config: Deprecate secret key (#118)

* Remove secret key from documentation * remove secret key from test cases * update doc
observIQ · Apr 22, 2024 · 0995718 · 0995718
1 parent 59a9da1
commit 0995718
Show file tree

Hide file tree

Showing 13 changed files with 11 additions and 138 deletions.
diff --git a/README.md b/README.md
@@ -21,7 +21,6 @@ these options using a values file. See the [Chart documentation](./charts/bindpl
 The secret should have the following keys:
 - `username`: Basic auth username to use for the default admin user
 - `password`: Basic auth password to use for the default admin user
-- `secret_key`: Random UUIDv4 to use for authenticating OpAMP clients
 - `sessions_secret`: Random UUIDv4 used to derive web interface session tokens
 - `license`: Your BindPlane license key
 
@@ -31,7 +30,6 @@ Example: Create secret with `kubectl`:
 kubectl -n default create secret generic bindplane \
   --from-literal=username=myuser \
   --from-literal=password=mypassword \
-  --from-literal=secret_key=353753ca-ae48-40f9-9588-28cf86430910 \
   --from-literal=sessions_secret=d9425db6-c4ee-4769-9c1f-a66987679e90 \
   --from-literal=license=your_license_key
 ```

diff --git a/charts/bindplane/Chart.yaml b/charts/bindplane/Chart.yaml
@@ -3,7 +3,7 @@ name: bindplane
 description: BindPlane OP is an observability pipeline.
 type: application
 # The chart's version
-version: 1.8.0
+version: 1.9.0
 # The BindPlane OP tagged release. If the user does not
 # set the `image.tag` values option, this version is used.
 appVersion: 1.53.0

diff --git a/charts/bindplane/README.md b/charts/bindplane/README.md
@@ -1,6 +1,6 @@
 # bindplane
 
-![Version: 1.7.5](https://img.shields.io/badge/Version-1.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.53.0](https://img.shields.io/badge/AppVersion-1.53.0-informational?style=flat-square)
+![Version: 1.9.0](https://img.shields.io/badge/Version-1.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.53.0](https://img.shields.io/badge/AppVersion-1.53.0-informational?style=flat-square)
 
 BindPlane OP is an observability pipeline.
 
@@ -54,18 +54,14 @@ BindPlane OP is an observability pipeline.
 | config.password | string | `""` | Password to use. Overrides `config.secret`. |
 | config.remote_url | string | `""` | URI used by agents to communicate with BindPlane using OpAMP. NOTE: This value is not used in BindPlane OP v1.15.0 and newer.  It will eventually be removed when support for older versions of BindPlane is removed from this chart. |
 | config.secret | string | `"bindplane"` | Name of the Kubernetes secret which contains the `username`, `password`, `secret_key`, `sessions_secret`, and `license` configuration options. |
-| config.secret_key | string | `""` | Secret Key to use. Overrides `config.secret`. |
+| config.secret_key | string | `""` | DEPRECATED: New deployments should leave this option unset. |
 | config.server_url | string | `""` | URI used by clients to communicate with BindPlane. |
 | config.sessions_secret | string | `""` | Sessions Secret to use. Overrides `config.secret`. |
 | config.username | string | `""` | Username to use. Overrides `config.secret`. |
 | containerSecurityContext | object | `{"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534}` | The Container's securityContext: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container. |
 | dev.bindplane.auth.auth0.audience | string | `""` |  |
 | dev.bindplane.auth.auth0.clientID | string | `""` |  |
 | dev.bindplane.auth.auth0.domain | string | `""` |  |
-| dev.collector.create | bool | `false` |  |
-| dev.collector.image.name | string | `"ghcr.io/observiq/observiq-otel-collector"` |  |
-| dev.collector.image.tag | string | `"latest"` |  |
-| dev.collector.labels | string | `"configuration=test"` |  |
 | dev.namespace.create | bool | `false` |  |
 | dev.namespace.name | string | `""` |  |
 | dev.prometheus.create | bool | `false` |  |
@@ -111,6 +107,9 @@ BindPlane OP is an observability pipeline.
 | ingress.host | string | `nil` | Hostname to use when ingress is enabled. |
 | ingress.tls.enable | bool | `false` | Whether or not to enable ingress transport layer security (TLS). |
 | ingress.tls.secret | string | `""` | Name of the Kubernetes secret which contains the TLS certificate. This secret must be created and managed outside of the Helm chart. See the [ingress TLS documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for more details. |
+| jobs.resources.limits.memory | string | `"1000Mi"` | Memory limit. |
+| jobs.resources.requests.cpu | string | `"1000m"` | CPU request. |
+| jobs.resources.requests.memory | string | `"1000Mi"` | Memory request. |
 | multiAccount | bool | `false` | Whether or not to enable multi account (tenant). |
 | podSecurityContext | object | `{"fsGroup":65534}` | The Pod spec's securityContext: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod. |
 | prometheus.auth.password | string | `""` | Prometheus basic authentication password. |

diff --git a/charts/bindplane/templates/bindplane-jobs.yaml b/charts/bindplane/templates/bindplane-jobs.yaml
@@ -93,16 +93,10 @@ spec:
                   key: password
                   optional: false
               {{- end}}
+            {{- if .Values.config.secret_key }}
             - name: BINDPLANE_SECRET_KEY
-              {{- if  .Values.config.secret_key }}
               value: {{ .Values.config.secret_key }}
-              {{- else }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.config.secret }}
-                  key: secret_key
-                  optional: false
-              {{- end }}
+            {{- end }}
             - name: BINDPLANE_SESSION_SECRET
               {{- if  .Values.config.sessions_secret }}
               value: {{ .Values.config.sessions_secret }}

diff --git a/charts/bindplane/templates/bindplane.yaml b/charts/bindplane/templates/bindplane.yaml
@@ -108,16 +108,10 @@ spec:
                   key: password
                   optional: false
               {{- end}}
+            {{- if .Values.config.secret_key }}
             - name: BINDPLANE_SECRET_KEY
-              {{- if  .Values.config.secret_key }}
               value: {{ .Values.config.secret_key }}
-              {{- else }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.config.secret }}
-                  key: secret_key
-                  optional: false
-              {{- end }}
+            {{- end }}
             - name: BINDPLANE_SESSION_SECRET
               {{- if  .Values.config.sessions_secret }}
               value: {{ .Values.config.sessions_secret }}

diff --git a/charts/bindplane/templates/collector.yaml b/charts/bindplane/templates/collector.yaml
diff --git a/charts/bindplane/values.yaml b/charts/bindplane/values.yaml
@@ -274,7 +274,7 @@ config:
   username: ""
   # -- Password to use. Overrides `config.secret`.
   password: ""
-  # -- Secret Key to use. Overrides `config.secret`.
+  # -- DEPRECATED: New deployments should leave this option unset.
   secret_key: ""
   # -- Sessions Secret to use. Overrides `config.secret`.
   sessions_secret: ""
@@ -424,15 +424,6 @@ dev:
     # resources to the namespace. Helm or ArgoCD will need to be configured
     # to use this namespace.
     name: ""
-
-  # Manages a collector deployment for development purposes.
-  collector:
-    # Whether or not the collector should be deployed.
-    create: false
-    image:
-      name: ghcr.io/observiq/observiq-otel-collector
-      tag: latest
-    labels: "configuration=test"
 
   # DEPRECATED: Use the `prometheus` top level section instead.
   # Manages a prometheus deployment for development purposes. Production

diff --git a/test/cases/all/values.yaml b/test/cases/all/values.yaml
@@ -2,7 +2,6 @@
 config:
   username: bpuser
   password: bppass
-  secret_key: 12D8FB6E-1532-4A4C-97AF-95A430BE5E6E
   sessions_secret: 4484766F-5016-4077-B8E0-0DE1D637854B
   server_url: http://bindplane.local:3001
   remote_url: ws://bindplane.local:3001

diff --git a/test/cases/default/values.yaml b/test/cases/default/values.yaml
@@ -6,5 +6,4 @@ extraEnv:
 config:
   username: bpuser
   password: bppass
-  secret_key: 12D8FB6E-1532-4A4C-97AF-95A430BE5E6E
   sessions_secret: 4484766F-5016-4077-B8E0-0DE1D637854B
diff --git a/test/cases/image/values.yaml b/test/cases/image/values.yaml
@@ -2,7 +2,6 @@
 config:
   username: bpuser
   password: bppass
-  secret_key: 12D8FB6E-1532-4A4C-97AF-95A430BE5E6E
   sessions_secret: 4484766F-5016-4077-B8E0-0DE1D637854B
 
 # Image

diff --git a/test/cases/ingress/values.yaml b/test/cases/ingress/values.yaml
@@ -2,7 +2,6 @@
 config:
   username: bpuser
   password: bppass
-  secret_key: 12D8FB6E-1532-4A4C-97AF-95A430BE5E6E
   sessions_secret: 4484766F-5016-4077-B8E0-0DE1D637854B
   server_url: http://bindplane.local:80
   remote_url: ws://bindplane.local:80

diff --git a/test/cases/pubsub/values.yaml b/test/cases/pubsub/values.yaml
@@ -2,7 +2,6 @@
 config:
   username: bpuser
   password: bppass
-  secret_key: 12D8FB6E-1532-4A4C-97AF-95A430BE5E6E
   sessions_secret: 4484766F-5016-4077-B8E0-0DE1D637854B
   licenseUseSecret: true
 

diff --git a/test/cases/volume/values.yaml b/test/cases/volume/values.yaml
@@ -2,7 +2,6 @@
 config:
   username: bpuser
   password: bppass
-  secret_key: 12D8FB6E-1532-4A4C-97AF-95A430BE5E6E
   sessions_secret: 4484766F-5016-4077-B8E0-0DE1D637854B
 
 extraVolumes: