You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ka...@apache.org on 2021/04/10 01:59:01 UTC

[airflow] branch master updated: Chart: Allow setting an existing secret for PgBouncer config (#15296)

This is an automated email from the ASF dual-hosted git repository.

kaxilnaik pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/master by this push:
     new d5ea9fe  Chart: Allow setting an existing secret for PgBouncer config (#15296)
d5ea9fe is described below

commit d5ea9fe87cfc1ffc2081975d67aa20dd3a2688e0
Author: DerekHeldtWerle <de...@viasat.com>
AuthorDate: Fri Apr 9 18:58:51 2021 -0700

    Chart: Allow setting an existing secret for PgBouncer config (#15296)
    
    Previously, if a user wanted to supply the username and password to the `users.txt` secret for use by pgbouncer, they had to be set directly in the `values.yaml` file. This change allows users to create this secret out of band (with the `pgbouncer.ini`) and avoid supplying secrets directly.
---
 chart/templates/_helpers.yaml                      |  2 +-
 .../templates/secrets/pgbouncer-config-secret.yaml |  2 +-
 chart/tests/test_pgbouncer.py                      | 28 ++++++++++++++++++++++
 chart/values.schema.json                           |  7 ++++++
 chart/values.yaml                                  | 15 ++++++++++++
 docs/helm-chart/parameters-ref.rst                 |  3 +++
 6 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/chart/templates/_helpers.yaml b/chart/templates/_helpers.yaml
index 8c93883..56df208 100644
--- a/chart/templates/_helpers.yaml
+++ b/chart/templates/_helpers.yaml
@@ -249,7 +249,7 @@
 {{- end }}
 
 {{ define "pgbouncer_config_secret" -}}
-{{ .Release.Name }}-pgbouncer-config
+{{ default (printf "%s-pgbouncer-config" .Release.Name) .Values.pgbouncer.configSecretName }}
 {{- end }}
 
 {{ define "pgbouncer_certificates_secret" -}}
diff --git a/chart/templates/secrets/pgbouncer-config-secret.yaml b/chart/templates/secrets/pgbouncer-config-secret.yaml
index 0eb3ad8..4bcc436 100644
--- a/chart/templates/secrets/pgbouncer-config-secret.yaml
+++ b/chart/templates/secrets/pgbouncer-config-secret.yaml
@@ -18,7 +18,7 @@
 ################################
 ## Pgbouncer Config Secret
 #################################
-{{- if .Values.pgbouncer.enabled }}
+{{- if (and .Values.pgbouncer.enabled (not .Values.pgbouncer.configSecretName)) }}
 kind: Secret
 apiVersion: v1
 metadata:
diff --git a/chart/tests/test_pgbouncer.py b/chart/tests/test_pgbouncer.py
index 8b550d4..db3ceb6 100644
--- a/chart/tests/test_pgbouncer.py
+++ b/chart/tests/test_pgbouncer.py
@@ -77,3 +77,31 @@ class PgbouncerTest(unittest.TestCase):
             "spec.template.spec.tolerations[0].key",
             docs[0],
         )
+
+    def test_no_existing_secret(self):
+        docs = render_chart(
+            "TEST-PGBOUNCER-CONFIG",
+            values={
+                "pgbouncer": {"enabled": True},
+            },
+            show_only=["templates/pgbouncer/pgbouncer-deployment.yaml"],
+        )
+
+        assert {
+            "name": "pgbouncer-config",
+            "secret": {"secretName": "TEST-PGBOUNCER-CONFIG-pgbouncer-config"},
+        } == jmespath.search("spec.template.spec.volumes[0]", docs[0])
+
+    def test_existing_secret(self):
+        docs = render_chart(
+            "TEST-PGBOUNCER-CONFIG",
+            values={
+                "pgbouncer": {"enabled": True, "configSecretName": "pgbouncer-config-secret"},
+            },
+            show_only=["templates/pgbouncer/pgbouncer-deployment.yaml"],
+        )
+
+        assert {
+            "name": "pgbouncer-config",
+            "secret": {"secretName": "pgbouncer-config-secret"},
+        } == jmespath.search("spec.template.spec.volumes[0]", docs[0])
diff --git a/chart/values.schema.json b/chart/values.schema.json
index c2418b8..afa931f 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -1049,6 +1049,13 @@
                     "description": "Maximum clients that can connect to pgbouncer (higher = more file descriptors).",
                     "type": "integer"
                 },
+                "configSecretName": {
+                    "description": "The PgBouncer config secret name.",
+                    "type": [
+                        "string",
+                        "null"
+                    ]
+                },
                 "podDisruptionBudget": {
                     "description": "Pgbouner pod disruption budget.",
                     "type": "object",
diff --git a/chart/values.yaml b/chart/values.yaml
index 8eca514..715ff05 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -567,6 +567,21 @@ pgbouncer:
   # Maximum clients that can connect to pgbouncer (higher = more file descriptors)
   maxClientConn: 100
 
+  # supply the name of existing secret with pgbouncer.ini and users.txt defined
+  # you can load them to a k8s secret like the one below
+  #  apiVersion: v1
+  #  kind: Secret
+  #  metadata:
+  #    name: pgbouncer-config-secret
+  #  data:
+  #     pgbouncer.ini: <base64_encoded pgbouncer.ini file content>
+  #     users.txt: <base64_encoded users.txt file content>
+  #  type: Opaque
+  #
+  #  configSecretName: pgbouncer-config-secret
+  #
+  configSecretName: ~
+
   # Pgbouner pod disruption budget
   podDisruptionBudget:
     enabled: false
diff --git a/docs/helm-chart/parameters-ref.rst b/docs/helm-chart/parameters-ref.rst
index 3b985eb..65d330a 100644
--- a/docs/helm-chart/parameters-ref.rst
+++ b/docs/helm-chart/parameters-ref.rst
@@ -414,6 +414,9 @@ The following tables lists the configurable parameters of the Airflow chart and
    * - ``pgbouncer.tolerations``
      - Toleration labels for pod assignment
      - ``1``
+   * - ``pgbouncer.configSecretName``
+     - Name of existing PgBouncer config secret
+     - ``~``
    * - ``redis.enabled``
      - Enable the redis provisioned by the chart
      - ``1``