Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow referencing multiple secrets in additionalCertificates #852

Merged
merged 3 commits into from
Aug 9, 2024
Merged

Allow referencing multiple secrets in additionalCertificates #852

merged 3 commits into from
Aug 9, 2024

Conversation

bianchi2
Copy link
Collaborator

@bianchi2 bianchi2 commented Aug 8, 2024
edited
Loading

There are cases when several self-signed certificates scattered across multiple K8S secrets need to be added to Java truststore. While there's a way to declare a custom additionalInitContainer, additionalVolumes and additionalVolumeMounts, this isn't trivial it requires knowledge of the DC Helm charts design.

This PR introduces an additional secretList value that makes it possible to reference multiple secrets with their respective keys in additionalCertificates stanza:

  • existing secretName takes precedence if defined (existing behavior is unchanged i.e. it's a non-breaking change)
  • secretList is a list of secret names and their respective keys
  • each key will be used in subPath which makes it possible to mount certs from multiple secrets
  • the resulting mounted file has <secret-name>-<key> format which makes it possible to have identical keys in different secrets

Checklist

  • I have added unit tests
  • I have applied the change to all applicable products
  • The E2E test has passed (use e2e label)

@bianchi2 bianchi2 added the e2e label Aug 8, 2024
yzha645
yzha645 reviewed Aug 9, 2024
View reviewed changes
src/main/charts/bamboo/values.yaml Outdated
# -- A list of secrets with their respective keys holding certificates to be added to the Java truststore.
# It is mandatory to specify which keys from secret data need to be mounted as files to the init container.
#
secretList:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
secretList:
secretList: []

Probably need to add [] if commented out the value, otherwise the list will be treated as a String.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, right. It was like that but removed when testing :) Fixed

@bianchi2 bianchi2 merged commit 22ed01f into main Aug 9, 2024
3 checks passed
@bianchi2 bianchi2 deleted the SCALE-134-allow-referencing-multiple-secrets-in-certs branch August 9, 2024 04:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yzha645 yzha645 yzha645 approved these changes

@nanux nanux Awaiting requested review from nanux nanux is a code owner

Assignees
No one assigned
Labels
e2e
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bianchi2 @yzha645