Skip to content

Commit

Permalink
securityConfig mounts (#200)
Browse files Browse the repository at this point in the history
* Fix securityConfig mounts

Signed-off-by: Boris Komraz <[email protected]>

* securityconfig checksum

Signed-off-by: Boris Komraz <[email protected]>

* bump version

Signed-off-by: Boris Komraz <[email protected]>

* bump version

Signed-off-by: Boris Komraz <[email protected]>

* fix changelog

Signed-off-by: Boris Komraz <[email protected]>

* security config data usage way

Signed-off-by: Boris Komraz <[email protected]>

* Update version number

Signed-off-by: Peter Zhu <[email protected]>

Co-authored-by: Peter Zhu <[email protected]>
  • Loading branch information
bkomraz1 and peterzhuamazon authored Feb 20, 2022
1 parent 245f201 commit d430c96
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 4 deletions.
13 changes: 12 additions & 1 deletion charts/opensearch/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed
### Security

---
## [1.8.0]
### Added
### Changed
- Accurate securityConfig files mount: mount of separate files will not hide other files from securityConfig folder.
- Pods will be recreated on securityConfig files change
### Deprecated
### Removed
### Fixed
### Security
---
## [1.7.4]
### Added
Expand Down Expand Up @@ -340,7 +350,8 @@ config:
### Fixed
### Security

[Unreleased]: https://github.com/opensearch-project/helm-charts/compare/opensearch-1.7.4...HEAD
[Unreleased]: https://github.com/opensearch-project/helm-charts/compare/opensearch-1.8.0...HEAD
[1.8.0]: https://github.com/opensearch-project/helm-charts/compare/opensearch-1.7.4...opensearch-1.8.0
[1.7.4]: https://github.com/opensearch-project/helm-charts/compare/opensearch-1.7.3...opensearch-1.7.4
[1.7.3]: https://github.com/opensearch-project/helm-charts/compare/opensearch-1.7.2...opensearch-1.7.3
[1.7.2]: https://github.com/opensearch-project/helm-charts/compare/opensearch-1.7.1...opensearch-1.7.2
Expand Down
2 changes: 1 addition & 1 deletion charts/opensearch/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.7.4
version: 1.8.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
18 changes: 16 additions & 2 deletions charts/opensearch/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ spec:
{{- if .Values.config }}
configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
{{- end }}
{{- if .Values.securityConfig.config.data }}
securityconfigchecksum: {{ include (print .Template.BasePath "/securityconfig.yaml") . | sha256sum | trunc 63 }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
Expand Down Expand Up @@ -144,7 +147,7 @@ spec:
{{ fail "Only one of .Values.securityConfig.config.data and .Values.securityConfig.config.securityConfigSecret may be defined. Please see the comment in values.yaml describing usage." }}
{{- end }}
{{- if .Values.securityConfig.config.data }}
- name: security-config-complete
- name: security-config-data
secret:
secretName: {{ include "opensearch.uname" . }}-securityconfig
{{- end }}
Expand Down Expand Up @@ -365,7 +368,18 @@ spec:
name: tenants
subPath: tenants.yml
{{- end }}
{{- if or .Values.securityConfig.config.data .Values.securityConfig.config.securityConfigSecret }}
{{- if .Values.securityConfig.config.data }}
{{- if .Values.securityConfig.config.dataComplete }}
- mountPath: {{ .Values.securityConfig.path }}
name: security-config-data
{{- else }}
{{- range $key, $_ := .Values.securityConfig.config.data }}
- mountPath: {{ $.Values.securityConfig.path }}/{{ $key }}
name: security-config-data
subPath: {{ $key }}
{{- end }}
{{- end }}
{{- else if .Values.securityConfig.config.securityConfigSecret }}
- mountPath: {{ .Values.securityConfig.path }}
name: security-config-complete
{{- end }}
Expand Down
1 change: 1 addition & 0 deletions charts/opensearch/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -310,6 +310,7 @@ securityConfig:
# created externally and mount it.
# * It is an error to define both data and securityConfigSecret.
securityConfigSecret: ""
dataComplete: true
data: {}
# config.yml: |-
# internal_users.yml: |-
Expand Down

0 comments on commit d430c96

Please sign in to comment.