From 4fd3c1f15ea01ec3c182652ea5b542da5360f1ff Mon Sep 17 00:00:00 2001 From: Matthieu ROBIN Date: Mon, 19 Feb 2024 12:14:49 +0100 Subject: [PATCH] [bitnami/tomcat] Add existing secret management (#23558) --- bitnami/tomcat/Chart.yaml | 2 +- bitnami/tomcat/README.md | 39 ++++++++++++++------------- bitnami/tomcat/templates/_helpers.tpl | 7 +++++ bitnami/tomcat/templates/_pod.tpl | 2 +- bitnami/tomcat/templates/secrets.yaml | 2 ++ bitnami/tomcat/values.yaml | 3 +++ 6 files changed, 34 insertions(+), 21 deletions(-) diff --git a/bitnami/tomcat/Chart.yaml b/bitnami/tomcat/Chart.yaml index 77b8f25ff3..921167ff7e 100644 --- a/bitnami/tomcat/Chart.yaml +++ b/bitnami/tomcat/Chart.yaml @@ -35,4 +35,4 @@ maintainers: name: tomcat sources: - https://github.com/bitnami/charts/tree/main/bitnami/tomcat -version: 10.14.0 +version: 10.15.0 diff --git a/bitnami/tomcat/README.md b/bitnami/tomcat/README.md index 03a9d7dad9..558447c2ea 100644 --- a/bitnami/tomcat/README.md +++ b/bitnami/tomcat/README.md @@ -79,25 +79,26 @@ The command removes all the Kubernetes components associated with the chart and ### Tomcat parameters -| Name | Description | Value | -| ------------------------------ | ------------------------------------------------------------------------------------------------------ | ------------------------ | -| `image.registry` | Tomcat image registry | `REGISTRY_NAME` | -| `image.repository` | Tomcat image repository | `REPOSITORY_NAME/tomcat` | -| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `tomcatUsername` | Tomcat admin user | `user` | -| `tomcatPassword` | Tomcat admin password | `""` | -| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` | -| `catalinaOpts` | Java runtime option used by tomcat JVM | `""` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Extra environment variables to be set on Tomcat container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | +| Name | Description | Value | +| ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `image.registry` | Tomcat image registry | `REGISTRY_NAME` | +| `image.repository` | Tomcat image repository | `REPOSITORY_NAME/tomcat` | +| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `tomcatUsername` | Tomcat admin user | `user` | +| `tomcatPassword` | Tomcat admin password | `""` | +| `existingSecret` | Use existing secret for password details (`tomcatPassword` will be ignored and picked up from this secret). The secret has to contain the key `tomcat-password` | `""` | +| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` | +| `catalinaOpts` | Java runtime option used by tomcat JVM | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraEnvVars` | Extra environment variables to be set on Tomcat container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | ### Tomcat deployment parameters diff --git a/bitnami/tomcat/templates/_helpers.tpl b/bitnami/tomcat/templates/_helpers.tpl index eda7739b4b..5298efd362 100644 --- a/bitnami/tomcat/templates/_helpers.tpl +++ b/bitnami/tomcat/templates/_helpers.tpl @@ -47,6 +47,13 @@ Return the proper Docker Image Registry Secret Names {{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.jmx.image) "global" .Values.global) -}} {{- end -}} +{{/* +Return the Tomcat credential secret name +*/}} +{{- define "tomcat.secretName" -}} +{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} +{{- end -}} + {{/* Check if there are rolling tags in the images */}} diff --git a/bitnami/tomcat/templates/_pod.tpl b/bitnami/tomcat/templates/_pod.tpl index 4e45386582..81d81f8625 100644 --- a/bitnami/tomcat/templates/_pod.tpl +++ b/bitnami/tomcat/templates/_pod.tpl @@ -82,7 +82,7 @@ containers: - name: TOMCAT_PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }} + name: {{ include "tomcat.secretName" . }} key: tomcat-password - name: TOMCAT_ALLOW_REMOTE_MANAGEMENT value: {{ .Values.tomcatAllowRemoteManagement | quote }} diff --git a/bitnami/tomcat/templates/secrets.yaml b/bitnami/tomcat/templates/secrets.yaml index 16784b160c..e4521f84a7 100644 --- a/bitnami/tomcat/templates/secrets.yaml +++ b/bitnami/tomcat/templates/secrets.yaml @@ -3,6 +3,7 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} +{{- if not .Values.existingSecret }} apiVersion: v1 kind: Secret metadata: @@ -15,3 +16,4 @@ metadata: type: Opaque data: tomcat-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "tomcat-password" "providedValues" (list "tomcatPassword") "length" 10 "strong" false "context" $) }} +{{- end }} \ No newline at end of file diff --git a/bitnami/tomcat/values.yaml b/bitnami/tomcat/values.yaml index db9756765b..d8653d6e88 100644 --- a/bitnami/tomcat/values.yaml +++ b/bitnami/tomcat/values.yaml @@ -92,6 +92,9 @@ tomcatUsername: user ## ref: https://github.com/bitnami/containers/tree/main/bitnami/tomcat#creating-a-custom-user ## tomcatPassword: "" +## @param existingSecret Use existing secret for password details (`tomcatPassword` will be ignored and picked up from this secret). The secret has to contain the key `tomcat-password` +## +existingSecret: "" ## @param tomcatAllowRemoteManagement Enable remote access to management interface ## ref: https://github.com/bitnami/charts/tree/main/bitnami/tomcat#configuration ##