Skip to content

Commit

Permalink
store opensearch-dashboards configs in Secret (#426)
Browse files Browse the repository at this point in the history
opensearch_dashboards.yml contains values like
opensearch.password or opensearch_security.openid.client_secret
which should be stored in Secrets rather than ConfigMaps.

Signed-off-by: Dominik Ruf <[email protected]>
  • Loading branch information
rufdoSICKAG committed Jan 3, 2024
1 parent 90beaed commit 8872abb
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 21 deletions.
1 change: 1 addition & 0 deletions charts/opensearch-dashboards/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
### Added
- Added support for pod topology spread constraints in Dashboards
- store opensearch-dashboards configs in Secret (#426)
### Changed
### Deprecated
### Removed
Expand Down
2 changes: 1 addition & 1 deletion charts/opensearch-dashboards/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@
| `startupProbe` | Configuration fields for the startup [probe][] | see [exampleStartup][] in `values.yaml` |
| `plugins.enabled` | Allow/disallow to add 3rd Party / Custom plugins not offered in the default OpenSearchDashboards image | false |
| `plugins.installList` | Array containing the Opensearch Dashboards plugins to be installed in container | [] |
| `opensearchDashboardsYml.defaultMode` | Allow you to set the defaultMode for the opensearch_dashboards.yml mounted as configMap | |
| `opensearchDashboardsYml.defaultMode` | Allow you to set the defaultMode for the opensearch_dashboards.yml mounted as Secret | |
| `dashboardAnnotations` | Allows you to configure custom annotation in the deployement of the OpenSearchDashboards container | {} |

[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes
Expand Down
16 changes: 0 additions & 16 deletions charts/opensearch-dashboards/templates/configmap.yaml

This file was deleted.

8 changes: 4 additions & 4 deletions charts/opensearch-dashboards/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ spec:
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- /* This forces a restart if the configmap has changed */}}
{{- /* This forces a restart if the secret has changed */}}
{{- if .Values.config }}
configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
configchecksum: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum | trunc 63 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
Expand All @@ -49,8 +49,8 @@ spec:
{{- end }}
{{- if .Values.config }}
- name: config
configMap:
name: {{ template "opensearch-dashboards.fullname" . }}-config
secret:
secretName: {{ template "opensearch-dashboards.fullname" . }}-config
{{- if .Values.opensearchDashboardsYml.defaultMode }}
defaultMode: {{ .Values.opensearchDashboardsYml.defaultMode }}
{{- end }}
Expand Down
17 changes: 17 additions & 0 deletions charts/opensearch-dashboards/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{{- if .Values.config -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "opensearch-dashboards.fullname" . }}-config
labels: {{ include "opensearch-dashboards.labels" . | nindent 4 }}
type: Opaque
stringData:
{{- range $secretName, $secretYaml := .Values.config }}
{{ $secretName }}: |
{{- if eq (kindOf $secretYaml) "map" }}
{{- tpl (toYaml $secretYaml) $ | nindent 4 }}
{{- else }}
{{- tpl $secretYaml $ | nindent 4 -}}
{{- end -}}
{{- end -}}
{{- end -}}

0 comments on commit 8872abb

Please sign in to comment.