Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tenant Helm chart creates a secret even when using an existing secret #2380

Closed
acelinkio opened this issue Jan 11, 2025 · 5 comments
Closed

Tenant Helm chart creates a secret even when using an existing secret #2380

acelinkio opened this issue Jan 11, 2025 · 5 comments
Assignees
@allanrogerr
Labels
community working as intended

Comments

@acelinkio
Copy link

acelinkio commented Jan 11, 2025
edited
Loading

Expected Behavior

When using an existing secret, I would expect the helm chart to not create another secret resource.

Current Behavior

Currently when using an existing secret, the helm chart creates a unused secret resource.

Possible Solution

Simplify the logic inside of the helm/tenant/templates/tenant-configuration.yaml template. Need help to understand the current logic workflow. Looks like configSecret is intended to specify secret values inline?

Steps to Reproduce (for bugs)

  1. create the following test values and save into a file named test.yaml
tenant:
  name: tenant0
  configuration:
    name: tenant0-config
  configSecret:
    existingSecret: true
  pools:
    - servers: 1
      name: pool0
      volumesPerServer: 1
  1. helm template minio/tenant -f test.yaml
  2. Returns
Error: execution error at (tenant/templates/tenant-configuration.yaml:21:4): # ERROR: cannot set access-key when an existing secret is used
  1. test again with the following configurationwith
tenant:
  name: tenant0
  configuration:
    name: tenant0-config
  pools:
    - servers: 1
      name: pool0
      volumesPerServer: 1
  1. see the following secret manifest generated
---
# Source: tenant/templates/tenant-configuration.yaml
apiVersion: v1
kind: Secret
metadata:
  name: myminio-env-configuration
type: Opaque
stringData:
  config.env: |-
    export MINIO_ROOT_USER="minio"
    export MINIO_ROOT_PASSWORD="minio123"|
---

Context

Trying to adopt the minio operator instead of just deploying the community helm chart. There should be an example tenant configuration that is comparable to the community helm chart. That would greatly improve the UX for casual people and increase adoption rate.

Regression

helm chart version 6.0.4

Your Environment

N/A This is a templating issue.

Related #2032
@cesnietor
Copy link
Contributor

we'll take a look, thanks. @allanrogerr

@allanrogerr
Copy link
Contributor

Im unable to reproduce this issue on 6.0.4. Please take a look at these steps, and the tests performed here (see test 7 mainly).
https://github.com/allanrogerr/public/wiki/operator-2032

Install operator

curl -O https://raw.githubusercontent.com/minio/operator/master/helm-releases/operator-6.0.4.tgz
tar -xvf operator-6.0.4.tgz
helm install --namespace minio-operator --create-namespace minio-operator operator-6.0.4.tgz -f ./operator/values.yaml

DL tenant

curl -O https://raw.githubusercontent.com/minio/operator/master/helm-releases/tenant-6.0.4.tgz
tar -xvf tenant-6.0.4.tgz

Edit tenant/values.yaml ensuring the following values

tenant:
  configuration:
    name: my-existing-secret
  configSecret:
    existingSecret: true

Install tenant

helm uninstall -n tenant1 tenant1
helm install --namespace tenant1 --create-namespace tenant1 ./tenant

Create a secret

kubectl -n tenant1 delete secret/my-existing-secret
cat <<EOF > my-existing-secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  namespace: tenant1
  name: my-existing-secret
stringData:
  config.env: |-
    export MINIO_ROOT_USER=ROOTUSERNAME
    export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD
EOF
kubectl create -f my-existing-secret.yaml

Monitor tenant

k -n tenant1 get tenant

NAME      STATE         HEALTH   AGE
myminio   Initialized   green    71s

@acelinkio
Copy link
Author

acelinkio commented Jan 13, 2025
edited
Loading

@allanrogerr i'm not sure if you are specifying the values file as you expect. your helm install command is missing a -f to specify the values file.

Here is a oneliner to recreate the issue I am seeing. This is with using the values you provided.

helm template tenant1 --repo https://operator.min.io tenant --version 6.0.4 --set tenent.configuration.name=my-existing-secret --set tenant.configSecret.existingSecret=true

which still returns

Error: execution error at (tenant/templates/tenant-configuration.yaml:21:4): # ERROR: cannot set access-key when an existing secret is used

@allanrogerr
Copy link
Contributor

allanrogerr commented Jan 13, 2025
edited
Loading

-f was not needed since I had already modified the values.yaml referred to by chart ./tenant.

Thanks for the reproducer. The issue stems from the default accessKey and secretKey in the yaml. You can unset them this way. Please note the spelling change tenent -> tenant.

helm template tenant1 --repo https://operator.min.io tenant --version 6.0.4 \
--set tenant.configuration.name=my-existing-secret \
--set tenant.configSecret.existingSecret=true \
--set tenant.configSecret.accessKey= \
--set tenant.configSecret.secretKey=

@acelinkio
Copy link
Author

thanks for catching my typo. unsetting those additional values does work, just funky templating i guess.

Other charts make existingSecret a string and set the name of the secret there. Makes configuration a bit simpler.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@allanrogerr allanrogerr

Labels
community working as intended
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cesnietor @allanrogerr @acelinkio