Update docs and tests

docs/docs/userguide/CONFIGURATION.md

@@ -523,7 +523,7 @@ readinessProbe:
 
 ## :material-certificate: Self Signed Certificates
 
-There are 2 ways to add self-signed certificates to the default Java truststore: from a single or multiple secrets.
+There are 2 ways to add self-signed certificates to Java truststore: from a single secret or multiple secrets.
 
 === "From a single secret"
     * Create a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/){.external} containing base64-encoded certificate(s). Here's an example [kubectl command](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#use-source-files){.external} to create a secret from 2 local files:
@@ -544,7 +544,7 @@ There are 2 ways to add self-signed certificates to the default Java truststore:
 
     !!!info "You can have as many keys (certificates) in the secret as required. All keys will be mounted as files to `/tmp/crt` in the container and imported into Java truststore. In the example above, certificates will be mounted as `/tmp/crt/stg.crt` and `/tmp/crt/dev.crt`. File extension in the secret keys does not matter as long as the file is a valid certificate."
 
-    * Provide the secret name in Helm values:
+    * Provide the secret name in Helm values (unlike the case with multiple secrets you don't need to provide secret keys):
 
     ```yaml
     jira:
@@ -586,8 +586,7 @@ The product Helm chart will add additional `volumeMounts` and `volumes` to the p
 
 * copy the default Java cacerts to a runtime volume shared between the init container and the main container at `/var/ssl`
 * run [keytool -import](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html){.external} to import all certificates in `/tmp/crt` mounted from secret(s) to `/var/ssl/cacerts`
-
-`-Djavax.net.ssl.trustStore=/var/ssl/cacerts` system property will be automatically added to `JVM_SUPPORT_RECOMMENDED_ARGS` environment variable.
+* `-Djavax.net.ssl.trustStore=/var/ssl/cacerts` system property will be automatically added to `JVM_SUPPORT_RECOMMENDED_ARGS` environment variable.
 
 If necessary, it is possible to override the default `keytool -import` command:
 

src/main/charts/bamboo/README.md

@@ -35,8 +35,8 @@ Kubernetes: `>=1.21.x-0`
 | bamboo.accessLog.mountPath | string | `"/opt/atlassian/bamboo/logs"` | The path within the Bamboo container where the local-home volume should be mounted in order to capture access logs.  |
 | bamboo.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bamboo plugins that should be added to the Bamboo container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/  NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar  An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI.  |
 | bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
-| bamboo.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container  |
-| bamboo.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList.  |
+| bamboo.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container.  |
+| bamboo.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.  |
 | bamboo.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bamboo container. See https://hub.docker.com/r/atlassian/bamboo for supported variables.  |
 | bamboo.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bamboo JVM, e.g. system properties.  |
 | bamboo.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Bamboo container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/  |

src/main/charts/bamboo/values.yaml

@@ -972,11 +972,11 @@ bamboo:
   #
   additionalCertificates:
     # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data
-    # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList.
+    # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.
     #
     secretName:
-    # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys
-    # from secret data need to be mounted as files to the init container
+    # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore.
+    # It is mandatory to specify which keys from secret data need to be mounted as files to the init container.
     #
     secretList:
     #- name: self-signed-ca

src/main/charts/bitbucket/README.md

@@ -35,8 +35,8 @@ Kubernetes: `>=1.21.x-0`
 | atlassianAnalyticsAndSupport.helmValues.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a YAML file which can be optionally including to support.zip  |
 | bitbucket.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bitbucket plugins that should be added to the Bitbucket container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/  NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar  An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI.  |
 | bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
-| bitbucket.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container  |
-| bitbucket.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList.  |
+| bitbucket.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container.  |
+| bitbucket.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.  |
 | bitbucket.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bitbucket container. See https://hub.docker.com/r/atlassian/bitbucket for supported variables.  |
 | bitbucket.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bitbucket JVM, e.g. system properties.  |
 | bitbucket.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Bitbucket container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/  |
@@ -67,8 +67,8 @@ Kubernetes: `>=1.21.x-0`
 | bitbucket.livenessProbe.periodSeconds | int | `5` | How often (in seconds) the Bitbucket container liveness probe will run  |
 | bitbucket.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the probe times out  |
 | bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
-| bitbucket.mesh.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container  |
-| bitbucket.mesh.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList.  |
+| bitbucket.mesh.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container.  |
+| bitbucket.mesh.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.  |
 | bitbucket.mesh.additionalEnvironmentVariables | object | `{}` | Defines any additional environment variables to be passed to the Bitbucket mesh containers.  |
 | bitbucket.mesh.additionalFiles | string | `nil` | Additional existing ConfigMaps and Secrets not managed by Helm that should be mounted into service container  |
 | bitbucket.mesh.additionalInitContainers | object | `{}` | Additional initContainer definitions that will be added to all Bitbucket pods  |

src/main/charts/bitbucket/values.yaml

@@ -1128,11 +1128,11 @@ bitbucket:
     #
     additionalCertificates:
       # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data
-      # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList.
+      # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.
       #
       secretName:
-      # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys
-      # from secret data need to be mounted as files to the init container
+      # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore.
+      # It is mandatory to specify which keys from secret data need to be mounted as files to the init container.
       #
       secretList:
       #- name: self-signed-ca
@@ -1223,11 +1223,11 @@ bitbucket:
   #
   additionalCertificates:
     # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data
-    # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList.
+    # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.
     #
     secretName:
-    # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys
-    # from secret data need to be mounted as files to the init container
+    # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore.
+    # It is mandatory to specify which keys from secret data need to be mounted as files to the init container.
     #
     secretList:
     #- name: self-signed-ca

src/main/charts/confluence/README.md

@@ -38,8 +38,8 @@ Kubernetes: `>=1.21.x-0`
 | confluence.accessLog.mountPath | string | `"/opt/atlassian/confluence/logs"` | The path within the Confluence container where the local-home volume should be mounted in order to capture access logs.  |
 | confluence.additionalBundledPlugins | list | `[]` | Specifies a list of additional Confluence plugins that should be added to the Confluence container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/  NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar  An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI.  |
 | confluence.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
-| confluence.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container  |
-| confluence.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList.  |
+| confluence.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container.  |
+| confluence.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.  |
 | confluence.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Confluence container. See https://hub.docker.com/r/atlassian/confluence for supported variables.  |
 | confluence.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Confluence JVM, e.g. system properties.  |
 | confluence.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Confluence container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/  |
@@ -192,8 +192,8 @@ Kubernetes: `>=1.21.x-0`
 | serviceAccount.role.create | bool | `true` | Create a role for Hazelcast client with privileges to get and list pods and endpoints in the namespace. Set to false if you need to create a Role and RoleBinding manually  |
 | serviceAccount.roleBinding | object | `{"create":true}` | Grant permissions defined in Role (list and get pods and endpoints) to a service account.  |
 | synchrony.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates  |
-| synchrony.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container  |
-| synchrony.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList.  |
+| synchrony.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container.  |
+| synchrony.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList.  |
 | synchrony.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Synchrony JVM, e.g. system properties.  |
 | synchrony.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Synchrony container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/  |
 | synchrony.additionalPorts | list | `[]` | Defines any additional ports for the Synchrony container.  |