Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

[stable/sentry] Makes changing the secreyKey possible #19938

Merged
merged 4 commits into from
Jan 8, 2020
Merged

[stable/sentry] Makes changing the secreyKey possible #19938

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f105ddb
feat: make specifiying email secret key possible
wilmardo Jan 8, 2020
6fa654a
feat: make specifiying postgresql secret key possible
wilmardo Jan 8, 2020
690eb8e
feat: make specifiying redis secret key possible
wilmardo Jan 8, 2020
3cb16d0
chore: bump chartVersion
wilmardo Jan 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion stable/sentry/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
description: Sentry is a cross-platform crash reporting and aggregation platform.
name: sentry
version: 3.1.7
version: 3.2.0
appVersion: 9.1.2
keywords:
- debugging
Expand Down
9 changes: 7 additions & 2 deletions stable/sentry/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,8 @@ Parameter | Description
`email.password` | SMTP password | `nil`
`email.use_tls` | SMTP TLS for security | `false`
`email.enable_replies` | Allow email replies | `false`
`email.existingSecret` | SMTP password from an existing secret (key must be `smtp-password`) | `nil`
`email.existingSecret` | SMTP password from an existing secret | `nil`
`email.existingSecretKey` | Key to get from the `email.existingSecret` secret | `smtp-password`
`service.type` | Kubernetes service type | `LoadBalancer`
`service.name` | Kubernetes service name | `sentry`
`service.externalPort` | Kubernetes external service port | `9000`
Expand All @@ -126,12 +127,16 @@ Parameter | Description
`postgresql.postgresqlDatabase` | Postgres database name | `sentry`
`postgresql.postgresqlUsername` | Postgres username | `postgres`
`postgresql.postgresqlHost` | External postgres host | `nil`
`postgresql.postgresqlPassword` | External/Internal postgres password | `nil`
`postgresql.postgresqlPassword` | External/Internal postgres password | `nil`
`postgresql.postgresqlPort` | External postgres port | `5432`
`postgresql.existingSecret` | Name of existing secret to use for the PostgreSQL password | `nil`
`postgresql.existingSecretKey` | Key to get from the `postgresql.existingSecret` secret | `postgresql-password`
`redis.enabled` | Deploy redis server (see below) | `true`
`redis.host` | External redis host | `nil`
`redis.password` | External redis password | `nil`
`redis.port` | External redis port | `6379`
`redis.existingSecret` | Name of existing secret to use for the Redis password | `nil`
`redis.existingSecretKey` | Key to get from the `redis.existingSecret` secret | `redis-password`
`filestore.backend` | Backend for Sentry Filestore | `filesystem`
`filestore.filesystem.path` | Location to store files for Sentry | `/var/lib/sentry/files`
`filestore.filesystem.persistence.enabled` | Enable Sentry files persistence using PVC | `true`
Expand Down
22 changes: 22 additions & 0 deletions stable/sentry/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,17 @@ Set postgres secret
{{- end -}}
{{- end -}}

{{/*
Set postgres secretKey
*/}}
{{- define "sentry.postgresql.secretKey" -}}
{{- if .Values.postgresql.enabled -}}
"postgresql-password"
{{- else -}}
{{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}}
{{- end -}}
{{- end -}}

{{/*
Set postgres port
*/}}
Expand Down Expand Up @@ -111,6 +122,17 @@ Set redis secret
{{- end -}}
{{- end -}}

{{/*
Set redis secretKey
*/}}
{{- define "sentry.redis.secretKey" -}}
{{- if .Values.redis.enabled -}}
"redis-password"
{{- else -}}
{{- default "redis-password" .Values.redis.existingSecretKey | quote -}}
{{- end -}}
{{- end -}}

{{/*
Set redis port
*/}}
Expand Down
7 changes: 4 additions & 3 deletions stable/sentry/templates/cron-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ spec:
{{- else }}
name: {{ template "sentry.postgresql.secret" . }}
{{- end }}
key: postgresql-password
key: {{ template "sentry.postgresql.secretKey" . }}
- name: SENTRY_POSTGRES_HOST
value: {{ template "sentry.postgresql.host" . }}
- name: SENTRY_POSTGRES_PORT
Expand All @@ -91,7 +91,7 @@ spec:
{{- else }}
name: {{ template "sentry.redis.secret" . }}
{{- end }}
key: redis-password
key: {{ template "sentry.redis.secretKey" . }}
{{- end }}
- name: SENTRY_REDIS_HOST
value: {{ template "sentry.redis.host" . }}
Expand All @@ -108,10 +108,11 @@ spec:
secretKeyRef:
{{- if .Values.email.existingSecret }}
name: {{ .Values.email.existingSecret }}
key: {{ default "smtp-password" .Values.email.existingSecretKey }}
{{- else }}
name: {{ template "sentry.fullname" . }}
{{- end }}
key: smtp-password
{{- end }}
- name: SENTRY_EMAIL_USE_TLS
value: {{ .Values.email.use_tls | quote }}
- name: SENTRY_SERVER_EMAIL
Expand Down
4 changes: 2 additions & 2 deletions stable/sentry/templates/hooks/db-init.job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ spec:
{{- else }}
name: {{ template "sentry.postgresql.secret" . }}
{{- end }}
key: postgresql-password
key: {{ template "sentry.postgresql.secretKey" . }}
- name: SENTRY_POSTGRES_HOST
value: {{ template "sentry.postgresql.host" . }}
- name: SENTRY_POSTGRES_PORT
Expand All @@ -72,7 +72,7 @@ spec:
{{- else }}
name: {{ template "sentry.redis.secret" . }}
{{- end }}
key: redis-password
key: {{ template "sentry.redis.secretKey" . }}
{{- end }}
- name: SENTRY_REDIS_HOST
value: {{ template "sentry.redis.host" . }}
Expand Down
4 changes: 2 additions & 2 deletions stable/sentry/templates/hooks/user-create.job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ spec:
{{- else }}
name: {{ template "sentry.postgresql.secret" . }}
{{- end }}
key: postgresql-password
key: {{ template "sentry.postgresql.secretKey" . }}
- name: SENTRY_POSTGRES_HOST
value: {{ template "sentry.postgresql.host" . }}
- name: SENTRY_POSTGRES_PORT
Expand All @@ -72,7 +72,7 @@ spec:
{{- else }}
name: {{ template "sentry.redis.secret" . }}
{{- end }}
key: redis-password
key: {{ template "sentry.redis.secretKey" . }}
{{- end }}
- name: SENTRY_REDIS_HOST
value: {{ template "sentry.redis.host" . }}
Expand Down
4 changes: 2 additions & 2 deletions stable/sentry/templates/secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@ data:
{{ else }}
user-password: {{ randAlphaNum 16 | b64enc | quote }}
{{ end }}
{{ if or (not .Values.postgresql.enabled) (.Values.postgresql.password) }}
{{ if and (.Values.postgresql.existingSecret) (or (not .Values.postgresql.enabled) (.Values.postgresql.password)) }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why need it here? It looks wrong for me. Originally password will save to this secret only if postgresql.enabled is set to false and have password settings in postgresql.password, which allow using this kind of config:

postgresql:
  # internal PG is disabled, not need to deploy postgresql to kubernetes
  enabled: false
  persistence:
    enabled: false
  # use RDS settings here
  postgresqlHost: 99.111.222.333
  postgresqlDatabase: sentry
  postgresqlUsername: sentry
  postgresqlPassword: "my_db_password_here"
  postgresqlPort: 5432

Which allow Sentry to connect to external PostgreSQL instance.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch. I missed this.

postgresql-password: {{ .Values.postgresql.postgresqlPassword | default "" | b64enc | quote }}
{{ end }}
{{ if and (not .Values.redis.enabled) (.Values.redis.password) }}
{{ if and (.Values.postgresql.existingSecret) (not .Values.redis.enabled) (.Values.redis.password) }}
redis-password: {{ .Values.redis.password | default "" | b64enc | quote }}
{{ end }}
4 changes: 2 additions & 2 deletions stable/sentry/templates/web-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ spec:
{{- else }}
name: {{ template "sentry.postgresql.secret" . }}
{{- end }}
key: postgresql-password
key: {{ template "sentry.postgresql.secretKey" . }}
- name: SENTRY_POSTGRES_HOST
value: {{ template "sentry.postgresql.host" . }}
- name: SENTRY_POSTGRES_PORT
Expand All @@ -90,7 +90,7 @@ spec:
{{- else }}
name: {{ template "sentry.redis.secret" . }}
{{- end }}
key: redis-password
key: {{ template "sentry.redis.secretKey" . }}
{{- end }}
- name: SENTRY_REDIS_HOST
value: {{ template "sentry.redis.host" . }}
Expand Down
4 changes: 2 additions & 2 deletions stable/sentry/templates/workers-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ spec:
{{- else }}
name: {{ template "sentry.postgresql.secret" . }}
{{- end }}
key: postgresql-password
key: {{ template "sentry.postgresql.secretKey" . }}
- name: SENTRY_POSTGRES_HOST
value: {{ template "sentry.postgresql.host" . }}
- name: SENTRY_POSTGRES_PORT
Expand All @@ -100,7 +100,7 @@ spec:
{{- else }}
name: {{ template "sentry.redis.secret" . }}
{{- end }}
key: redis-password
key: {{ template "sentry.redis.secretKey" . }}
{{- end }}
- name: SENTRY_REDIS_HOST
value: {{ template "sentry.redis.host" . }}
Expand Down
13 changes: 11 additions & 2 deletions stable/sentry/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@ email:
user:
password:
enable_replies: false
# When defined the `password` field is ignored
# existingSecret: secret-name
# existingSecretKey: smtp-password

# Name of the service and what port to expose on the pod
# Don't change these unless you know what you're doing
Expand Down Expand Up @@ -194,19 +197,25 @@ postgresql:
nameOverride: sentry-postgresql
postgresqlDatabase: sentry
postgresqlUsername: postgres
# Only used when internal PG is disabled
# The following variables are only used when internal PG is disabled
# postgresqlHost: postgres
# postgresqlPassword: postgres
# postgresqlPort: 5432
# When defined the `postgresqlPassword` field is ignored
# existingSecret: secret-name
# existingSecretKey: postgresql-password

redis:
enabled: true
nameOverride: sentry-redis
# Only used when internal redis is disabled
# The following variables are only used when internal PG is disabled
# host: redis
# Just omit the password field if your redis cluster doesn't use password
# password: redis
# port: 6379
# When defined the `password` field is ignored
# existingSecret: secret-name
# existingSecretKey: redis-password
master:
persistence:
enabled: true
Expand Down