'