From 620bf31555599fe8e8579cfdf0f561244696f8f6 Mon Sep 17 00:00:00 2001 From: Yevhen Ivantsov Date: Thu, 8 Aug 2024 09:12:32 +1000 Subject: [PATCH 1/3] Make it possible to get certificates from multiple secrets --- docs/docs/userguide/CONFIGURATION.md | 85 +++++++++---- src/main/charts/bamboo/README.md | 4 +- src/main/charts/bamboo/templates/_helpers.tpl | 10 +- .../charts/bamboo/templates/statefulset.yaml | 13 +- src/main/charts/bamboo/values.yaml | 14 ++ src/main/charts/bitbucket/README.md | 8 +- .../charts/bitbucket/templates/_helpers.tpl | 10 +- .../bitbucket/templates/statefulset-mesh.yaml | 23 +++- .../bitbucket/templates/statefulset.yaml | 13 +- src/main/charts/bitbucket/values.yaml | 28 ++++ src/main/charts/confluence/README.md | 8 +- .../charts/confluence/templates/_helpers.tpl | 20 ++- .../templates/statefulset-synchrony.yaml | 13 +- .../confluence/templates/statefulset.yaml | 13 +- src/main/charts/confluence/values.yaml | 28 ++++ src/main/charts/crowd/README.md | 4 +- src/main/charts/crowd/templates/_helpers.tpl | 10 +- .../charts/crowd/templates/statefulset.yaml | 13 +- src/main/charts/crowd/values.yaml | 14 ++ src/main/charts/jira/README.md | 5 +- src/main/charts/jira/templates/_helpers.tpl | 12 +- .../charts/jira/templates/statefulset.yaml | 13 +- src/main/charts/jira/values.yaml | 16 +++ .../java/test/AdditionalCertificatesTest.java | 120 ++++++++++++++++++ 24 files changed, 448 insertions(+), 49 deletions(-) diff --git a/docs/docs/userguide/CONFIGURATION.md b/docs/docs/userguide/CONFIGURATION.md index 2724b5dfd..10dcb951e 100644 --- a/docs/docs/userguide/CONFIGURATION.md +++ b/docs/docs/userguide/CONFIGURATION.md @@ -523,38 +523,69 @@ readinessProbe: ## :material-certificate: Self Signed Certificates -To add self signed certificates to the default Java truststore, follow the below steps. +There are 2 ways to add self-signed certificates to the default Java truststore: from a single or multiple secrets. -* Create a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/){.external} containing base64-encoded certificate(s). Here's an example [kubectl command](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#use-source-files){.external} to create a secret from 2 local files: - -```shell -kubectl create secret generic dev-certificates \ - --from-file=stg.crt=./stg.crt \ - --from-file=dev.crt=./dev.crt -n $namespace -``` - -The resulting secret will have the following data: - -```yaml -data: - stg.crt: base64encodedstgcrt - dev.crt: base64encodeddevcrt -``` - -!!!info "You can have as many keys (certificates) in the secret as required. All keys will be mounted as files to `/tmp/crt` in the container and imported into Java truststore. In the example above, certificates will be mounted as `/tmp/crt/stg.crt` and `/tmp/crt/dev.crt`. File extension in the secret keys does not matter as long as the file is a valid certificate." - -* Provide the secret name in Helm values: +=== "From a single secret" + * Create a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/){.external} containing base64-encoded certificate(s). Here's an example [kubectl command](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#use-source-files){.external} to create a secret from 2 local files: + + ```shell + kubectl create secret generic dev-certificates \ + --from-file=stg.crt=./stg.crt \ + --from-file=dev.crt=./dev.crt -n $namespace + ``` + + The resulting secret will have the following data: + + ```yaml + data: + stg.crt: base64encodedstgcrt + dev.crt: base64encodeddevcrt + ``` + + !!!info "You can have as many keys (certificates) in the secret as required. All keys will be mounted as files to `/tmp/crt` in the container and imported into Java truststore. In the example above, certificates will be mounted as `/tmp/crt/stg.crt` and `/tmp/crt/dev.crt`. File extension in the secret keys does not matter as long as the file is a valid certificate." + + * Provide the secret name in Helm values: + + ```yaml + jira: + additionalCertificates: + secretName: dev-certificates + ``` +=== "From multiple secrets" + * Create 2 [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/){.external} containing base64-encoded certificate(s). Here's an example [kubectl command](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#use-source-files){.external} to create 2 secrets from local files (the first one with 2 certificates/keys and the second one with just one): + + ```shell + kubectl create secret generic dev-certificates \ + --from-file=stg.crt=./stg.crt \ + --from-file=dev.crt=./dev.crt -n $namespace -```yaml -jira: - additionalCertificates: - secretName: dev-certificates -``` + kubectl create secret generic root-ca \ + --from-file=ca.crt=./ca.crt -n $namespace + ``` + !!!info "You can have as many keys (certificates) in the secrets, however, you will need to list the keys you'd like to get mounted. All keys will be mounted as files to `/tmp/crt` in the container and imported into Java truststore." + + * Provide the list of secrets and their keys in Helm values: + + ```yaml + jira: + additionalCertificates: + secretList: + - name: dev-certificates + keys: + - stg.crt + - dev.crt + - name: root-ca + keys: + - ca.crt + ``` + To allow having identical keys in different secrets, filenames will have the following format: `-`, so + files will get mounted as `/tmp/crt/dev-certificates-stg.crt`, `/tmp/crt/dev-certificates-dev.crt` and `/tmp/crt/root-ca-ca.crt` + and imported to Java truststore with the same aliases. The product Helm chart will add additional `volumeMounts` and `volumes` to the pod(s), as well as an extra init container that will: * copy the default Java cacerts to a runtime volume shared between the init container and the main container at `/var/ssl` -* run [keytool -import](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html){.external} to import all certificates in `/tmp/crt` mounted from `dev-certificates` secret to `/var/ssl/cacerts` +* run [keytool -import](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html){.external} to import all certificates in `/tmp/crt` mounted from secret(s) to `/var/ssl/cacerts` `-Djavax.net.ssl.trustStore=/var/ssl/cacerts` system property will be automatically added to `JVM_SUPPORT_RECOMMENDED_ARGS` environment variable. @@ -583,4 +614,4 @@ Helm values are mounted to be included to the [support.zip](https://confluence.a Analytics json is a subset of `values.yaml` and contains selected Helm values that are sent as an analytics event and written to analytics logs, if analytics is enabled in the product. Analytics values are purely informational and contain information on how Helm charts are used. -You can find the complete list of analytics values in `_helpers.tpl`, `.analyticsJson`. \ No newline at end of file +You can find the complete list of analytics values in `_helpers.tpl`, `.analyticsJson`. diff --git a/src/main/charts/bamboo/README.md b/src/main/charts/bamboo/README.md index ed3c35df3..e4610fc25 100644 --- a/src/main/charts/bamboo/README.md +++ b/src/main/charts/bamboo/README.md @@ -34,7 +34,9 @@ Kubernetes: `>=1.21.x-0` | bamboo.accessLog.localHomeSubPath | string | `"log"` | The subdirectory within the local-home volume where access logs should be stored. | | bamboo.accessLog.mountPath | string | `"/opt/atlassian/bamboo/logs"` | The path within the Bamboo container where the local-home volume should be mounted in order to capture access logs. | | bamboo.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bamboo plugins that should be added to the Bamboo container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bamboo.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | +| bamboo.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | | bamboo.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bamboo container. See https://hub.docker.com/r/atlassian/bamboo for supported variables. | | bamboo.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bamboo JVM, e.g. system properties. | | bamboo.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Bamboo container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | diff --git a/src/main/charts/bamboo/templates/_helpers.tpl b/src/main/charts/bamboo/templates/_helpers.tpl index 635b4c4ea..bfc45c122 100644 --- a/src/main/charts/bamboo/templates/_helpers.tpl +++ b/src/main/charts/bamboo/templates/_helpers.tpl @@ -285,12 +285,20 @@ For each additional plugin declared, generate a volume mount that injects that l {{- with .Values.volumes.additional }} {{- toYaml . | nindent 0 }} {{- end }} -{{- if .Values.bamboo.additionalCertificates.secretName }} +{{- if or .Values.bamboo.additionalCertificates.secretName .Values.bamboo.additionalCertificates.secretList }} - name: keystore emptyDir: {} +{{- if .Values.bamboo.additionalCertificates.secretName }} - name: certs secret: secretName: {{ .Values.bamboo.additionalCertificates.secretName }} +{{- else }} +{{- range .Values.bamboo.additionalCertificates.secretList }} +- name: {{ .name }} + secret: + secretName: {{ .name }} +{{- end }} +{{- end }} {{- end }} {{- if or .Values.atlassianAnalyticsAndSupport.analytics.enabled .Values.atlassianAnalyticsAndSupport.helmValues.enabled }} - name: helm-values diff --git a/src/main/charts/bamboo/templates/statefulset.yaml b/src/main/charts/bamboo/templates/statefulset.yaml index 112af3038..1ea99a2ab 100644 --- a/src/main/charts/bamboo/templates/statefulset.yaml +++ b/src/main/charts/bamboo/templates/statefulset.yaml @@ -74,15 +74,26 @@ spec: command: ["sh", "-c", {{ include "bamboo.sharedHome.permissionFix.command" . | quote }}] {{- end }} {{- include "common.jmx.initContainer" . | nindent 8 }} - {{- if .Values.bamboo.additionalCertificates.secretName }} + {{- if or .Values.bamboo.additionalCertificates.secretName .Values.bamboo.additionalCertificates.secretList }} - name: import-certs image: {{ include "bamboo.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: keystore mountPath: /var/ssl + {{- if.Values.bamboo.additionalCertificates.secretName }} - name: certs mountPath: /tmp/crt + {{- else }} + {{- range .Values.bamboo.additionalCertificates.secretList }} + {{- $secretName := .name }} + {{- range .keys }} + - name: {{ $secretName }} + mountPath: /tmp/crt/{{$secretName}}-{{ . }} + subPath: {{ . }} + {{- end }} + {{- end }} + {{- end }} command: ["/bin/bash"] args: ["-c", {{ include "bamboo.addCrtToKeystoreCmd" . }}] resources: diff --git a/src/main/charts/bamboo/values.yaml b/src/main/charts/bamboo/values.yaml index 50623b801..ca96b113c 100644 --- a/src/main/charts/bamboo/values.yaml +++ b/src/main/charts/bamboo/values.yaml @@ -971,7 +971,21 @@ bamboo: # -- Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates # additionalCertificates: + # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data + # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # secretName: + # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys + # from secret data need to be mounted as files to the init container + # + secretList: + #- name: self-signed-ca + # keys: + # - ca.crt + # - intermediate.crt + #- name: stg-intermediate + # keys: + # - stg.crt customCmd: initContainer: resources: {} diff --git a/src/main/charts/bitbucket/README.md b/src/main/charts/bitbucket/README.md index 70d15c63a..eee03a0b3 100644 --- a/src/main/charts/bitbucket/README.md +++ b/src/main/charts/bitbucket/README.md @@ -34,7 +34,9 @@ Kubernetes: `>=1.21.x-0` | atlassianAnalyticsAndSupport.analytics.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a JSON which DC products will read and send analytics events to Atlassian data pipelines | | atlassianAnalyticsAndSupport.helmValues.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a YAML file which can be optionally including to support.zip | | bitbucket.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bitbucket plugins that should be added to the Bitbucket container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bitbucket.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | +| bitbucket.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | | bitbucket.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bitbucket container. See https://hub.docker.com/r/atlassian/bitbucket for supported variables. | | bitbucket.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bitbucket JVM, e.g. system properties. | | bitbucket.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Bitbucket container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | @@ -64,7 +66,9 @@ Kubernetes: `>=1.21.x-0` | bitbucket.livenessProbe.initialDelaySeconds | int | `60` | Time to wait before starting the first probe | | bitbucket.livenessProbe.periodSeconds | int | `5` | How often (in seconds) the Bitbucket container liveness probe will run | | bitbucket.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the probe times out | -| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bitbucket.mesh.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | +| bitbucket.mesh.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | | bitbucket.mesh.additionalEnvironmentVariables | object | `{}` | Defines any additional environment variables to be passed to the Bitbucket mesh containers. | | bitbucket.mesh.additionalFiles | string | `nil` | Additional existing ConfigMaps and Secrets not managed by Helm that should be mounted into service container | | bitbucket.mesh.additionalInitContainers | object | `{}` | Additional initContainer definitions that will be added to all Bitbucket pods | diff --git a/src/main/charts/bitbucket/templates/_helpers.tpl b/src/main/charts/bitbucket/templates/_helpers.tpl index a655561ba..611d83cc6 100644 --- a/src/main/charts/bitbucket/templates/_helpers.tpl +++ b/src/main/charts/bitbucket/templates/_helpers.tpl @@ -315,12 +315,20 @@ Define additional hosts here to allow template overrides when used as a sub char {{- with .Values.volumes.additional }} {{- toYaml . | nindent 0 }} {{- end }} -{{- if .Values.bitbucket.additionalCertificates.secretName }} +{{- if or .Values.bitbucket.additionalCertificates.secretName .Values.bitbucket.additionalCertificates.secretList }} - name: keystore emptyDir: {} +{{- if .Values.bitbucket.additionalCertificates.secretName }} - name: certs secret: secretName: {{ .Values.bitbucket.additionalCertificates.secretName }} +{{- else }} +{{- range .Values.bitbucket.additionalCertificates.secretList }} +- name: {{ .name }} + secret: + secretName: {{ .name }} +{{- end }} +{{- end }} {{- end }} {{- if or .Values.atlassianAnalyticsAndSupport.analytics.enabled .Values.atlassianAnalyticsAndSupport.helmValues.enabled }} - name: helm-values diff --git a/src/main/charts/bitbucket/templates/statefulset-mesh.yaml b/src/main/charts/bitbucket/templates/statefulset-mesh.yaml index 2b977400d..a86c0d097 100644 --- a/src/main/charts/bitbucket/templates/statefulset-mesh.yaml +++ b/src/main/charts/bitbucket/templates/statefulset-mesh.yaml @@ -63,15 +63,26 @@ spec: {{- end }} {{- end }} {{- end }} - {{- if .Values.bitbucket.mesh.additionalCertificates.secretName }} + {{- if or .Values.bitbucket.mesh.additionalCertificates.secretName .Values.bitbucket.mesh.additionalCertificates.secretList }} - name: import-certs image: {{ .Values.bitbucket.mesh.image.repository }}:{{ .Values.bitbucket.mesh.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: keystore mountPath: /var/ssl + {{- if.Values.bitbucket.mesh.additionalCertificates.secretName }} - name: certs mountPath: /tmp/crt + {{- else }} + {{- range .Values.bitbucket.mesh.additionalCertificates.secretList }} + {{- $secretName := .name }} + {{- range .keys }} + - name: {{ $secretName }} + mountPath: /tmp/crt/{{$secretName}}-{{ . }} + subPath: {{ . }} + {{- end }} + {{- end }} + {{- end }} command: ["/bin/bash"] args: ["-c", {{ include "bitbucketMesh.addCrtToKeystoreCmd" . }}] resources: @@ -183,12 +194,20 @@ spec: - key: {{ .key }} path: {{ .key }} {{ end }} - {{- if .Values.bitbucket.mesh.additionalCertificates.secretName }} + {{- if or .Values.bitbucket.mesh.additionalCertificates.secretName .Values.bitbucket.mesh.additionalCertificates.secretList }} - name: keystore emptyDir: {} + {{- if .Values.bitbucket.mesh.additionalCertificates.secretName }} - name: certs secret: secretName: {{ .Values.bitbucket.mesh.additionalCertificates.secretName }} + {{- else }} + {{- range .Values.bitbucket.mesh.additionalCertificates.secretList }} + - name: {{ .name }} + secret: + secretName: {{ .name }} + {{- end }} + {{- end }} {{- end }} {{ include "common.jmx.config.volume" . | nindent 8 }} {{ include "bitbucket.mesh.volumeClaimTemplates" . | nindent 2 }} diff --git a/src/main/charts/bitbucket/templates/statefulset.yaml b/src/main/charts/bitbucket/templates/statefulset.yaml index 22927ba1d..522f6470f 100644 --- a/src/main/charts/bitbucket/templates/statefulset.yaml +++ b/src/main/charts/bitbucket/templates/statefulset.yaml @@ -86,15 +86,26 @@ spec: {{- end }} {{- end }} {{- include "common.jmx.initContainer" . | nindent 8 }} - {{- if .Values.bitbucket.additionalCertificates.secretName }} + {{- if or .Values.bitbucket.additionalCertificates.secretName .Values.bitbucket.additionalCertificates.secretList }} - name: import-certs image: {{ include "bitbucket.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: keystore mountPath: /var/ssl + {{- if.Values.bitbucket.additionalCertificates.secretName }} - name: certs mountPath: /tmp/crt + {{- else }} + {{- range .Values.bitbucket.additionalCertificates.secretList }} + {{- $secretName := .name }} + {{- range .keys }} + - name: {{ $secretName }} + mountPath: /tmp/crt/{{$secretName}}-{{ . }} + subPath: {{ . }} + {{- end }} + {{- end }} + {{- end }} command: ["/bin/bash"] args: ["-c", {{ include "bitbucket.addCrtToKeystoreCmd" . }}] resources: diff --git a/src/main/charts/bitbucket/values.yaml b/src/main/charts/bitbucket/values.yaml index 6c423f8f0..864035323 100644 --- a/src/main/charts/bitbucket/values.yaml +++ b/src/main/charts/bitbucket/values.yaml @@ -1127,7 +1127,21 @@ bitbucket: # -- Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates # additionalCertificates: + # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data + # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # secretName: + # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys + # from secret data need to be mounted as files to the init container + # + secretList: + #- name: self-signed-ca + # keys: + # - ca.crt + # - intermediate.crt + #- name: stg-intermediate + # keys: + # - stg.crt customCmd: initContainer: resources: {} @@ -1208,7 +1222,21 @@ bitbucket: # -- Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates # additionalCertificates: + # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data + # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # secretName: + # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys + # from secret data need to be mounted as files to the init container + # + secretList: + #- name: self-signed-ca + # keys: + # - ca.crt + # - intermediate.crt + #- name: stg-intermediate + # keys: + # - stg.crt customCmd: initContainer: resources: {} diff --git a/src/main/charts/confluence/README.md b/src/main/charts/confluence/README.md index 3e2d40579..437422449 100644 --- a/src/main/charts/confluence/README.md +++ b/src/main/charts/confluence/README.md @@ -37,7 +37,9 @@ Kubernetes: `>=1.21.x-0` | confluence.accessLog.localHomeSubPath | string | `"logs"` | The subdirectory within the local-home volume where access logs should be stored. | | confluence.accessLog.mountPath | string | `"/opt/atlassian/confluence/logs"` | The path within the Confluence container where the local-home volume should be mounted in order to capture access logs. | | confluence.additionalBundledPlugins | list | `[]` | Specifies a list of additional Confluence plugins that should be added to the Confluence container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| confluence.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| confluence.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| confluence.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | +| confluence.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | | confluence.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Confluence container. See https://hub.docker.com/r/atlassian/confluence for supported variables. | | confluence.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Confluence JVM, e.g. system properties. | | confluence.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Confluence container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | @@ -189,7 +191,9 @@ Kubernetes: `>=1.21.x-0` | serviceAccount.name | string | `nil` | The name of the ServiceAccount to be used by the pods. If not specified, but the "serviceAccount.create" flag is set to 'true', then the ServiceAccount name will be auto-generated, otherwise the 'default' ServiceAccount will be used. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server | | serviceAccount.role.create | bool | `true` | Create a role for Hazelcast client with privileges to get and list pods and endpoints in the namespace. Set to false if you need to create a Role and RoleBinding manually | | serviceAccount.roleBinding | object | `{"create":true}` | Grant permissions defined in Role (list and get pods and endpoints) to a service account. | -| synchrony.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| synchrony.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| synchrony.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | +| synchrony.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | | synchrony.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Synchrony JVM, e.g. system properties. | | synchrony.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Synchrony container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | | synchrony.additionalPorts | list | `[]` | Defines any additional ports for the Synchrony container. | diff --git a/src/main/charts/confluence/templates/_helpers.tpl b/src/main/charts/confluence/templates/_helpers.tpl index 86e1ae432..aa3f473ec 100644 --- a/src/main/charts/confluence/templates/_helpers.tpl +++ b/src/main/charts/confluence/templates/_helpers.tpl @@ -464,12 +464,20 @@ For each additional plugin declared, generate a volume mount that injects that l - key: seraph-config.xml path: seraph-config.xml {{- end }} -{{- if .Values.confluence.additionalCertificates.secretName }} +{{- if or .Values.confluence.additionalCertificates.secretName .Values.confluence.additionalCertificates.secretList }} - name: keystore emptyDir: {} +{{- if .Values.confluence.additionalCertificates.secretName }} - name: certs secret: secretName: {{ .Values.confluence.additionalCertificates.secretName }} +{{- else }} +{{- range .Values.confluence.additionalCertificates.secretList }} +- name: {{ .name }} + secret: + secretName: {{ .name }} +{{- end }} +{{- end }} {{- end }} {{- if or .Values.atlassianAnalyticsAndSupport.analytics.enabled .Values.atlassianAnalyticsAndSupport.helmValues.enabled }} - name: helm-values @@ -488,12 +496,20 @@ For each additional plugin declared, generate a volume mount that injects that l {{- with .Values.volumes.additionalSynchrony }} {{- toYaml . | nindent 0 }} {{- end }} -{{- if .Values.synchrony.additionalCertificates.secretName }} +{{- if or .Values.synchrony.additionalCertificates.secretName .Values.synchrony.additionalCertificates.secretList }} - name: keystore emptyDir: {} +{{- if .Values.synchrony.additionalCertificates.secretName }} - name: certs secret: secretName: {{ .Values.synchrony.additionalCertificates.secretName }} +{{- else }} +{{- range .Values.synchrony.additionalCertificates.secretList }} +- name: {{ .name }} + secret: + secretName: {{ .name }} +{{- end }} +{{- end }} {{- end }} {{- end }} diff --git a/src/main/charts/confluence/templates/statefulset-synchrony.yaml b/src/main/charts/confluence/templates/statefulset-synchrony.yaml index 53d3a64ea..7cb226dc5 100644 --- a/src/main/charts/confluence/templates/statefulset-synchrony.yaml +++ b/src/main/charts/confluence/templates/statefulset-synchrony.yaml @@ -47,7 +47,7 @@ spec: {{- end }} hostAliases: {{- include "confluence.additionalHosts" . | nindent 8 }} - {{- if .Values.synchrony.additionalCertificates.secretName }} + {{- if or .Values.synchrony.additionalCertificates.secretName .Values.synchrony.additionalCertificates.secretList }} initContainers: - name: import-certs image: {{ include "confluence.image" . | quote }} @@ -55,8 +55,19 @@ spec: volumeMounts: - name: keystore mountPath: /var/ssl + {{- if.Values.synchrony.additionalCertificates.secretName }} - name: certs mountPath: /tmp/crt + {{- else }} + {{- range .Values.synchrony.additionalCertificates.secretList }} + {{- $secretName := .name }} + {{- range .keys }} + - name: {{ $secretName }} + mountPath: /tmp/crt/{{$secretName}}-{{ . }} + subPath: {{ . }} + {{- end }} + {{- end }} + {{- end }} command: ["/bin/bash"] args: ["-c", {{ include "synchrony.addCrtToKeystoreCmd" . }}] resources: diff --git a/src/main/charts/confluence/templates/statefulset.yaml b/src/main/charts/confluence/templates/statefulset.yaml index f440e3816..22c18d541 100644 --- a/src/main/charts/confluence/templates/statefulset.yaml +++ b/src/main/charts/confluence/templates/statefulset.yaml @@ -98,15 +98,26 @@ spec: command: ["sh", "-c", {{ include "confluence.sharedHome.permissionFix.command" . | quote }}] {{- end }} {{- include "common.jmx.initContainer" . | nindent 8 }} - {{- if .Values.confluence.additionalCertificates.secretName }} + {{- if or .Values.confluence.additionalCertificates.secretName .Values.confluence.additionalCertificates.secretList }} - name: import-certs image: {{ include "confluence.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: keystore mountPath: /var/ssl + {{- if.Values.confluence.additionalCertificates.secretName }} - name: certs mountPath: /tmp/crt + {{- else }} + {{- range .Values.confluence.additionalCertificates.secretList }} + {{- $secretName := .name }} + {{- range .keys }} + - name: {{ $secretName }} + mountPath: /tmp/crt/{{$secretName}}-{{ . }} + subPath: {{ . }} + {{- end }} + {{- end }} + {{- end }} command: ["/bin/bash"] args: ["-c", {{ include "confluence.addCrtToKeystoreCmd" . }}] resources: diff --git a/src/main/charts/confluence/values.yaml b/src/main/charts/confluence/values.yaml index 163eed192..a2f5c18bb 100644 --- a/src/main/charts/confluence/values.yaml +++ b/src/main/charts/confluence/values.yaml @@ -1043,7 +1043,21 @@ confluence: # -- Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates # additionalCertificates: + # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data + # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # secretName: + # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys + # from secret data need to be mounted as files to the init container + # + secretList: + #- name: self-signed-ca + # keys: + # - ca.crt + # - intermediate.crt + #- name: stg-intermediate + # keys: + # - stg.crt customCmd: initContainer: resources: {} @@ -1346,7 +1360,21 @@ synchrony: # -- Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates # additionalCertificates: + # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data + # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # secretName: + # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys + # from secret data need to be mounted as files to the init container + # + secretList: + #- name: self-signed-ca + # keys: + # - ca.crt + # - intermediate.crt + #- name: stg-intermediate + # keys: + # - stg.crt customCmd: initContainer: resources: {} diff --git a/src/main/charts/crowd/README.md b/src/main/charts/crowd/README.md index 9b9338eea..4f4240f44 100644 --- a/src/main/charts/crowd/README.md +++ b/src/main/charts/crowd/README.md @@ -36,7 +36,9 @@ Kubernetes: `>=1.21.x-0` | crowd.accessLog.localHomeSubPath | string | `"logs"` | The subdirectory within the local-home volume where access logs should be stored. | | crowd.accessLog.mountPath | string | `"/opt/atlassian/crowd/apache-tomcat/logs"` | The path within the Crowd container where the local-home volume should be mounted in order to capture access logs. | | crowd.additionalBundledPlugins | list | `[]` | Specifies a list of additional Crowd plugins that should be added to the Crowd container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| crowd.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| crowd.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| crowd.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | +| crowd.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | | crowd.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Crowd container. See https://hub.docker.com/r/atlassian/crowd for supported variables. | | crowd.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Crowd JVM, e.g. system properties. | | crowd.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Crowd container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | diff --git a/src/main/charts/crowd/templates/_helpers.tpl b/src/main/charts/crowd/templates/_helpers.tpl index 112d46790..3527b017b 100644 --- a/src/main/charts/crowd/templates/_helpers.tpl +++ b/src/main/charts/crowd/templates/_helpers.tpl @@ -250,12 +250,20 @@ For each additional plugin declared, generate a volume mount that injects that l {{- with .Values.volumes.additional }} {{- toYaml . | nindent 0 }} {{- end }} -{{- if .Values.crowd.additionalCertificates.secretName }} +{{- if or .Values.crowd.additionalCertificates.secretName .Values.crowd.additionalCertificates.secretList }} - name: keystore emptyDir: {} +{{- if .Values.crowd.additionalCertificates.secretName }} - name: certs secret: secretName: {{ .Values.crowd.additionalCertificates.secretName }} +{{- else }} +{{- range .Values.crowd.additionalCertificates.secretList }} +- name: {{ .name }} + secret: + secretName: {{ .name }} +{{- end }} +{{- end }} {{- end }} {{- if or .Values.atlassianAnalyticsAndSupport.analytics.enabled .Values.atlassianAnalyticsAndSupport.helmValues.enabled }} - name: helm-values diff --git a/src/main/charts/crowd/templates/statefulset.yaml b/src/main/charts/crowd/templates/statefulset.yaml index b22e2ca53..e7012304b 100644 --- a/src/main/charts/crowd/templates/statefulset.yaml +++ b/src/main/charts/crowd/templates/statefulset.yaml @@ -79,15 +79,26 @@ spec: command: ["sh", "-c", {{ include "crowd.sharedHome.permissionFix.command" . | quote }}] {{- end }} {{- include "common.jmx.initContainer" . | nindent 8 }} - {{- if .Values.crowd.additionalCertificates.secretName }} + {{- if or .Values.crowd.additionalCertificates.secretName .Values.crowd.additionalCertificates.secretList }} - name: import-certs image: {{ include "crowd.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: keystore mountPath: /var/ssl + {{- if.Values.crowd.additionalCertificates.secretName }} - name: certs mountPath: /tmp/crt + {{- else }} + {{- range .Values.crowd.additionalCertificates.secretList }} + {{- $secretName := .name }} + {{- range .keys }} + - name: {{ $secretName }} + mountPath: /tmp/crt/{{$secretName}}-{{ . }} + subPath: {{ . }} + {{- end }} + {{- end }} + {{- end }} command: ["/bin/bash"] args: ["-c", {{ include "crowd.addCrtToKeystoreCmd" . }}] resources: diff --git a/src/main/charts/crowd/values.yaml b/src/main/charts/crowd/values.yaml index ce8e26c02..99c8b00e2 100644 --- a/src/main/charts/crowd/values.yaml +++ b/src/main/charts/crowd/values.yaml @@ -449,7 +449,21 @@ crowd: # -- Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates # additionalCertificates: + # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data + # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # secretName: + # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys + # from secret data need to be mounted as files to the init container + # + secretList: + #- name: self-signed-ca + # keys: + # - ca.crt + # - intermediate.crt + #- name: stg-intermediate + # keys: + # - stg.crt customCmd: initContainer: resources: {} diff --git a/src/main/charts/jira/README.md b/src/main/charts/jira/README.md index 327028835..7044f7d8d 100644 --- a/src/main/charts/jira/README.md +++ b/src/main/charts/jira/README.md @@ -70,7 +70,10 @@ Kubernetes: `>=1.21.x-0` | jira.accessLog.localHomeSubPath | string | `"log"` | The subdirectory within the local-home volume where access logs should be stored. | | jira.accessLog.mountPath | string | `"/opt/atlassian/jira/logs"` | The path within the Jira container where the local-home volume should be mounted in order to capture access logs. | | jira.additionalBundledPlugins | list | `[]` | Specifies a list of additional Jira plugins that should be added to the Jira container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| jira.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| jira.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| jira.additionalCertificates.initContainer.resources | object | `{}` | Resources requests and limits for the import-certs init container | +| jira.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | +| jira.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | | jira.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Jira container. See https://hub.docker.com/r/atlassian/jira-software for supported variables. | | jira.additionalJvmArgs | list | `[]` | | | jira.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Jira container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | diff --git a/src/main/charts/jira/templates/_helpers.tpl b/src/main/charts/jira/templates/_helpers.tpl index d32f3dd22..4419ddf9e 100644 --- a/src/main/charts/jira/templates/_helpers.tpl +++ b/src/main/charts/jira/templates/_helpers.tpl @@ -174,7 +174,7 @@ on Tomcat's logs directory. THis ensures that Tomcat+Jira logs get captured in t mountPath: /opt/atlassian/jira/atlassian-jira/WEB-INF/classes/seraph-config.xml subPath: seraph-config.xml {{- end }} -{{- if .Values.jira.additionalCertificates.secretName }} +{{- if or .Values.jira.additionalCertificates.secretName .Values.jira.additionalCertificates.secretList }} - name: keystore mountPath: /var/ssl {{- end }} @@ -296,12 +296,20 @@ For each additional plugin declared, generate a volume mount that injects that l - key: seraph-config.xml path: seraph-config.xml {{- end }} -{{- if .Values.jira.additionalCertificates.secretName }} +{{- if or .Values.jira.additionalCertificates.secretName .Values.jira.additionalCertificates.secretList }} - name: keystore emptyDir: {} +{{- if .Values.jira.additionalCertificates.secretName }} - name: certs secret: secretName: {{ .Values.jira.additionalCertificates.secretName }} +{{- else }} +{{- range .Values.jira.additionalCertificates.secretList }} +- name: {{ .name }} + secret: + secretName: {{ .name }} +{{- end }} +{{- end }} {{- end }} {{- if or .Values.atlassianAnalyticsAndSupport.analytics.enabled .Values.atlassianAnalyticsAndSupport.helmValues.enabled }} - name: helm-values diff --git a/src/main/charts/jira/templates/statefulset.yaml b/src/main/charts/jira/templates/statefulset.yaml index 7646484e7..eaf5652db 100644 --- a/src/main/charts/jira/templates/statefulset.yaml +++ b/src/main/charts/jira/templates/statefulset.yaml @@ -79,15 +79,26 @@ spec: command: ["sh", "-c", {{ include "jira.sharedHome.permissionFix.command" . | quote }}] {{- end }} {{- include "common.jmx.initContainer" . | nindent 8 }} - {{- if .Values.jira.additionalCertificates.secretName }} + {{- if or .Values.jira.additionalCertificates.secretName .Values.jira.additionalCertificates.secretList }} - name: import-certs image: {{ include "jira.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: keystore mountPath: /var/ssl + {{- if.Values.jira.additionalCertificates.secretName }} - name: certs mountPath: /tmp/crt + {{- else }} + {{- range .Values.jira.additionalCertificates.secretList }} + {{- $secretName := .name }} + {{- range .keys }} + - name: {{ $secretName }} + mountPath: /tmp/crt/{{$secretName}}-{{ . }} + subPath: {{ . }} + {{- end }} + {{- end }} + {{- end }} command: ["/bin/bash"] args: ["-c", {{ include "jira.addCrtToKeystoreCmd" . }}] resources: diff --git a/src/main/charts/jira/values.yaml b/src/main/charts/jira/values.yaml index e4f759cf8..d5553f817 100644 --- a/src/main/charts/jira/values.yaml +++ b/src/main/charts/jira/values.yaml @@ -868,9 +868,25 @@ jira: # -- Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates # additionalCertificates: + # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data + # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # secretName: + # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys + # from secret data need to be mounted as files to the init container + # + secretList: + #- name: self-signed-ca + # keys: + # - ca.crt + # - intermediate.crt + #- name: stg-intermediate + # keys: + # - stg.crt customCmd: initContainer: + # -- Resources requests and limits for the import-certs init container + # resources: {} # Monitoring diff --git a/src/test/java/test/AdditionalCertificatesTest.java b/src/test/java/test/AdditionalCertificatesTest.java index d4bc514cf..60770ac0c 100644 --- a/src/test/java/test/AdditionalCertificatesTest.java +++ b/src/test/java/test/AdditionalCertificatesTest.java @@ -257,4 +257,124 @@ void additional_certificates_bitbucket_mesh_init_resources(Product product) thro assertThat(statefulSet.getInitContainers().get(0).path("resources").path("limits").path("memory")).hasTextEqualTo("1Gi"); assertThat(statefulSet.getInitContainers().get(0).path("resources").path("limits").path("cpu")).hasTextEqualTo("20m"); } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) + void additional_certificates_multi_volumes(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "volumes.sharedHome.persistentVolumeClaim.create", "true", + product.name() + ".additionalCertificates.secretList[0].name", "self-signed-ca", + product.name() + ".additionalCertificates.secretList[0].keys[0]", "ca.crt", + product.name() + ".additionalCertificates.secretList[0].keys[1]", "stg.crt" + + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName()); + assertThat(statefulSet.getVolume("keystore").get().path("emptyDir")).isEmpty(); + assertThat(statefulSet.getVolume("self-signed-ca").get().path("secret").path("secretName")).hasTextEqualTo("self-signed-ca"); + } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) + void additional_certificates_multi_volume_mounts(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "volumes.sharedHome.persistentVolumeClaim.create", "true", + product.name() + ".additionalCertificates.secretList[0].name", "self-signed-ca", + product.name() + ".additionalCertificates.secretList[0].keys[0]", "ca.crt", + product.name() + ".additionalCertificates.secretList[0].keys[1]", "stg.crt", + product.name() + ".additionalCertificates.secretList[1].name", "custom-ca", + product.name() + ".additionalCertificates.secretList[1].keys[0]", "custom.crt" + + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName()); + assertThat(statefulSet.getInitContainers().get(1).path("name")).hasTextEqualTo("import-certs"); + assertThat(statefulSet.getInitContainers().get(1).path("volumeMounts").path(1).get("name")).hasTextEqualTo("self-signed-ca"); + assertThat(statefulSet.getInitContainers().get(1).path("volumeMounts").path(1).get("mountPath")).hasTextEqualTo("/tmp/crt/self-signed-ca-ca.crt"); + assertThat(statefulSet.getInitContainers().get(1).path("volumeMounts").path(1).get("subPath")).hasTextEqualTo("ca.crt"); + assertThat(statefulSet.getInitContainers().get(1).path("volumeMounts").path(2).get("name")).hasTextEqualTo("self-signed-ca"); + assertThat(statefulSet.getInitContainers().get(1).path("volumeMounts").path(2).get("mountPath")).hasTextEqualTo("/tmp/crt/self-signed-ca-stg.crt"); + assertThat(statefulSet.getInitContainers().get(1).path("volumeMounts").path(2).get("subPath")).hasTextEqualTo("stg.crt"); + assertThat(statefulSet.getInitContainers().get(1).path("volumeMounts").path(3).get("name")).hasTextEqualTo("custom-ca"); + assertThat(statefulSet.getInitContainers().get(1).path("volumeMounts").path(3).get("mountPath")).hasTextEqualTo("/tmp/crt/custom-ca-custom.crt"); + assertThat(statefulSet.getInitContainers().get(1).path("volumeMounts").path(3).get("subPath")).hasTextEqualTo("custom.crt"); + } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"confluence"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificates_multi_volume_mounts_synchrony(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "synchrony.enabled", "true", + "synchrony.additionalCertificates.secretList[0].name", "self-signed-ca", + "synchrony.additionalCertificates.secretList[0].keys[0]", "ca.crt", + "synchrony.additionalCertificates.secretList[0].keys[1]", "stg.crt", + "synchrony.additionalCertificates.secretList[1].name", "custom-ca", + "synchrony.additionalCertificates.secretList[1].keys[0]", "custom.crt" + + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName() + "-synchrony"); + assertThat(statefulSet.getInitContainers().get(0).path("name")).hasTextEqualTo("import-certs"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(1).get("name")).hasTextEqualTo("self-signed-ca"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(1).get("mountPath")).hasTextEqualTo("/tmp/crt/self-signed-ca-ca.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(1).get("subPath")).hasTextEqualTo("ca.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(2).get("name")).hasTextEqualTo("self-signed-ca"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(2).get("mountPath")).hasTextEqualTo("/tmp/crt/self-signed-ca-stg.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(2).get("subPath")).hasTextEqualTo("stg.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(3).get("name")).hasTextEqualTo("custom-ca"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(3).get("mountPath")).hasTextEqualTo("/tmp/crt/custom-ca-custom.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(3).get("subPath")).hasTextEqualTo("custom.crt"); + } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"confluence"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificates_multi_volumes_synchrony(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "synchrony.enabled", "true", + "synchrony.additionalCertificates.secretList[0].name", "self-signed-ca", + "synchrony.additionalCertificates.secretList[0].keys[0]", "ca.crt", + "synchrony.additionalCertificates.secretList[0].keys[1]", "stg.crt" + + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName() + "-synchrony"); + assertThat(statefulSet.getVolume("keystore").get().path("emptyDir")).isEmpty(); + assertThat(statefulSet.getVolume("self-signed-ca").get().path("secret").path("secretName")).hasTextEqualTo("self-signed-ca"); + } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bitbucket"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificates_multi_volumes_mesh(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "bitbucket.mesh.enabled", "true", + product.name() + ".mesh.additionalCertificates.secretList[0].name", "self-signed-ca", + product.name() + ".mesh.additionalCertificates.secretList[0].keys[0]", "ca.crt", + product.name() + ".mesh.additionalCertificates.secretList[0].keys[1]", "stg.crt" + + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName() + "-mesh"); + assertThat(statefulSet.getVolume("keystore").get().path("emptyDir")).isEmpty(); + assertThat(statefulSet.getVolume("self-signed-ca").get().path("secret").path("secretName")).hasTextEqualTo("self-signed-ca"); + } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bitbucket"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificates_multi_volume_mounts_mesh(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "bitbucket.mesh.enabled", "true", + product.name() + ".mesh.additionalCertificates.secretList[0].name", "self-signed-ca", + product.name() + ".mesh.additionalCertificates.secretList[0].keys[0]", "ca.crt", + product.name() + ".mesh.additionalCertificates.secretList[0].keys[1]", "stg.crt", + product.name() + ".mesh.additionalCertificates.secretList[1].name", "custom-ca", + product.name() + ".mesh.additionalCertificates.secretList[1].keys[0]", "custom.crt" + + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName() + "-mesh"); + assertThat(statefulSet.getInitContainers().get(0).path("name")).hasTextEqualTo("import-certs"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(1).get("name")).hasTextEqualTo("self-signed-ca"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(1).get("mountPath")).hasTextEqualTo("/tmp/crt/self-signed-ca-ca.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(1).get("subPath")).hasTextEqualTo("ca.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(2).get("name")).hasTextEqualTo("self-signed-ca"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(2).get("mountPath")).hasTextEqualTo("/tmp/crt/self-signed-ca-stg.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(2).get("subPath")).hasTextEqualTo("stg.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(3).get("name")).hasTextEqualTo("custom-ca"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(3).get("mountPath")).hasTextEqualTo("/tmp/crt/custom-ca-custom.crt"); + assertThat(statefulSet.getInitContainers().get(0).path("volumeMounts").path(3).get("subPath")).hasTextEqualTo("custom.crt"); + } } From 893fece462c3a2c8bba2c3b51310206211c9d67f Mon Sep 17 00:00:00 2001 From: Yevhen Ivantsov Date: Thu, 8 Aug 2024 11:46:17 +1000 Subject: [PATCH 2/3] Update docs and tests --- docs/docs/userguide/CONFIGURATION.md | 7 +++---- src/main/charts/bamboo/README.md | 4 ++-- src/main/charts/bamboo/values.yaml | 6 +++--- src/main/charts/bitbucket/README.md | 8 ++++---- src/main/charts/bitbucket/values.yaml | 12 ++++++------ src/main/charts/confluence/README.md | 8 ++++---- src/main/charts/confluence/values.yaml | 12 ++++++------ src/main/charts/crowd/README.md | 4 ++-- src/main/charts/crowd/values.yaml | 6 +++--- src/main/charts/jira/README.md | 4 ++-- src/main/charts/jira/values.yaml | 6 +++--- .../expected_helm_output/bamboo/output.yaml | 1 + .../expected_helm_output/bitbucket/output.yaml | 2 ++ .../expected_helm_output/confluence/output.yaml | 2 ++ .../resources/expected_helm_output/crowd/output.yaml | 1 + .../resources/expected_helm_output/jira/output.yaml | 1 + 16 files changed, 45 insertions(+), 39 deletions(-) diff --git a/docs/docs/userguide/CONFIGURATION.md b/docs/docs/userguide/CONFIGURATION.md index 10dcb951e..78a1dc382 100644 --- a/docs/docs/userguide/CONFIGURATION.md +++ b/docs/docs/userguide/CONFIGURATION.md @@ -523,7 +523,7 @@ readinessProbe: ## :material-certificate: Self Signed Certificates -There are 2 ways to add self-signed certificates to the default Java truststore: from a single or multiple secrets. +There are 2 ways to add self-signed certificates to Java truststore: from a single secret or multiple secrets. === "From a single secret" * Create a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/){.external} containing base64-encoded certificate(s). Here's an example [kubectl command](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#use-source-files){.external} to create a secret from 2 local files: @@ -544,7 +544,7 @@ There are 2 ways to add self-signed certificates to the default Java truststore: !!!info "You can have as many keys (certificates) in the secret as required. All keys will be mounted as files to `/tmp/crt` in the container and imported into Java truststore. In the example above, certificates will be mounted as `/tmp/crt/stg.crt` and `/tmp/crt/dev.crt`. File extension in the secret keys does not matter as long as the file is a valid certificate." - * Provide the secret name in Helm values: + * Provide the secret name in Helm values (unlike the case with multiple secrets you don't need to provide secret keys): ```yaml jira: @@ -586,8 +586,7 @@ The product Helm chart will add additional `volumeMounts` and `volumes` to the p * copy the default Java cacerts to a runtime volume shared between the init container and the main container at `/var/ssl` * run [keytool -import](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html){.external} to import all certificates in `/tmp/crt` mounted from secret(s) to `/var/ssl/cacerts` - -`-Djavax.net.ssl.trustStore=/var/ssl/cacerts` system property will be automatically added to `JVM_SUPPORT_RECOMMENDED_ARGS` environment variable. +* `-Djavax.net.ssl.trustStore=/var/ssl/cacerts` system property will be automatically added to `JVM_SUPPORT_RECOMMENDED_ARGS` environment variable. If necessary, it is possible to override the default `keytool -import` command: diff --git a/src/main/charts/bamboo/README.md b/src/main/charts/bamboo/README.md index e4610fc25..28347cc32 100644 --- a/src/main/charts/bamboo/README.md +++ b/src/main/charts/bamboo/README.md @@ -35,8 +35,8 @@ Kubernetes: `>=1.21.x-0` | bamboo.accessLog.mountPath | string | `"/opt/atlassian/bamboo/logs"` | The path within the Bamboo container where the local-home volume should be mounted in order to capture access logs. | | bamboo.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bamboo plugins that should be added to the Bamboo container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | | bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| bamboo.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | -| bamboo.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | +| bamboo.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| bamboo.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | bamboo.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bamboo container. See https://hub.docker.com/r/atlassian/bamboo for supported variables. | | bamboo.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bamboo JVM, e.g. system properties. | | bamboo.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Bamboo container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | diff --git a/src/main/charts/bamboo/values.yaml b/src/main/charts/bamboo/values.yaml index ca96b113c..64bfd9b87 100644 --- a/src/main/charts/bamboo/values.yaml +++ b/src/main/charts/bamboo/values.yaml @@ -972,11 +972,11 @@ bamboo: # additionalCertificates: # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data - # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. # secretName: - # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys - # from secret data need to be mounted as files to the init container + # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. + # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # secretList: #- name: self-signed-ca diff --git a/src/main/charts/bitbucket/README.md b/src/main/charts/bitbucket/README.md index eee03a0b3..3085d581c 100644 --- a/src/main/charts/bitbucket/README.md +++ b/src/main/charts/bitbucket/README.md @@ -35,8 +35,8 @@ Kubernetes: `>=1.21.x-0` | atlassianAnalyticsAndSupport.helmValues.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a YAML file which can be optionally including to support.zip | | bitbucket.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bitbucket plugins that should be added to the Bitbucket container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | | bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| bitbucket.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | -| bitbucket.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | +| bitbucket.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| bitbucket.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | bitbucket.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bitbucket container. See https://hub.docker.com/r/atlassian/bitbucket for supported variables. | | bitbucket.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bitbucket JVM, e.g. system properties. | | bitbucket.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Bitbucket container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | @@ -67,8 +67,8 @@ Kubernetes: `>=1.21.x-0` | bitbucket.livenessProbe.periodSeconds | int | `5` | How often (in seconds) the Bitbucket container liveness probe will run | | bitbucket.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the probe times out | | bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| bitbucket.mesh.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | -| bitbucket.mesh.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | +| bitbucket.mesh.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| bitbucket.mesh.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | bitbucket.mesh.additionalEnvironmentVariables | object | `{}` | Defines any additional environment variables to be passed to the Bitbucket mesh containers. | | bitbucket.mesh.additionalFiles | string | `nil` | Additional existing ConfigMaps and Secrets not managed by Helm that should be mounted into service container | | bitbucket.mesh.additionalInitContainers | object | `{}` | Additional initContainer definitions that will be added to all Bitbucket pods | diff --git a/src/main/charts/bitbucket/values.yaml b/src/main/charts/bitbucket/values.yaml index 864035323..01526bbb9 100644 --- a/src/main/charts/bitbucket/values.yaml +++ b/src/main/charts/bitbucket/values.yaml @@ -1128,11 +1128,11 @@ bitbucket: # additionalCertificates: # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data - # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. # secretName: - # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys - # from secret data need to be mounted as files to the init container + # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. + # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # secretList: #- name: self-signed-ca @@ -1223,11 +1223,11 @@ bitbucket: # additionalCertificates: # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data - # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. # secretName: - # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys - # from secret data need to be mounted as files to the init container + # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. + # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # secretList: #- name: self-signed-ca diff --git a/src/main/charts/confluence/README.md b/src/main/charts/confluence/README.md index 437422449..38fc6ffff 100644 --- a/src/main/charts/confluence/README.md +++ b/src/main/charts/confluence/README.md @@ -38,8 +38,8 @@ Kubernetes: `>=1.21.x-0` | confluence.accessLog.mountPath | string | `"/opt/atlassian/confluence/logs"` | The path within the Confluence container where the local-home volume should be mounted in order to capture access logs. | | confluence.additionalBundledPlugins | list | `[]` | Specifies a list of additional Confluence plugins that should be added to the Confluence container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | | confluence.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| confluence.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | -| confluence.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | +| confluence.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| confluence.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | confluence.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Confluence container. See https://hub.docker.com/r/atlassian/confluence for supported variables. | | confluence.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Confluence JVM, e.g. system properties. | | confluence.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Confluence container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | @@ -192,8 +192,8 @@ Kubernetes: `>=1.21.x-0` | serviceAccount.role.create | bool | `true` | Create a role for Hazelcast client with privileges to get and list pods and endpoints in the namespace. Set to false if you need to create a Role and RoleBinding manually | | serviceAccount.roleBinding | object | `{"create":true}` | Grant permissions defined in Role (list and get pods and endpoints) to a service account. | | synchrony.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| synchrony.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | -| synchrony.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | +| synchrony.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| synchrony.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | synchrony.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Synchrony JVM, e.g. system properties. | | synchrony.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Synchrony container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | | synchrony.additionalPorts | list | `[]` | Defines any additional ports for the Synchrony container. | diff --git a/src/main/charts/confluence/values.yaml b/src/main/charts/confluence/values.yaml index a2f5c18bb..dad3aa25f 100644 --- a/src/main/charts/confluence/values.yaml +++ b/src/main/charts/confluence/values.yaml @@ -1044,11 +1044,11 @@ confluence: # additionalCertificates: # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data - # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. # secretName: - # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys - # from secret data need to be mounted as files to the init container + # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. + # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # secretList: #- name: self-signed-ca @@ -1361,11 +1361,11 @@ synchrony: # additionalCertificates: # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data - # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. # secretName: - # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys - # from secret data need to be mounted as files to the init container + # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. + # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # secretList: #- name: self-signed-ca diff --git a/src/main/charts/crowd/README.md b/src/main/charts/crowd/README.md index 4f4240f44..6a4ea3c7d 100644 --- a/src/main/charts/crowd/README.md +++ b/src/main/charts/crowd/README.md @@ -37,8 +37,8 @@ Kubernetes: `>=1.21.x-0` | crowd.accessLog.mountPath | string | `"/opt/atlassian/crowd/apache-tomcat/logs"` | The path within the Crowd container where the local-home volume should be mounted in order to capture access logs. | | crowd.additionalBundledPlugins | list | `[]` | Specifies a list of additional Crowd plugins that should be added to the Crowd container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | | crowd.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| crowd.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | -| crowd.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | +| crowd.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container | +| crowd.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | crowd.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Crowd container. See https://hub.docker.com/r/atlassian/crowd for supported variables. | | crowd.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Crowd JVM, e.g. system properties. | | crowd.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Crowd container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | diff --git a/src/main/charts/crowd/values.yaml b/src/main/charts/crowd/values.yaml index 99c8b00e2..adfa1f5cd 100644 --- a/src/main/charts/crowd/values.yaml +++ b/src/main/charts/crowd/values.yaml @@ -450,11 +450,11 @@ crowd: # additionalCertificates: # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data - # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. # secretName: - # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys - # from secret data need to be mounted as files to the init container + # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. + # It is mandatory to specify which keys from secret data need to be mounted as files to the init container # secretList: #- name: self-signed-ca diff --git a/src/main/charts/jira/README.md b/src/main/charts/jira/README.md index 7044f7d8d..a7215d114 100644 --- a/src/main/charts/jira/README.md +++ b/src/main/charts/jira/README.md @@ -72,8 +72,8 @@ Kubernetes: `>=1.21.x-0` | jira.additionalBundledPlugins | list | `[]` | Specifies a list of additional Jira plugins that should be added to the Jira container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | | jira.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | | jira.additionalCertificates.initContainer.resources | object | `{}` | Resources requests and limits for the import-certs init container | -| jira.additionalCertificates.secretList | string | `nil` | A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys from secret data need to be mounted as files to the init container | -| jira.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. | +| jira.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| jira.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | jira.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Jira container. See https://hub.docker.com/r/atlassian/jira-software for supported variables. | | jira.additionalJvmArgs | list | `[]` | | | jira.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Jira container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | diff --git a/src/main/charts/jira/values.yaml b/src/main/charts/jira/values.yaml index d5553f817..daf410304 100644 --- a/src/main/charts/jira/values.yaml +++ b/src/main/charts/jira/values.yaml @@ -869,11 +869,11 @@ jira: # additionalCertificates: # -- Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data - # will be treated as certificates to be added to Java truststore. When defined takes precedence over secretList. + # will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. # secretName: - # -- A list of secrets with a list of keys holding certificates to be added to Java truststore. It is mandatory to define which keys - # from secret data need to be mounted as files to the init container + # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. + # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # secretList: #- name: self-signed-ca diff --git a/src/test/resources/expected_helm_output/bamboo/output.yaml b/src/test/resources/expected_helm_output/bamboo/output.yaml index 4ca45bc5f..cf7856de7 100644 --- a/src/test/resources/expected_helm_output/bamboo/output.yaml +++ b/src/test/resources/expected_helm_output/bamboo/output.yaml @@ -95,6 +95,7 @@ data: customCmd: null initContainer: resources: {} + secretList: null secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] diff --git a/src/test/resources/expected_helm_output/bitbucket/output.yaml b/src/test/resources/expected_helm_output/bitbucket/output.yaml index c305d1df8..78092f2ab 100644 --- a/src/test/resources/expected_helm_output/bitbucket/output.yaml +++ b/src/test/resources/expected_helm_output/bitbucket/output.yaml @@ -105,6 +105,7 @@ data: customCmd: null initContainer: resources: {} + secretList: null secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] @@ -146,6 +147,7 @@ data: customCmd: null initContainer: resources: {} + secretList: null secretName: null additionalEnvironmentVariables: {} additionalFiles: null diff --git a/src/test/resources/expected_helm_output/confluence/output.yaml b/src/test/resources/expected_helm_output/confluence/output.yaml index 9a3f7330e..5e5b17f30 100644 --- a/src/test/resources/expected_helm_output/confluence/output.yaml +++ b/src/test/resources/expected_helm_output/confluence/output.yaml @@ -97,6 +97,7 @@ data: customCmd: null initContainer: resources: {} + secretList: null secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] @@ -320,6 +321,7 @@ data: customCmd: null initContainer: resources: {} + secretList: null secretName: null additionalJvmArgs: [] additionalLibraries: [] diff --git a/src/test/resources/expected_helm_output/crowd/output.yaml b/src/test/resources/expected_helm_output/crowd/output.yaml index c1eefe9ae..9e9b596a4 100644 --- a/src/test/resources/expected_helm_output/crowd/output.yaml +++ b/src/test/resources/expected_helm_output/crowd/output.yaml @@ -100,6 +100,7 @@ data: customCmd: null initContainer: resources: {} + secretList: null secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] diff --git a/src/test/resources/expected_helm_output/jira/output.yaml b/src/test/resources/expected_helm_output/jira/output.yaml index d1ff1389b..d2ae07321 100644 --- a/src/test/resources/expected_helm_output/jira/output.yaml +++ b/src/test/resources/expected_helm_output/jira/output.yaml @@ -138,6 +138,7 @@ data: customCmd: null initContainer: resources: {} + secretList: null secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] From ba21652ae0371ff21b2cf90fb437141ff2f833c0 Mon Sep 17 00:00:00 2001 From: Yevhen Ivantsov Date: Fri, 9 Aug 2024 11:56:52 +1000 Subject: [PATCH 3/3] Fix data type --- src/main/charts/bamboo/README.md | 4 ++-- src/main/charts/bamboo/values.yaml | 2 +- src/main/charts/bitbucket/README.md | 8 ++++---- src/main/charts/bitbucket/values.yaml | 4 ++-- src/main/charts/confluence/README.md | 8 ++++---- src/main/charts/confluence/values.yaml | 4 ++-- src/main/charts/crowd/README.md | 4 ++-- src/main/charts/crowd/values.yaml | 2 +- src/main/charts/jira/README.md | 4 ++-- src/main/charts/jira/values.yaml | 2 +- .../resources/expected_helm_output/bamboo/output.yaml | 2 +- .../resources/expected_helm_output/bitbucket/output.yaml | 4 ++-- .../resources/expected_helm_output/confluence/output.yaml | 4 ++-- src/test/resources/expected_helm_output/crowd/output.yaml | 2 +- src/test/resources/expected_helm_output/jira/output.yaml | 2 +- 15 files changed, 28 insertions(+), 28 deletions(-) diff --git a/src/main/charts/bamboo/README.md b/src/main/charts/bamboo/README.md index 28347cc32..4e56592ea 100644 --- a/src/main/charts/bamboo/README.md +++ b/src/main/charts/bamboo/README.md @@ -34,8 +34,8 @@ Kubernetes: `>=1.21.x-0` | bamboo.accessLog.localHomeSubPath | string | `"log"` | The subdirectory within the local-home volume where access logs should be stored. | | bamboo.accessLog.mountPath | string | `"/opt/atlassian/bamboo/logs"` | The path within the Bamboo container where the local-home volume should be mounted in order to capture access logs. | | bamboo.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bamboo plugins that should be added to the Bamboo container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| bamboo.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bamboo.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | | bamboo.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | bamboo.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bamboo container. See https://hub.docker.com/r/atlassian/bamboo for supported variables. | | bamboo.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bamboo JVM, e.g. system properties. | diff --git a/src/main/charts/bamboo/values.yaml b/src/main/charts/bamboo/values.yaml index 64bfd9b87..add470ff5 100644 --- a/src/main/charts/bamboo/values.yaml +++ b/src/main/charts/bamboo/values.yaml @@ -978,7 +978,7 @@ bamboo: # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # - secretList: + secretList: [] #- name: self-signed-ca # keys: # - ca.crt diff --git a/src/main/charts/bitbucket/README.md b/src/main/charts/bitbucket/README.md index 3085d581c..39edb3ee6 100644 --- a/src/main/charts/bitbucket/README.md +++ b/src/main/charts/bitbucket/README.md @@ -34,8 +34,8 @@ Kubernetes: `>=1.21.x-0` | atlassianAnalyticsAndSupport.analytics.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a JSON which DC products will read and send analytics events to Atlassian data pipelines | | atlassianAnalyticsAndSupport.helmValues.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a YAML file which can be optionally including to support.zip | | bitbucket.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bitbucket plugins that should be added to the Bitbucket container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| bitbucket.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bitbucket.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | | bitbucket.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | bitbucket.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bitbucket container. See https://hub.docker.com/r/atlassian/bitbucket for supported variables. | | bitbucket.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bitbucket JVM, e.g. system properties. | @@ -66,8 +66,8 @@ Kubernetes: `>=1.21.x-0` | bitbucket.livenessProbe.initialDelaySeconds | int | `60` | Time to wait before starting the first probe | | bitbucket.livenessProbe.periodSeconds | int | `5` | How often (in seconds) the Bitbucket container liveness probe will run | | bitbucket.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the probe times out | -| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| bitbucket.mesh.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bitbucket.mesh.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | | bitbucket.mesh.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | bitbucket.mesh.additionalEnvironmentVariables | object | `{}` | Defines any additional environment variables to be passed to the Bitbucket mesh containers. | | bitbucket.mesh.additionalFiles | string | `nil` | Additional existing ConfigMaps and Secrets not managed by Helm that should be mounted into service container | diff --git a/src/main/charts/bitbucket/values.yaml b/src/main/charts/bitbucket/values.yaml index 01526bbb9..a3b9a9c54 100644 --- a/src/main/charts/bitbucket/values.yaml +++ b/src/main/charts/bitbucket/values.yaml @@ -1134,7 +1134,7 @@ bitbucket: # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # - secretList: + secretList: [] #- name: self-signed-ca # keys: # - ca.crt @@ -1229,7 +1229,7 @@ bitbucket: # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # - secretList: + secretList: [] #- name: self-signed-ca # keys: # - ca.crt diff --git a/src/main/charts/confluence/README.md b/src/main/charts/confluence/README.md index 38fc6ffff..2ff8bd6a8 100644 --- a/src/main/charts/confluence/README.md +++ b/src/main/charts/confluence/README.md @@ -37,8 +37,8 @@ Kubernetes: `>=1.21.x-0` | confluence.accessLog.localHomeSubPath | string | `"logs"` | The subdirectory within the local-home volume where access logs should be stored. | | confluence.accessLog.mountPath | string | `"/opt/atlassian/confluence/logs"` | The path within the Confluence container where the local-home volume should be mounted in order to capture access logs. | | confluence.additionalBundledPlugins | list | `[]` | Specifies a list of additional Confluence plugins that should be added to the Confluence container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| confluence.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| confluence.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| confluence.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| confluence.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | | confluence.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | confluence.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Confluence container. See https://hub.docker.com/r/atlassian/confluence for supported variables. | | confluence.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Confluence JVM, e.g. system properties. | @@ -191,8 +191,8 @@ Kubernetes: `>=1.21.x-0` | serviceAccount.name | string | `nil` | The name of the ServiceAccount to be used by the pods. If not specified, but the "serviceAccount.create" flag is set to 'true', then the ServiceAccount name will be auto-generated, otherwise the 'default' ServiceAccount will be used. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server | | serviceAccount.role.create | bool | `true` | Create a role for Hazelcast client with privileges to get and list pods and endpoints in the namespace. Set to false if you need to create a Role and RoleBinding manually | | serviceAccount.roleBinding | object | `{"create":true}` | Grant permissions defined in Role (list and get pods and endpoints) to a service account. | -| synchrony.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| synchrony.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| synchrony.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| synchrony.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | | synchrony.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | synchrony.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Synchrony JVM, e.g. system properties. | | synchrony.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Synchrony container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | diff --git a/src/main/charts/confluence/values.yaml b/src/main/charts/confluence/values.yaml index dad3aa25f..7c8e6622b 100644 --- a/src/main/charts/confluence/values.yaml +++ b/src/main/charts/confluence/values.yaml @@ -1050,7 +1050,7 @@ confluence: # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # - secretList: + secretList: [] #- name: self-signed-ca # keys: # - ca.crt @@ -1367,7 +1367,7 @@ synchrony: # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # - secretList: + secretList: [] #- name: self-signed-ca # keys: # - ca.crt diff --git a/src/main/charts/crowd/README.md b/src/main/charts/crowd/README.md index 6a4ea3c7d..489ff101d 100644 --- a/src/main/charts/crowd/README.md +++ b/src/main/charts/crowd/README.md @@ -36,8 +36,8 @@ Kubernetes: `>=1.21.x-0` | crowd.accessLog.localHomeSubPath | string | `"logs"` | The subdirectory within the local-home volume where access logs should be stored. | | crowd.accessLog.mountPath | string | `"/opt/atlassian/crowd/apache-tomcat/logs"` | The path within the Crowd container where the local-home volume should be mounted in order to capture access logs. | | crowd.additionalBundledPlugins | list | `[]` | Specifies a list of additional Crowd plugins that should be added to the Crowd container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| crowd.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | -| crowd.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container | +| crowd.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| crowd.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container | | crowd.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | crowd.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Crowd container. See https://hub.docker.com/r/atlassian/crowd for supported variables. | | crowd.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Crowd JVM, e.g. system properties. | diff --git a/src/main/charts/crowd/values.yaml b/src/main/charts/crowd/values.yaml index adfa1f5cd..9d0ea1d92 100644 --- a/src/main/charts/crowd/values.yaml +++ b/src/main/charts/crowd/values.yaml @@ -456,7 +456,7 @@ crowd: # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. # It is mandatory to specify which keys from secret data need to be mounted as files to the init container # - secretList: + secretList: [] #- name: self-signed-ca # keys: # - ca.crt diff --git a/src/main/charts/jira/README.md b/src/main/charts/jira/README.md index a7215d114..0c2f01c60 100644 --- a/src/main/charts/jira/README.md +++ b/src/main/charts/jira/README.md @@ -70,9 +70,9 @@ Kubernetes: `>=1.21.x-0` | jira.accessLog.localHomeSubPath | string | `"log"` | The subdirectory within the local-home volume where access logs should be stored. | | jira.accessLog.mountPath | string | `"/opt/atlassian/jira/logs"` | The path within the Jira container where the local-home volume should be mounted in order to capture access logs. | | jira.additionalBundledPlugins | list | `[]` | Specifies a list of additional Jira plugins that should be added to the Jira container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| jira.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| jira.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretList":[],"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | | jira.additionalCertificates.initContainer.resources | object | `{}` | Resources requests and limits for the import-certs init container | -| jira.additionalCertificates.secretList | string | `nil` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | +| jira.additionalCertificates.secretList | list | `[]` | A list of secrets with their respective keys holding certificates to be added to the Java truststore. It is mandatory to specify which keys from secret data need to be mounted as files to the init container. | | jira.additionalCertificates.secretName | string | `nil` | Name of the Kubernetes secret with certificates in its data. All secret keys in the secret data will be treated as certificates to be added to Java truststore. If defined, this takes precedence over secretList. | | jira.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Jira container. See https://hub.docker.com/r/atlassian/jira-software for supported variables. | | jira.additionalJvmArgs | list | `[]` | | diff --git a/src/main/charts/jira/values.yaml b/src/main/charts/jira/values.yaml index daf410304..f40e1d9e7 100644 --- a/src/main/charts/jira/values.yaml +++ b/src/main/charts/jira/values.yaml @@ -875,7 +875,7 @@ jira: # -- A list of secrets with their respective keys holding certificates to be added to the Java truststore. # It is mandatory to specify which keys from secret data need to be mounted as files to the init container. # - secretList: + secretList: [] #- name: self-signed-ca # keys: # - ca.crt diff --git a/src/test/resources/expected_helm_output/bamboo/output.yaml b/src/test/resources/expected_helm_output/bamboo/output.yaml index cf7856de7..4fda78842 100644 --- a/src/test/resources/expected_helm_output/bamboo/output.yaml +++ b/src/test/resources/expected_helm_output/bamboo/output.yaml @@ -95,7 +95,7 @@ data: customCmd: null initContainer: resources: {} - secretList: null + secretList: [] secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] diff --git a/src/test/resources/expected_helm_output/bitbucket/output.yaml b/src/test/resources/expected_helm_output/bitbucket/output.yaml index 78092f2ab..d8e9d6999 100644 --- a/src/test/resources/expected_helm_output/bitbucket/output.yaml +++ b/src/test/resources/expected_helm_output/bitbucket/output.yaml @@ -105,7 +105,7 @@ data: customCmd: null initContainer: resources: {} - secretList: null + secretList: [] secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] @@ -147,7 +147,7 @@ data: customCmd: null initContainer: resources: {} - secretList: null + secretList: [] secretName: null additionalEnvironmentVariables: {} additionalFiles: null diff --git a/src/test/resources/expected_helm_output/confluence/output.yaml b/src/test/resources/expected_helm_output/confluence/output.yaml index 5e5b17f30..c9adf60b2 100644 --- a/src/test/resources/expected_helm_output/confluence/output.yaml +++ b/src/test/resources/expected_helm_output/confluence/output.yaml @@ -97,7 +97,7 @@ data: customCmd: null initContainer: resources: {} - secretList: null + secretList: [] secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] @@ -321,7 +321,7 @@ data: customCmd: null initContainer: resources: {} - secretList: null + secretList: [] secretName: null additionalJvmArgs: [] additionalLibraries: [] diff --git a/src/test/resources/expected_helm_output/crowd/output.yaml b/src/test/resources/expected_helm_output/crowd/output.yaml index 9e9b596a4..90e043af5 100644 --- a/src/test/resources/expected_helm_output/crowd/output.yaml +++ b/src/test/resources/expected_helm_output/crowd/output.yaml @@ -100,7 +100,7 @@ data: customCmd: null initContainer: resources: {} - secretList: null + secretList: [] secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] diff --git a/src/test/resources/expected_helm_output/jira/output.yaml b/src/test/resources/expected_helm_output/jira/output.yaml index d2ae07321..20eb3e4c5 100644 --- a/src/test/resources/expected_helm_output/jira/output.yaml +++ b/src/test/resources/expected_helm_output/jira/output.yaml @@ -138,7 +138,7 @@ data: customCmd: null initContainer: resources: {} - secretList: null + secretList: [] secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: []