chore: tls configuration of secret keys and resources for bootstrap job

0dc71663 · David McKay · ba8b0057 · 0dc71663 · 0dc71663 · 0dc71663
Commit 0dc71663 authored Jul 09, 2020 by David McKay
5 changed files
--- a/charts/influxdb-enterprise/README.md
+++ b/charts/influxdb-enterprise/README.md
 # InfluxDB Enterprise

-## QuickStart
+## Quick Start

 ```bash
 helm repo add influxdata https://helm.influxdata.com/
@@ -11,7 +11,7 @@ helm upgrade --install influxdb influxdata/influxdb-enterprise --namespace monit

 ## Introduction

-This chart bootstraps an InfluxDB Enterprise cluster, with a StatefulSet for both the Meta and Data nodes.
+This chart bootstraps an InfluxDB Enterprise cluster, with a StatefulSet for both the meta and data nodes.

 ## Prerequisites

@@ -20,7 +20,15 @@ This chart bootstraps an InfluxDB Enterprise cluster, with a StatefulSet for bot

 ### Secrets

-This chart REQUIRES some mandatory secrets in-order to function.
+This chart requires the following secrets in order to function:
+
+- License
+- Shared Secret
+
+Optionally, you can also provide secrets to enable:
+
+- Authentication
+- TLS

 #### License

@@ -88,7 +96,8 @@ Otherwise, you need to provide a secret with the keys `tls.crt` and `tls.key`. A
 ```yaml
 meta:
  https:
-    secretName: my-tls-secret
+    secret:
+      name: my-tls-secret
    insecure: true # Only enable if your CA isn't trusted
 ```


--- a/charts/influxdb-enterprise/templates/bootstrap-job.yaml
+++ b/charts/influxdb-enterprise/templates/bootstrap-job.yaml
@@ -141,10 +141,5 @@ spec:
        args:
          - "Bootstrap Success"
        resources:
-          requests:
-            cpu: 100m
-            memory: 20Mi
-          limits:
-            cpu: 100m
-            memory: 20Mi
+          {{ toYaml .Values.bootstrap.ddldml.resources | indent 12 }}
 {{ end }}
--- a/charts/influxdb-enterprise/templates/data-statefulset.yaml
+++ b/charts/influxdb-enterprise/templates/data-statefulset.yaml
@@ -43,7 +43,14 @@ spec:
          {{- if .Values.data.https.useCertManager }}
          secretName: {{ include "influxdb-enterprise.fullname" . }}-data-tls
          {{ else }}
-          secretName: {{ .Values.data.https.secretName }}
+          secretName: {{ .Values.data.https.secret.name }}
+          {{ if or .Values.data.https.secret.crt .Values.data.https.secret.key }}
+          items:
+            - key: {{ .Values.data.https.crt }}
+              path: tls.crt
+            - key: {{ .Values.data.https.key }}
+              path: tls.key
+          {{ end }}
          {{ end }}
      {{ end }}
      containers:

--- a/charts/influxdb-enterprise/templates/meta-statefulset.yaml
+++ b/charts/influxdb-enterprise/templates/meta-statefulset.yaml
@@ -43,7 +43,14 @@ spec:
          {{- if .Values.meta.https.useCertManager }}
          secretName: {{ include "influxdb-enterprise.fullname" . }}-meta-tls
          {{ else }}
-          secretName: {{ .Values.meta.https.secretName }}
+          secretName: {{ .Values.meta.https.secret.name }}
+          {{ if or .Values.meta.https.secret.crt .Values.meta.https.secret.key }}
+          items:
+            - key: {{ .Values.meta.https.crt }}
+              path: tls.crt
+            - key: {{ .Values.meta.https.key }}
+              path: tls.key
+          {{ end }}
          {{ end }}
      {{ end }}
      containers:

--- a/charts/influxdb-enterprise/values.yaml
+++ b/charts/influxdb-enterprise/values.yaml
@@ -6,11 +6,12 @@ nameOverride: ""
 fullnameOverride: ""
 imagePullSecrets: []

+# License-key and license-path are mutually exclusive. Use only one and leave the other blank.
 license:
  # You can put your license key here for testing this chart out,
  # but we STRONGLY recommend using a license file stored in a secret
  # when you ship to production.
-  key: "fbe954a4-69c2-4b7e-bf69-cad2c2e5e6b9"
+  # key: ""
  # secret:
  #   name: license
  #   key: json
@@ -40,6 +41,7 @@ bootstrap:
  # to exist.
  ddldml: {}
    # configMap: ddl-dml
+    # resources: {}

 meta:
  replicas: 1
@@ -96,9 +98,12 @@ meta:
    enabled: true
    # The `useCertManager` option, when set to true, will
    # automatically create the certificate resources for you.
-    # You do not need to set the secretName when using this flag.
+    # You do not need to set the secret.name when using this flag.
    useCertManager: true
-    # secretName: tls-secret
+    secret:
+      name: tls-secret
+      # crt: tls.crt
+      # key: tls.key
    insecure: true


@@ -145,7 +150,10 @@ data:
    enabled: true
    # The `useCertManager` option, when set to true, will
    # automatically create the certificate resources for you.
-    # You do not need to set the secretName when using this flag.
+    # You do not need to set the secret.name when using this flag.
    useCertManager: true
-    # secretName: tls-secret
+    secret:
+      name: tls-secret
+      # crt: tls.crt
+      # key: tls.key
    insecure: true