Skip to content

allow uuid being created and managed by kubernetes #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

allow uuid being created and managed by kubernetes #73

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
000623c
allow uuid being created and managed by kubernetes
colearendt May 10, 2022
0757251
Merge branch 'main' into close-39
willholley Dec 6, 2022
83c986f
Fix NOTES.txt syntax
willholley Dec 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions couchdb/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,17 @@ some required system databases:

Then it's time to relax.

{{- $uuidVar := index (.Values.couchdbConfig.couchdb | default dict) "uuid" -}}
{{- if (empty $uuidVar) }}
NOTE: You are using an auto-generated value for the Couch DB UUID
- We recommend making this value persistent by setting it in: `couchdbConfig.couchdb.uuid`
- Changing this value can cause problems for the Couch DB installation
- You can get the current value with:
```
kubectl -n {{ $.Release.Namespace }} get secret {{ include "couchdb.fullname" . }}-internal --template='{{print "{{" }}index .data "uuid" | base64decode{{ print "}}" }}'
```
{{- end }}

{{- $erlangCookie := .Values.erlangFlags.setcookie }}
{{- if (empty $erlangCookie) }}

Expand Down
22 changes: 20 additions & 2 deletions couchdb/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,26 @@ If serviceAccount.name is specified, use that, else use the couchdb instance nam
{{- end -}}

{{/*
Fail if couchdbConfig.couchdb.uuid is undefined
If couchdb UUID value is undefined:
- if the configmap already exists, look it up
- if not found or "dangerRegenerateAutomatedValues" is set, generate it
- otherwise use the previous value
Otherwise use what is defined in the chart

Also warn in NOTES.txt if this value is not persistent
*/}}
{{- define "couchdb.uuid" -}}
{{- required "A value for couchdbConfig.couchdb.uuid must be set" (.Values.couchdbConfig.couchdb | default dict).uuid -}}

{{- $uuidVar := index (.Values.couchdbConfig.couchdb | default dict) "uuid" -}}
{{- if (empty $uuidVar) }}
{{- $secretName := print (include "couchdb.fullname" .) "-internal" }}
{{- $currentSecret := lookup "v1" "Secret" $.Release.Namespace $secretName}}
{{- if and $currentSecret (not .Values.dangerRegenerateAutomatedValues ) }}
{{- $uuidVar = get $currentSecret.data "uuid" | b64dec }}
{{- else }}
{{- $uuidVar = uuidv4 -}}
{{- end }}
{{- end }}
{{- print $uuidVar -}}

{{- end -}}
15 changes: 14 additions & 1 deletion couchdb/templates/secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,17 @@ data:
{{- if .Values.adminHash }}
password.ini: {{ tpl (.Files.Get "password.ini") . | b64enc }}
{{- end -}}
{{- end -}}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ template "couchdb.fullname" . }}-internal
labels:
app: {{ template "couchdb.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
uuid: {{- include "couchdb.uuid" . }}
Comment on lines +23 to +34
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not convinced about adding another secret resource here. The secret values erlangCookie, cookieAuthSecret are similarly internal only. It seems like a good clarification to split internal/external secrets but that could be a separate PR (and likely major version bump).

Copy link
Contributor Author

@colearendt colearendt Jan 9, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy to tie this into the existing secret if you want 😄 I was mostly isolating because it is being used a bit differently than the other secret - in a somewhat "idempotent" type of fashion where we look up values from it / etc.

It's also a bit tricky whether you use data: or stringData: because it affects whether we need to base64 encode the value... although - this actually looks like it might be a bug. I'll do some more sanity checking. It may need to be another secret if we want to pass stringData as the verbatim value. Or we can use the existing secret and b64enc the value first.

Your call on preference here!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@willholley Thoughts on the right approach here? Would you prefer me to tie this into the existing secret?