add helpers for secretNames

Signed-off-by: Caleb Lloyd <caleb@synadia.com>

helm/charts/nats/files/config/cluster.yaml

@@ -10,7 +10,8 @@ routes:
 
 {{- with .tls }}
 {{- if .enabled }}
-tls: {{ include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 4 }}
+tls:
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 {{- end }}

helm/charts/nats/files/config/config.yaml

@@ -14,7 +14,8 @@ port: {{ .port }}
 
 {{- with .tls }}
 {{- if .enabled }}
-tls: {{ include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 4 }}
+tls:
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 {{- end }}
@@ -25,7 +26,7 @@ tls: {{ include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx
 {{- with .leafnode }}
 {{- if .enabled }}
 leafnode:
-  {{ include "nats.loadMergePatch" (merge (dict "file" "config/leafnode.yaml" "ctx" $) .) | nindent 2 }}
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/leafnode.yaml" "ctx" $) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 
@@ -35,7 +36,7 @@ leafnode:
 {{- with .websocket }}
 {{- if .enabled }}
 websocket:
-  {{ include "nats.loadMergePatch" (merge (dict "file" "config/websocket.yaml" "ctx" $) .) | nindent 2 }}
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/websocket.yaml" "ctx" $) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 
@@ -45,7 +46,7 @@ websocket:
 {{- with .mqtt }}
 {{- if .enabled }}
 mqtt:
-  {{ include "nats.loadMergePatch" (merge (dict "file" "config/mqtt.yaml" "ctx" $) .) | nindent 2 }}
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/mqtt.yaml" "ctx" $) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 
@@ -55,7 +56,7 @@ mqtt:
 {{- with .cluster }}
 {{- if .enabled }}
 cluster:
-  {{ include "nats.loadMergePatch" (merge (dict "file" "config/cluster.yaml" "ctx" $) .) | nindent 2 }}
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/cluster.yaml" "ctx" $) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 
@@ -65,7 +66,7 @@ cluster:
 {{- with .gateway }}
 {{- if .enabled }}
 gateway:
-  {{ include "nats.loadMergePatch" (merge (dict "file" "config/gateway.yaml" "ctx" $) .) | nindent 2 }}
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/gateway.yaml" "ctx" $) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 
@@ -93,7 +94,7 @@ prof_port: {{ .port }}
 {{- with $.Values.config.jetstream -}}
 {{- if .enabled }}
 jetstream:
-  {{ include "nats.loadMergePatch" (merge (dict "file" "config/jetstream.yaml" "ctx" $) .) | nindent 2 }}
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/jetstream.yaml" "ctx" $) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 
@@ -103,7 +104,7 @@ jetstream:
 {{- with $.Values.config.resolver -}}
 {{- if .enabled }}
 resolver:
-  {{ include "nats.loadMergePatch" (merge (dict "file" "config/resolver.yaml" "ctx" $) .) | nindent 2 }}
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/resolver.yaml" "ctx" $) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 

helm/charts/nats/files/config/gateway.yaml

@@ -4,7 +4,8 @@ port: {{ .port }}
 
 {{- with .tls }}
 {{- if .enabled }}
-tls: {{ include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 4 }}
+tls:
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 {{- end }}

helm/charts/nats/files/config/leafnode.yaml

@@ -4,7 +4,8 @@ no_advertise: true
 
 {{- with .tls }}
 {{- if .enabled }}
-tls: {{ include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 4 }}
+tls:
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 {{- end }}

helm/charts/nats/files/config/mqtt.yaml

@@ -3,7 +3,8 @@ port: {{ .port }}
 
 {{- with .tls }}
 {{- if .enabled }}
-tls: {{ include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 4 }}
+tls:
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 {{- end }}

helm/charts/nats/files/config/protocol.yaml

@@ -3,7 +3,8 @@ port: {{ .port }}
 
 {{- with .tls }}
 {{- if .enabled }}
-tls: {{ include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 4 }}
+tls:
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
 {{- end }}
 {{- end }}
 {{- end }}

helm/charts/nats/files/config/tls.yaml

@@ -1,4 +1,5 @@
 {{- with .tls }}
+{{- if .secretName }}
 {{- $dir := trimSuffix "/" .dir }}
 cert_file: {{ printf "%s/%s" $dir .cert }}
 key_file: {{ printf "%s/%s" $dir .key }}
@@ -7,3 +8,4 @@ ca_file: {{ printf "%s/%s" $dir .ca }}
 verify: true
 {{- end }}
 {{- end }}
+{{- end }}

helm/charts/nats/files/config/websocket.yaml

@@ -4,7 +4,8 @@ compression: true
 
 {{- if .tls.enabled }}
 {{- with .tls }}
-tls: {{ include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 4 }}
+tls:
+  {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
 {{- end }}
 {{- else }}
 no_tls: true

helm/charts/nats/files/nats-box/contexts-secret/context.yaml

@@ -15,7 +15,8 @@ url: nats://{{ .Values.headlessService.name }}
 {{- if .contents }}
 creds: /etc/nats-contents/{{ $contextName }}.creds
 {{- else if .secretName }}
-creds: /etc/nats-creds/{{ $contextName }}/{{ .key }}
+{{- $dir := trimSuffix "/" .dir }}
+creds: {{ $dir }}/{{ .key }}
 {{- end }}
 {{- end }}
 
@@ -24,22 +25,24 @@ creds: /etc/nats-creds/{{ $contextName }}/{{ .key }}
 {{- if .contents }}
 nkey: /etc/nats-contents/{{ $contextName }}.nk
 {{- else if .secretName }}
-nkey: /etc/nats-nkeys/{{ $contextName }}/{{ .key }}
+{{- $dir := trimSuffix "/" .dir }}
+nkey: {{ $dir }}/{{ .key }}
 {{- end }}
 {{- end }}
 
 # tls
 {{- with .tls }}
 {{- if .secretName }}
+{{- $dir := trimSuffix "/" .dir }}
 {{- if and .cert .key }}
-cert: /etc/nats-certs/{{ $contextName }}/{{ .cert }}
-key: /etc/nats-certs/{{ $contextName }}/{{ .key }}
+cert: {{ $dir }}/{{ .cert }}
+key: {{ $dir }}/{{ .key }}
 {{- end }}
 {{- if .ca }}
 {{- $caSet = true }}
-ca: /etc/nats-certs/{{ $contextName }}/{{ .ca }}
+ca: {{ $dir }}/{{ .ca }}
 {{- end }}
 {{- end }}
 {{- end }}
 
-{{- end }}
+{{- end }}

helm/charts/nats/files/nats-box/deployment/container.yaml

@@ -30,12 +30,7 @@ volumeMounts:
   mountPath: /etc/nats-contexts
 - name: contents
   mountPath: /etc/nats-contents
-{{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }}
-{{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }}
-{{- $secret := get $ctxVal $secretKey }}
-{{- if and $secret $secret.secretName }}
-- name: ctx-{{ $ctxKey }}-{{ $secretKey }}
-  mountPath: /etc/{{ $secretVal }}/{{ $ctxKey }}
-{{- end }}
-{{- end }}
+{{- range (include "natsBox.secretNames" $ | fromJson).secretNames }}
+- name: {{ .name | quote }}
+  mountPath: {{ .dir | quote }}
 {{- end }}

helm/charts/nats/files/nats-box/deployment/pod-template.yaml

@@ -25,14 +25,9 @@ spec:
   - name: contents
     secret:
       secretName: {{ .Values.natsBox.contentsSecret.name }}
-  # context secrets
-  {{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }}
-  {{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }}
-  {{- $secret := get $ctxVal $secretKey }}
-  {{- if and $secret $secret.secretName }}
-  - name: ctx-{{ $ctxKey }}-{{ $secretKey }}
+  # secrets
+  {{- range (include "natsBox.secretNames" $ | fromJson).secretNames }}
+  - name: {{ .name | quote }}
     secret:
-      secretName: {{ $secret.secretName | quote }}
-  {{- end }}
-  {{- end }}
+      secretName: {{ .secretName | quote }}
   {{- end }}

helm/charts/nats/files/stateful-set/nats-container.yaml

@@ -83,10 +83,7 @@ volumeMounts:
   mountPath: {{ .dir | quote }}
 {{- end }}
 {{- end }}
-{{- range $protocol := list "nats" "leafnode" "websocket" "mqtt" "cluster" "gateway" }}
-{{- $configProtocol := get $.Values.config $protocol }}
-{{- if and (or (eq $protocol "nats") $configProtocol.enabled) $configProtocol.tls.enabled $configProtocol.tls.secretName }}
-- name: {{ $protocol }}-tls
-  mountPath: {{ $configProtocol.tls.dir | quote }}
-{{- end }}
+{{- range (include "nats.secretNames" $ | fromJson).secretNames }}
+- name: {{ .name | quote }}
+  mountPath: {{ .dir | quote }}
 {{- end }}

helm/charts/nats/files/stateful-set/pod-template.yaml

@@ -49,14 +49,11 @@ spec:
   - name: pid
     emptyDir: {}
   {{- end }}
-  # TLS secrets
-  {{- range $protocol := list "nats" "leafnode" "websocket" "mqtt" "cluster" "gateway" }}
-  {{- $configProtocol := get $.Values.config $protocol }}
-  {{- if and (or (eq $protocol "nats") $configProtocol.enabled) $configProtocol.tls.enabled $configProtocol.tls.secretName }}
-  - name: {{ $protocol }}-tls
+  # secrets
+  {{- range (include "nats.secretNames" $ | fromJson).secretNames }}
+  - name: {{ .name | quote }}
     secret:
-      secretName: {{ $configProtocol.tls.secretName | quote }}
-  {{- end }}
+      secretName: {{ .secretName | quote }}
   {{- end }}
 
   {{- with .Values.podTemplate.topologySpreadConstraints }}

helm/charts/nats/templates/_helpers.tpl

@@ -35,29 +35,41 @@ Set default values.
 */}}
 {{- define "nats.defaultValues" }}
 {{- if not .defaultValuesSet }}
-{{- $name := include "nats.fullname" . }}
-{{- with .Values }}
-{{- $_ := set .config.jetstream.fileStore.pvc   "name" (.config.jetstream.fileStore.pvc.name   | default (printf "%s-js" $name)) }}
-{{- $_ := set .config.resolver.pvc              "name" (.config.resolver.pvc.name              | default (printf "%s-resolver" $name)) }}
-{{- $_ := set .config.websocket.ingress         "name" (.config.websocket.ingress.name         | default (printf "%s-ws" $name)) }}
-{{- $_ := set .configMap                        "name" (.configMap.name                        | default (printf "%s-config" $name)) }}
-{{- $_ := set .headlessService                  "name" (.headlessService.name                  | default (printf "%s-headless" $name)) }}
-{{- $_ := set .natsBox.contentsSecret           "name" (.natsBox.contentsSecret.name           | default (printf "%s-box-contents" $name)) }}
-{{- $_ := set .natsBox.contextsSecret           "name" (.natsBox.contextsSecret.name           | default (printf "%s-box-contexts" $name)) }}
-{{- $_ := set .natsBox.deployment               "name" (.natsBox.deployment.name               | default (printf "%s-box" $name)) }}
-{{- $_ := set .natsBox.serviceAccount           "name" (.natsBox.serviceAccount.name           | default (printf "%s-box" $name)) }}
-{{- $_ := set .service                          "name" (.service.name                          | default $name) }}
-{{- $_ := set .serviceAccount                   "name" (.serviceAccount.name                   | default $name) }}
-{{- $_ := set .statefulSet                      "name" (.statefulSet.name                      | default $name) }}
-{{- $_ := set .promExporter.podMonitor          "name" (.promExporter.podMonitor.name          | default $name) }}
-{{- end }}
-{{- $values := get (include "tplYaml" (dict "doc" .Values "ctx" $) | fromJson) "doc" }}
-{{- $_ := set . "Values" $values }}
-{{- with .Values.config }}
-{{- $config := include "nats.loadMergePatch" (merge (dict "file" "config/config.yaml" "ctx" $) .) | fromYaml }}
-{{- $_ := set $ "config" $config }}
-{{- end }}
-{{- $_ := set . "defaultValuesSet" true }}
+  {{- $name := include "nats.fullname" . }}
+  {{- with .Values }}
+    {{- $_ := set .config.jetstream.fileStore.pvc   "name" (.config.jetstream.fileStore.pvc.name   | default (printf "%s-js" $name)) }}
+    {{- $_ := set .config.resolver.pvc              "name" (.config.resolver.pvc.name              | default (printf "%s-resolver" $name)) }}
+    {{- $_ := set .config.websocket.ingress         "name" (.config.websocket.ingress.name         | default (printf "%s-ws" $name)) }}
+    {{- $_ := set .configMap                        "name" (.configMap.name                        | default (printf "%s-config" $name)) }}
+    {{- $_ := set .headlessService                  "name" (.headlessService.name                  | default (printf "%s-headless" $name)) }}
+    {{- $_ := set .natsBox.contentsSecret           "name" (.natsBox.contentsSecret.name           | default (printf "%s-box-contents" $name)) }}
+    {{- $_ := set .natsBox.contextsSecret           "name" (.natsBox.contextsSecret.name           | default (printf "%s-box-contexts" $name)) }}
+    {{- $_ := set .natsBox.deployment               "name" (.natsBox.deployment.name               | default (printf "%s-box" $name)) }}
+    {{- $_ := set .natsBox.serviceAccount           "name" (.natsBox.serviceAccount.name           | default (printf "%s-box" $name)) }}
+    {{- $_ := set .service                          "name" (.service.name                          | default $name) }}
+    {{- $_ := set .serviceAccount                   "name" (.serviceAccount.name                   | default $name) }}
+    {{- $_ := set .statefulSet                      "name" (.statefulSet.name                      | default $name) }}
+    {{- $_ := set .promExporter.podMonitor          "name" (.promExporter.podMonitor.name          | default $name) }}
+  {{- end }}
+
+  {{- $values := get (include "tplYaml" (dict "doc" .Values "ctx" $) | fromJson) "doc" }}
+  {{- $_ := set . "Values" $values }}
+
+  {{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }}
+  {{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }}
+    {{- $secret := get $ctxVal $secretKey }}
+    {{- if $secret }}
+    {{- $_ := set $secret "dir" ($secret.dir | default (printf "/etc/%s/%s" $secretVal $ctxKey)) }}
+    {{- end }}
+  {{- end }}
+  {{- end }}
+
+  {{- with .Values.config }}
+  {{- $config := include "nats.loadMergePatch" (merge (dict "file" "config/config.yaml" "ctx" $) .) | fromYaml }}
+  {{- $_ := set $ "config" $config }}
+  {{- end }}
+
+  {{- $_ := set . "defaultValuesSet" true }}
 {{- end }}
 {{- end }}
 
@@ -123,6 +135,30 @@ imagePullPolicy: {{ .pullPolicy | default .global.image.pullPolicy }}
 {{- end }}
 {{- end }}
 
+{{- define "nats.secretNames" -}}
+{{- $secrets := list }}
+{{- range $protocol := list "nats" "leafnode" "websocket" "mqtt" "cluster" "gateway" }}
+  {{- $configProtocol := get $.Values.config $protocol }}
+  {{- if and (or (eq $protocol "nats") $configProtocol.enabled) $configProtocol.tls.enabled $configProtocol.tls.secretName }}
+    {{- $secrets = append $secrets (merge (dict "name" (printf "%s-tls" $protocol)) $configProtocol.tls) }}
+  {{- end }}
+{{- end }}
+{{- toJson (dict "secretNames" $secrets) }}
+{{- end }}
+
+{{- define "natsBox.secretNames" -}}
+{{- $secrets := list }}
+{{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }}
+{{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }}
+  {{- $secret := get $ctxVal $secretKey }}
+    {{- if and $secret $secret.secretName }}
+      {{- $secrets = append $secrets (merge (dict "name" (printf "ctx-%s-%s" $ctxKey $secretKey)) $secret) }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- toJson (dict "secretNames" $secrets) }}
+{{- end }}
+
 {{/*
 translates env var map to list
 */}}
@@ -150,7 +186,7 @@ output: JSON encoded map with 1 key:
 - doc: interface{} patched json result
 */}}
 {{- define "nats.loadMergePatch" -}}
-{{- $doc := tpl (.ctx.Files.Get (printf "files/%s" .file)) .ctx | fromYaml -}}
+{{- $doc := tpl (.ctx.Files.Get (printf "files/%s" .file)) .ctx | fromYaml | default dict -}}
 {{- $doc = mergeOverwrite $doc (deepCopy .merge) -}}
 {{- get (include "jsonpatch" (dict "doc" $doc "patch" .patch) | fromJson ) "doc" | toYaml -}}
 {{- end }}

helm/charts/nats/values.yaml

@@ -480,18 +480,24 @@ natsBox:
       creds:
         # set contents in order to create a secret with the creds file contents
         contents:
-        # set secretName in order to mount an existing secret to to /etc/nats-creds/<context-name>
+        # set secretName in order to mount an existing secret to dir
         secretName:
+        # defaults to /etc/nats-creds/<context-name>
+        dir:
         key: nats.creds
       nkey:
         # set contents in order to create a secret with the nkey file contents
         contents:
-        # set secretName in order to mount an existing secret to /etc/nats-nkeys/<context-name>
+        # set secretName in order to mount an existing secret to dir
         secretName:
+        # defaults to /etc/nats-nkeys/<context-name>
+        dir:
         key: nats.nk
       tls:
-        # set secretName in order to mount an existing secret to /etc/nats-certs/<context-name>
+        # set secretName in order to mount an existing secret to dir
         secretName:
+        # defaults to /etc/nats-certs/<context-name>
+        dir:
         # set cert and key to name of secret data keys to enable mTLS
         cert:
         key: