Skip to content

Commit df57cca

Browse files
schegirojer
schegi
authored and
rojer
committed
Existing secret support for helm chart (#267)
* Enable use of existsing secret for server key/cert * type fix * Bump chart version * defaults for crt/key, conditional changed, Readme fixed
1 parent 65e063b commit df57cca

File tree

6 files changed

+24
-3
lines changed

6 files changed

+24
-3
lines changed

chart/docker-auth/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v1
22
appVersion: "1.4.0"
33
description: Docker Registry V2 authentication server
44
name: docker-auth
5-
version: 1.0.0
5+
version: 1.0.1
66
keywords:
77
- docker
88
- registry

chart/docker-auth/README.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,8 +76,11 @@ The following table lists the configurable parameters of the docker-auth chart a
7676
| Parameter | Description | Default |
7777
| --------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
7878
| **Secret** |
79-
| `secret.data.server.certificate` | Content of server.pem | |
80-
| `secret.data.server.key` | Content of server.key | |
79+
| `secret.data.server.certificate` | Content of server.pem (mutually exclusive with secretName, keyName, certificateName) | |
80+
| `secret.data.server.key` | Content of server.key (mutually exclusive with secretName, keyName, certificateName) | |
81+
| `secret.secretName` | The name of the secret containing server key and certificate (mutually exclusive with secret.data.server.key/certificate) | |
82+
| `secret.certificateFileName` | The name of the server certificate file (mutually exclusive with secret.data.server.key/certificate) | tls.crt |
83+
| `secret.keyFileName` | The name of the server key file (mutually exclusive with secret.data.server.key/certificate) | tls.key |
8184
| **Configmap** |
8285
| `configmap.data.token.issuer` | Must match issuer in the Registry config | `Acme auth server` |
8386
| `configmap.data.token.expiration` | Token Expiration | `900` |

chart/docker-auth/templates/configmap.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,13 @@ data:
99
token:
1010
issuer: "{{ .Values.configmap.data.token.issuer }}" # Must match issuer in the Registry config.
1111
expiration: {{ .Values.configmap.data.token.expiration }}
12+
{{- if .Values.secret.secretName }}
13+
certificate: "/config/certs/{{ default "tls.crt" .Values.secret.certificateFileName }}"
14+
key: "/config/certs/{{ default "tls.key" .Values.secret.keyFileName }}"
15+
{{- else }}
1216
certificate: "/config/certs/server.pem"
1317
key: "/config/certs/server.key"
18+
{{- end }}
1419
users:
1520
{{ .Values.configmap.data.users | toYaml | nindent 6 }}
1621
acl:

chart/docker-auth/templates/deployment.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,11 @@ spec:
4848
name: {{ include "docker-auth.name" . }}
4949
- name: {{ include "docker-auth.name" . }}-secret
5050
secret:
51+
{{- if .Values.secret.secretName }}
52+
secretName: {{ .Values.secret.secretName }}
53+
{{- else }}
5154
secretName: {{ include "docker-auth.name" . }}
55+
{{- end }}
5256
{{- with .Values.nodeSelector }}
5357
nodeSelector:
5458
{{- toYaml . | nindent 8 }}

chart/docker-auth/templates/secret.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
{{- if not .Values.secret.secretName }}
2+
---
13
apiVersion: v1
24
kind: Secret
35
metadata:
@@ -6,3 +8,4 @@ type: Opaque
68
data:
79
server.pem: {{ .Values.secret.data.server.certificate | b64enc | quote }}
810
server.key: {{ .Values.secret.data.server.key | b64enc | quote }}
11+
{{- end }}

chart/docker-auth/values.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,12 @@ secret:
1818
key: |+
1919
-----BEGIN RSA PRIVATE KEY-----
2020
-----END RSA PRIVATE KEY-----
21+
# For reusing an existing secret (e.g. generated by cert-manager), define secretName, certificateFileName and keyFileName
22+
# These settings are mutually exclusive with the values provided in secret.data. Once secretName is set the secret
23+
# generated with the values above will be not be used in the deployment.
24+
# secretName:
25+
# certificateFileName: tls.crt
26+
# keyFileName: tls.key
2127
configmap:
2228
data:
2329
token:

0 commit comments

Comments
 (0)