964a8f5fde
* Allow user to define admin access and secret key via values * Add comments to values.yaml * Add support for read for consistency * Simplify templating * Add checksum to s3 config * Update comments * Revert "Add checksum to s3 config" This reverts commit d21a7038a86ae2adf547730b2cb6f455dcd4ce70.
58 lines
3.3 KiB
YAML
58 lines
3.3 KiB
YAML
{{- if or (and (or .Values.s3.enabled .Values.allInOne.enabled) .Values.s3.enableAuth (not .Values.s3.existingConfigSecret)) (and .Values.filer.s3.enabled .Values.filer.s3.enableAuth (not .Values.filer.s3.existingConfigSecret)) }}
|
|
{{- $secretName := printf "%s-s3-secret" (include "seaweedfs.fullname" .) }}
|
|
{{- $legacySecretName := "seaweedfs-s3-secret" }}
|
|
{{- $lookupName := $secretName }}
|
|
{{- if .Values.s3.reuseLegacySecret }}
|
|
{{- $lookupName = default $legacySecretName .Values.s3.legacySecretName }}
|
|
{{- end }}
|
|
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace $lookupName }}
|
|
{{- $reuse := false }}
|
|
{{- if and .Values.s3.reuseLegacySecret $existingSecret }}
|
|
{{- $reuse = true }}
|
|
{{- end }}
|
|
{{- $creds := .Values.s3.credentials | default dict -}}
|
|
{{- $adminCreds := $creds.admin | default dict -}}
|
|
{{- $access_key_admin := $adminCreds.accessKey -}}
|
|
{{- $secret_key_admin := $adminCreds.secretKey -}}
|
|
{{- if not (and $access_key_admin $secret_key_admin) -}}
|
|
{{- $access_key_admin = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
|
|
{{- $secret_key_admin = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
|
|
{{- end -}}
|
|
{{- $readCreds := $creds.read | default dict -}}
|
|
{{- $access_key_read := $readCreds.accessKey -}}
|
|
{{- $secret_key_read := $readCreds.secretKey -}}
|
|
{{- if not (and $access_key_read $secret_key_read) -}}
|
|
{{- $access_key_read = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
|
|
{{- $secret_key_read = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
|
|
{{- end -}}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
type: Opaque
|
|
metadata:
|
|
name: {{ $secretName }}
|
|
namespace: {{ .Release.Namespace }}
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
"helm.sh/hook": "pre-install,pre-upgrade"
|
|
labels:
|
|
app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
|
|
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/component: s3
|
|
stringData:
|
|
admin_access_key_id: {{ $access_key_admin }}
|
|
admin_secret_access_key: {{ $secret_key_admin }}
|
|
read_access_key_id: {{ $access_key_read }}
|
|
read_secret_access_key: {{ $secret_key_read }}
|
|
seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"{{ $access_key_admin }}","secretKey":"{{ $secret_key_admin }}"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"{{ $access_key_read }}","secretKey":"{{ $secret_key_read }}"}],"actions":["Read"]}]}'
|
|
{{- if .Values.filer.s3.auditLogConfig }}
|
|
filer_s3_auditLogConfig.json: |
|
|
{{ toJson .Values.filer.s3.auditLogConfig | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.s3.auditLogConfig }}
|
|
s3_auditLogConfig.json: |
|
|
{{ toJson .Values.s3.auditLogConfig | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|