From 2aa2d6e45d0651cbc638d6dbcb427ceb6bbdadbb Mon Sep 17 00:00:00 2001
From: Angelo Fausti <angelofausti@gmail.com>
Date: Tue, 18 Feb 2020 03:39:28 -0700
Subject: [PATCH] [stable/kapacitor] Use an existing secret for the InfluxDB
 auth (#19594)

* Use an existing secret for the InfluxDB auth

- Sometimes you need to check in the values.yaml in a repo
and you don't want to expose the secrets. With the existingSecret
option you can use and existing kubernetes secret with the keys
`influxdb-user` and `infuxdb-password` to set the corresponding
environment variables in Kapacitor. The keys are the same as the
ones used in the `influxdb-auth` secret created by the InfluxDB
Helm chart.

Signed-off-by: Angelo Fausti <afausti@lsst.org>

* Bump minor version instead

Signed-off-by: Angelo Fausti <afausti@lsst.org>
---
 stable/kapacitor/Chart.yaml                |  2 +-
 stable/kapacitor/README.md                 |  1 +
 stable/kapacitor/templates/deployment.yaml | 12 ++++++++++++
 stable/kapacitor/values.yaml               |  6 ++++++
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/stable/kapacitor/Chart.yaml b/stable/kapacitor/Chart.yaml
index 37cd3b9..9cf4268 100755
--- a/stable/kapacitor/Chart.yaml
+++ b/stable/kapacitor/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: kapacitor
-version: 1.1.4
+version: 1.2.0
 appVersion: 1.5.2
 description: InfluxDB's native data processing engine. It can process both stream
   and batch data from InfluxDB.
diff --git a/stable/kapacitor/README.md b/stable/kapacitor/README.md
index 879af79..cd387f2 100644
--- a/stable/kapacitor/README.md
+++ b/stable/kapacitor/README.md
@@ -62,6 +62,7 @@ The following table lists the configurable parameters of the Kapacitor chart and
 | `resources.limits.cpu` | Kapacitor cpu limit | `2` |
 | `envVars` | Environment variables to set initial Kapacitor configuration (https://hub.docker.com/_/kapacitor/) | `{}` |
 | `influxURL` | InfluxDB url used to interact with Kapacitor (also can be set with ```envVars.KAPACITOR_INFLUXDB_0_URLS_0```) | `http://influxdb-influxdb.tick:8086` |
+| `existingSecret` | Name of an existing Secrect used to set the environment variables for the InfluxDB user and password. The expected keys in the secret are `influxdb-user` and `influxdb-password`. |
 
 The configurable parameters of the Kapacitor chart and the default values are listed in `values.yaml`.
 
diff --git a/stable/kapacitor/templates/deployment.yaml b/stable/kapacitor/templates/deployment.yaml
index 6e7bea3..4c956a8 100644
--- a/stable/kapacitor/templates/deployment.yaml
+++ b/stable/kapacitor/templates/deployment.yaml
@@ -29,6 +29,18 @@ spec:
         - name: {{ $key }}
           value: {{ $val | quote }}
         {{- end }}
+        {{- if .Values.existingSecret }}
+        - name: KAPACITOR_INFLUXDB_0_USERNAME
+          valueFrom:
+            secretKeyRef:
+              key: influxdb-user
+              name: {{ .Values.existingSecret }}
+        - name: KAPACITOR_INFLUXDB_0_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: influxdb-password
+              name: {{ .Values.existingSecret }}
+        {{- end }}
         ports:
         - containerPort: 9092
         volumeMounts:
diff --git a/stable/kapacitor/values.yaml b/stable/kapacitor/values.yaml
index f872cb7..5ab9025 100644
--- a/stable/kapacitor/values.yaml
+++ b/stable/kapacitor/values.yaml
@@ -60,3 +60,9 @@ resources:
 ## ref: https://docs.influxdata.com/kapacitor/v1.1/introduction/getting_started/
 ##
 # influxURL: http://influxdb-influxdb.tick:8086
+
+## Name of an existing Secrect used to set the environment variables for the
+## InfluxDB user and password. The expected keys in the secret are
+## `influxdb-user` and `influxdb-password`.
+##
+# existingSecret: influxdb-auth
-- 
2.24.1