[HELM] Ability to specify certificate.secretReference.keyPath when using driver etcd
Closed this issue · 4 comments
Hello,
I am trying to deploy kamaji via helm chart (1.0.0 version) and wanna use external etcd server for datastore. I use aenix-io/etcd-operator to deploy etcd cluster.
If I deploy full example, it successfully deploys etcd cluster with all certificates, secrets and datastore. I can successfully deploy TenantControlPlane object after it and it becomes ready.
As you can see Datastore from this example has the following tlsConfig:
tlsConfig:
certificateAuthority:
certificate:
secretReference:
keyPath: tls.crt
name: etcd-ca-tls
namespace: kamaji-system
privateKey:
secretReference:
keyPath: tls.key
name: etcd-ca-tls
namespace: kamaji-system
clientCertificate:
certificate:
secretReference:
keyPath: tls.crt
name: etcd-client-tls
namespace: kamaji-system
privateKey:
secretReference:
keyPath: tls.key
name: etcd-client-tls
namespace: kamaji-system
so it looks for tls.crt and tls.key in both secrets and both secrets really have such keys. But if I wanna use datastore from the helm chart and specify such tlsConfig in values - it doesn't work, because it is being overwritten in the _helpers_datastore.tpl. It looks like a bug in helm chart to me.
Please let me know if I missed something.
Yes, it seems a bug, we should use a different condition there.
Are you able to provide a fix? Contributions are warmly welcomed!
@vriabyk thanks for trying kamaji. We moved away form supporting the embedded datastore. Current edge releases of Kamaji leverage on kamaji-etcd datastore, installed as helm dependancy. Please, move to the latest edge release.
Backporting of fix in stable releases (e.g. v1.0.0) is only provided on subscription base. Please DM is you're interested into a commercial engagement.
Thanks, Adriano, I'm going to close this: the bug doesn't exist unless upgrading to an edge release, or by adopting a commercial license which provides backports or stable Helm releases.