Merge pull request #836 from dduportal/fix/mirrorbits-lite/pvc-secret

fix(mirrorbit-lite) only create secrets when needed
jenkins-infra · Oct 6, 2023 · a10f3fa · a10f3fa
2 parents 68dd86b + 0ae8757
commit a10f3fa
Show file tree

Hide file tree

Showing 7 changed files with 65 additions and 8 deletions.
diff --git a/charts/mirrorbits-lite/.helmignore b/charts/mirrorbits-lite/.helmignore
@@ -14,6 +14,7 @@
 *.swp
 *.bak
 *.tmp
+*.orig
 *~
 # Various IDEs
 .project

diff --git a/charts/mirrorbits-lite/Chart.yaml b/charts/mirrorbits-lite/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 description: Mirrobits lite helm chart for Kubernetes
 name: mirrorbits-lite
-version: 0.4.0
+version: 0.4.1
 appVersion: "v0.5.1"
 maintainers:
 - email: [email protected]

diff --git a/charts/mirrorbits-lite/templates/deployment.yaml b/charts/mirrorbits-lite/templates/deployment.yaml
@@ -15,7 +15,7 @@ spec:
       labels:
         app.kubernetes.io/name: {{ include "mirrorbits-lite.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
-        checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum | trunc 63 }}
+        checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum | trunc 63 }}
     spec:
       automountServiceAccountToken: false
     {{- with .Values.imagePullSecrets }}

diff --git a/charts/mirrorbits-lite/templates/secret.yaml → ...ts/mirrorbits-lite/templates/secrets.yaml b/charts/mirrorbits-lite/templates/secret.yaml → ...ts/mirrorbits-lite/templates/secrets.yaml
@@ -6,7 +6,7 @@ metadata:
 type: Opaque
 data:
   mirrorbits.conf: {{ .Values.conf | b64enc }}
-
+{{- if and .Values.geoipupdate.account_id .Values.geoipupdate.license_key }}
 ---
 apiVersion: v1
 kind: Secret
@@ -16,8 +16,8 @@ type: Opaque
 data:
   GEOIPUPDATE_ACCOUNT_ID: {{ .Values.geoipupdate.account_id | b64enc }}
   GEOIPUPDATE_LICENSE_KEY: {{ .Values.geoipupdate.license_key | b64enc }}
-
-{{ if .Values.repository.secrets.enabled -}}
+{{- end }}
+{{- if and .Values.repository.secrets.enabled (not (dig "global" "storage" "enabled" false .Values.AsMap)) }}
 ---
 apiVersion: v1
 kind: Secret

diff --git a/charts/mirrorbits-lite/tests/custom_values_test.yaml b/charts/mirrorbits-lite/tests/custom_values_test.yaml
@@ -2,7 +2,7 @@ suite: Tests with custom values
 templates:
   - deployment.yaml
   - ingress.yaml
-  - secret.yaml # Direct dependency of deployment.yaml
+  - secrets.yaml
   - service.yaml
   - pdb.yaml
   - persistentVolume.yaml
@@ -58,6 +58,11 @@ set:
             namespace: mirrorbits
         mountOptions:
           - dir_mode=0755
+    secrets:
+      enabled: true
+      data:
+        azurestorageaccountkey: 'SuperSecretKey!'
+        azurestorageaccountname: storage-account-in-az
 tests:
   - it: Should set the correct service selector labels when a fullNameOverride is specified
     template: service.yaml
@@ -170,3 +175,29 @@ tests:
       - equal:
           path: spec.selector.matchLabels['app.kubernetes.io/name']
           value: mirrorbits-lite
+  - it: should create all secrets
+    template: secrets.yaml
+    asserts:
+      - hasDocuments:
+          count: 3
+      - documentIndex: 0
+        isKind:
+          of: Secret
+      - documentIndex: 0
+        equal:
+          path: metadata.name
+          value: RELEASE-NAME-mirrorbits-lite
+      - documentIndex: 1
+        isKind:
+          of: Secret
+      - documentIndex: 1
+        equal:
+          path: metadata.name
+          value: RELEASE-NAME-mirrorbits-lite-geoipupdate
+      - documentIndex: 2
+        isKind:
+          of: Secret
+      - documentIndex: 2
+        equal:
+          path: metadata.name
+          value: RELEASE-NAME-mirrorbits-lite-binary
diff --git a/charts/mirrorbits-lite/tests/defaults_test.yaml b/charts/mirrorbits-lite/tests/defaults_test.yaml
@@ -2,7 +2,7 @@ suite: default tests
 templates:
   - deployment.yaml
   - ingress.yaml
-  - secret.yaml # Direct dependency of deployment(.*).yaml
+  - secrets.yaml
   - service.yaml
   - pdb.yaml
   - persistentVolume.yaml
@@ -73,3 +73,13 @@ tests:
     asserts:
       - hasDocuments:
           count: 0
+  - it: should only create the mirrorbits conf secret by default
+    template: secrets.yaml
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Secret
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-mirrorbits-lite
diff --git a/charts/mirrorbits-lite/tests/parent_values_test.yaml b/charts/mirrorbits-lite/tests/parent_values_test.yaml
@@ -2,7 +2,7 @@ suite: Tests with values from parent (umbrella ingress and umbrella PVC)
 templates:
   - deployment.yaml
   - ingress.yaml
-  - secret.yaml # Direct dependency of deployment.yaml
+  - secrets.yaml
   - persistentVolume.yaml
   - persistentVolumeClaim.yaml
 set:
@@ -55,6 +55,11 @@ set:
             namespace: mirrorbits
         mountOptions:
           - dir_mode=0755
+    secrets:
+      enabled: true
+      data:
+        azurestorageaccountkey: 'SuperSecretKey!'
+        azurestorageaccountname: storage-account-in-az
 tests:
   - it: should define a customized "mirrorbits-lite" deployment
     template: deployment.yaml
@@ -91,3 +96,13 @@ tests:
     asserts:
       - hasDocuments:
           count: 0
+  - it: should only create the mirrorbits conf secret (global storage overrides local PVC secrets)
+    template: secrets.yaml
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Secret
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-mirrorbits-lite
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,6 +14,7 @@ @@
     *.swp
     *.bak
     *.tmp
+    *.orig
     *~
     # Various IDEs
     .project
@@ Expand Down @@