From 73c8e486aca36ee801bfab3aff32401f84487932 Mon Sep 17 00:00:00 2001 From: Nick Stogner Date: Sun, 10 Apr 2022 21:19:28 -0400 Subject: [PATCH] Add .spec.kubeConfig.secretRef.key Signed-off-by: Nick Stogner --- api/v2beta1/helmrelease_types.go | 11 ++++- api/v2beta1/zz_generated.deepcopy.go | 15 ++++++ .../helm.toolkit.fluxcd.io_helmreleases.yaml | 20 ++++---- controllers/helmrelease_controller.go | 12 +++-- docs/api/helmrelease.md | 48 +++++++++++++++++-- 5 files changed, 89 insertions(+), 17 deletions(-) diff --git a/api/v2beta1/helmrelease_types.go b/api/v2beta1/helmrelease_types.go index 11dd09e6a..e46fc3b3a 100644 --- a/api/v2beta1/helmrelease_types.go +++ b/api/v2beta1/helmrelease_types.go @@ -213,7 +213,7 @@ func (in HelmReleaseSpec) GetUninstall() Uninstall { // KubeConfig references a Kubernetes secret that contains a kubeconfig file. type KubeConfig struct { - // SecretRef holds the name to a secret that contains a 'value' key with + // SecretRef holds the name to a secret that contains // the kubeconfig file as the value. It must be in the same namespace as // the HelmRelease. // It is recommended that the kubeconfig is self-contained, and the secret @@ -222,7 +222,14 @@ type KubeConfig struct { // binaries and credentials to the Pod that is responsible for reconciling // the HelmRelease. // +required - SecretRef meta.LocalObjectReference `json:"secretRef,omitempty"` + SecretRef SecretRef `json:"secretRef,omitempty"` +} + +type SecretRef struct { + // Name of the Secret. + Name string `json:"name"` + // Key in the Secret. If not specified it defaults to 'value'. + Key string `json:"key"` } // HelmChartTemplate defines the template from which the controller will diff --git a/api/v2beta1/zz_generated.deepcopy.go b/api/v2beta1/zz_generated.deepcopy.go index 7f8ba2992..ff663ea39 100644 --- a/api/v2beta1/zz_generated.deepcopy.go +++ b/api/v2beta1/zz_generated.deepcopy.go @@ -392,6 +392,21 @@ func (in *Rollback) DeepCopy() *Rollback { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretRef) DeepCopyInto(out *SecretRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRef. +func (in *SecretRef) DeepCopy() *SecretRef { + if in == nil { + return nil + } + out := new(SecretRef) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Test) DeepCopyInto(out *Test) { *out = *in diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index 2c4c6fa63..ae097cce7 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -245,18 +245,22 @@ spec: properties: secretRef: description: SecretRef holds the name to a secret that contains - a 'value' key with the kubeconfig file as the value. It must - be in the same namespace as the HelmRelease. It is recommended - that the kubeconfig is self-contained, and the secret is regularly - updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without - adding binaries and credentials to the Pod that is responsible - for reconciling the HelmRelease. + the kubeconfig file as the value. It must be in the same namespace + as the HelmRelease. It is recommended that the kubeconfig is + self-contained, and the secret is regularly updated if credentials + such as a cloud-access-token expire. Cloud specific `cmd-path` + auth helpers will not function without adding binaries and credentials + to the Pod that is responsible for reconciling the HelmRelease. properties: + key: + description: Key in the Secret. If not specified it defaults + to 'value'. + type: string name: - description: Name of the referent. + description: Name of the Secret. type: string required: + - key - name type: object type: object diff --git a/controllers/helmrelease_controller.go b/controllers/helmrelease_controller.go index c6804dcaa..22f8e3880 100644 --- a/controllers/helmrelease_controller.go +++ b/controllers/helmrelease_controller.go @@ -495,10 +495,14 @@ func (r *HelmReleaseReconciler) getRESTClientGetter(ctx context.Context, hr v2.H } var kubeConfig []byte - for k, _ := range secret.Data { - if k == "value" || k == "value.yaml" { - kubeConfig = secret.Data[k] - break + if refkey := hr.Spec.KubeConfig.SecretRef.Key; refkey != "" { + kubeConfig = secret.Data[refkey] + } else { + for k, _ := range secret.Data { + if k == "value" || k == "value.yaml" { + kubeConfig = secret.Data[k] + break + } } } diff --git a/docs/api/helmrelease.md b/docs/api/helmrelease.md index ee1ab6686..658c2ad19 100644 --- a/docs/api/helmrelease.md +++ b/docs/api/helmrelease.md @@ -1398,13 +1398,13 @@ no retries remain. Defaults to ‘false’.

secretRef
- -github.com/fluxcd/pkg/apis/meta.LocalObjectReference + +SecretRef -

SecretRef holds the name to a secret that contains a ‘value’ key with +

SecretRef holds the name to a secret that contains the kubeconfig file as the value. It must be in the same namespace as the HelmRelease. It is recommended that the kubeconfig is self-contained, and the secret @@ -1658,6 +1658,48 @@ rollback action when it fails.

+

SecretRef +

+

+(Appears on: +KubeConfig) +

+
+
+ + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +

Name of the Secret.

+
+key
+ +string + +		 +

Key in the Secret. If not specified it defaults to ‘value’.

+
+
+

Test