[stable/sentry] Makes changing the secreyKey possible

[wilmardo]

What this PR does / why we need it:

• Documents the existingSecret variables of email, postgres and redis. These variables where already in the (upstream) chart but undocumented in the README and values.yaml
• Makes it possible to set what key to get from the secrets.

In our we cluster we use a postgres-operator which supplies a credentials secret with the password under the password key not the postgres-password key. This change allows us to keep using the operator for the database.

Special notes for your reviewer:

This should be backward compatible since it defaults to the previous hardcoded values.

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

• DCO signed
• Chart Version bumped
• Variables are documented in the README.md
• Title of the PR starts with chart name (e.g. [stable/mychartname])

[k8s-ci-robot]

Hi @wilmardo. Thanks for your PR.

I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[okgolove]

/lgtm

[okgolove]

/ok-to-test

[okgolove]

/lgtm cancel

[okgolove]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: okgolove, wilmardo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• stable/sentry/OWNERS [okgolove]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[lalinsky]

FYI, this PR broke the option to set passwords directly.

[donbeave]

Why need it here? It looks wrong for me. Originally password will save to this secret only if postgresql.enabled is set to false and have password settings in postgresql.password, which allow using this kind of config:

postgresql:
  # internal PG is disabled, not need to deploy postgresql to kubernetes
  enabled: false
  persistence:
    enabled: false
  # use RDS settings here
  postgresqlHost: 99.111.222.333
  postgresqlDatabase: sentry
  postgresqlUsername: sentry
  postgresqlPassword: "my_db_password_here"
  postgresqlPort: 5432

Which allow Sentry to connect to external PostgreSQL instance.

[okgolove]

Nice catch. I missed this.

[donbeave]

@wilmardo @okgolove can you revert changes in stable/sentry/templates/secrets.yaml file?

[wilmardo]

@donbeave Will do, PR coming in 15 minutes tops :)

Sorry for the regression!

[donbeave]

@wilmardo no problem! Thank you for the fix.

[guanzo]

@wilmardo setting email.existingSecretKey doesn't work, the final value is always smtp-password. setting email.existingSecret does work.

I'm looking through the template files of stable/sentry 4.0.1, and the only template that actually checks for email.existingSecretKey is cron-deployment.yaml. Other files that check for email.existingSecret do not check for email.existingSecretKey, these files are: web-deployment.yaml, workers-deployment.yaml, db-init.job.yaml, and user-create.job.yaml.

Is this an oversight? Or am i missing something.