adding ability to use an existing Secret for s3

2023-11-21 12:34:37 +01:00
parent 322e783525
commit 0510682908
6 changed files with 95 additions and 8 deletions
--- a/k8s/charts/seaweedfs/templates/filer-statefulset.yaml
+++ b/k8s/charts/seaweedfs/templates/filer-statefulset.yaml
@@ -195,9 +195,11 @@ spec:
            - name: seaweedfs-filer-log-volume
              mountPath: "/logs/"
            {{- end }}
+            {{- if .Values.filer.s3.enableAuth }}
            - mountPath: /etc/sw
              name: config-users
              readOnly: true
+            {{- end }}
            {{- if (or .Values.filer.enablePVC (or (eq .Values.filer.data.type "hostPath") (eq .Values.filer.data.type "persistentVolumeClaim"))) }}
            - name: data-filer
              mountPath: /data
@@ -285,10 +287,16 @@ spec:
        - name: db-schema-config-volume
          configMap:
            name: seaweedfs-db-init-config
+        {{- if .Values.filer.s3.enableAuth }}
        - name: config-users
          secret:
            defaultMode: 420
+            {{- if .Values.filer.s3.existingConfigSecret }}
+            secretName: {{ .Values.s3.existingConfigSecret }}
+            {{- else }}
            secretName: seaweedfs-s3-secret
+            {{- end }}
+        {{- end }}
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
--- a/k8s/charts/seaweedfs/templates/s3-deployment.yaml
+++ b/k8s/charts/seaweedfs/templates/s3-deployment.yaml
@@ -121,9 +121,11 @@ spec:
            - name: logs
              mountPath: "/logs/"
            {{- end }}
+            {{- if .Values.s3.enableAuth }}
            - mountPath: /etc/sw
              name: config-users
              readOnly: true
+            {{- end }}
            {{- if .Values.global.enableSecurity }}
            - name: security-config
              readOnly: true
@@ -182,10 +184,16 @@ spec:
            {{ tpl .Values.s3.resources . | nindent 12 | trim }}
          {{- end }}
      volumes:
+        {{- if .Values.s3.enableAuth }}
        - name: config-users
          secret:
            defaultMode: 420
+            {{- if .Values.filer.s3.existingConfigSecret }}
+            secretName: {{ .Values.s3.existingConfigSecret }}
+            {{- else }}
            secretName: seaweedfs-s3-secret
+            {{- end }}
+        {{- end }}
        {{- if eq .Values.s3.logs.type "hostPath" }}
        - name: logs
          hostPath:
--- a/k8s/charts/seaweedfs/templates/seaweedfs-s3-secret.yaml
+++ b/k8s/charts/seaweedfs/templates/seaweedfs-s3-secret.yaml
@@ -1,4 +1,4 @@
-{{- if not (or .Values.filer.s3.skipAuthSecretCreation .Values.s3.skipAuthSecretCreation) }}
+{{- if not (or .Values.filer.s3.skipAuthSecretCreation .Values.s3.skipAuthSecretCreation .Values.s3.existingConfigSecret ) }}
 {{- $access_key_admin := randAlphaNum 16 -}}
 {{- $secret_key_admin := randAlphaNum 32 -}}
 {{- $access_key_read := randAlphaNum 16 -}}
@@ -32,4 +32,4 @@ stringData:
  s3_auditLogConfig.json: |
    {{ toJson .Values.s3.auditLogConfig | nindent 4 }}
  {{- end }}
-{{- end }}
+{{- end }}