Helm: fix secrets for non-default release name (#5403)

6f6db4d5 · Andrey Zhavoronkov · GitHub · 0943de9d · 6f6db4d5 · 6f6db4d5
10 changed file
--- a/.github/workflows/helm.yml
+++ b/.github/workflows/helm.yml
@@ -63,7 +63,7 @@ jobs:
        cd helm-chart
        helm dependency update
        cd ..
-        helm upgrade -n default cvat -i --create-namespace helm-chart -f helm-chart/values.yaml -f tests/values.test.yaml
+        helm upgrade -n default release-${{ github.run_id }}-${{ github.run_attempt }} -i --create-namespace helm-chart -f helm-chart/values.yaml -f tests/values.test.yaml

    - name: Update test config
      run: |

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -86,6 +86,7 @@ non-ascii paths while adding files from "Connected file share" (issue #4428)
 - Fixed FBRS serverless function runtime error on images with alpha channel (<https://github.com/opencv/cvat/pull/5384>)
 - Attaching manifest with custom name (<https://github.com/opencv/cvat/pull/5377>)
 - Uploading non-zip annotaion files (<https://github.com/opencv/cvat/pull/5386>)
+- Broken helm chart - if using custom release name (<https://github.com/opencv/cvat/pull/5403>)
 - Missing source tag in project annotations (<https://github.com/opencv/cvat/pull/5408>)

 ### Security

--- a/helm-chart/templates/cvat-postgres-secret.yml
+++ b/helm-chart/templates/cvat-postgres-secret.yml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+  name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "cvat.labels" . | nindent 4 }}

--- a/helm-chart/templates/cvat-server-secret.yml
+++ b/helm-chart/templates/cvat-server-secret.yml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+  name: "{{ tpl ( .Values.cvat.backend.server.secret.name) . }}"
  namespace: {{ .Release.Namespace }}
 type: generic
 stringData:

--- a/helm-chart/templates/cvat_backend/cvat_worker_webhooks/deployment.yml
+++ b/helm-chart/templates/cvat_backend/cvat_worker_webhooks/deployment.yml
@@ -63,22 +63,22 @@ spec:
          - name: CVAT_POSTGRES_HOST
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-hostname
          - name: CVAT_POSTGRES_USER
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-username
          - name: CVAT_POSTGRES_DBNAME
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-database
          - name: CVAT_POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-password
          {{- else }}
          - name: CVAT_POSTGRES_HOST

--- a/helm-chart/templates/cvat_backend/server/deployment.yml
+++ b/helm-chart/templates/cvat_backend/server/deployment.yml
@@ -62,22 +62,22 @@ spec:
          - name: SOCIAL_AUTH_GOOGLE_CLIENT_ID
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+                name: "{{ tpl (.Values.cvat.backend.server.secret.name) . }}"
                key:  googleClientId
          - name: SOCIAL_AUTH_GOOGLE_CLIENT_SECRET
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+                name: "{{ tpl (.Values.cvat.backend.server.secret.name) . }}"
                key:  googleClientSecret
          - name: SOCIAL_AUTH_GITHUB_CLIENT_ID
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+                name: "{{ tpl (.Values.cvat.backend.server.secret.name) . }}"
                key:  githubClientId
          - name: SOCIAL_AUTH_GITHUB_CLIENT_SECRET
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+                name: "{{ tpl (.Values.cvat.backend.server.secret.name) . }}"
                key:  googleClientSecret
          {{- end }}
          - name: IAM_OPA_BUNDLE
@@ -93,22 +93,22 @@ spec:
          - name: CVAT_POSTGRES_HOST
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-hostname
          - name: CVAT_POSTGRES_USER
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-username
          - name: CVAT_POSTGRES_DBNAME
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-database
          - name: CVAT_POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-password
          {{- else }}
          - name: CVAT_POSTGRES_HOST

--- a/helm-chart/templates/cvat_backend/utils/deployment.yml
+++ b/helm-chart/templates/cvat_backend/utils/deployment.yml
@@ -64,22 +64,22 @@ spec:
          - name: CVAT_POSTGRES_HOST
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-hostname
          - name: CVAT_POSTGRES_USER
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-username
          - name: CVAT_POSTGRES_DBNAME
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-database
          - name: CVAT_POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-password
          {{- else }}
          - name: CVAT_POSTGRES_HOST

--- a/helm-chart/templates/cvat_backend/worker_default/deployment.yml
+++ b/helm-chart/templates/cvat_backend/worker_default/deployment.yml
@@ -63,22 +63,22 @@ spec:
          - name: CVAT_POSTGRES_HOST
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-hostname
          - name: CVAT_POSTGRES_USER
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-username
          - name: CVAT_POSTGRES_DBNAME
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-database
          - name: CVAT_POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-password
          {{- else }}
          - name: CVAT_POSTGRES_HOST

--- a/helm-chart/templates/cvat_backend/worker_low/deployment.yml
+++ b/helm-chart/templates/cvat_backend/worker_low/deployment.yml
@@ -63,22 +63,22 @@ spec:
          - name: CVAT_POSTGRES_HOST
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-hostname
          - name: CVAT_POSTGRES_USER
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-username
          - name: CVAT_POSTGRES_DBNAME
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-database
          - name: CVAT_POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+                name: "{{ tpl (.Values.postgresql.secret.name) . }}"
                key: postgresql-password
          {{- else }}
          - name: CVAT_POSTGRES_HOST

--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -22,7 +22,7 @@ cvat:
        USE_ALLAUTH_SOCIAL_ACCOUNTS: false
      secret:
        create: true
-        name: cvat-server-secret
+        name: "{{ .Release.Name }}-cvat-server-secret"
        socialAccountAuthentication:
          googleClientId: ""
          googleClientSecret: ""
@@ -191,10 +191,10 @@ postgresql:
 # If not external following config will be applied by default
  global:
    postgresql:
-      existingSecret: cvat-postgres-secret
+      existingSecret: "{{ .Release.Name }}-postgres-secret"
  secret:
    create: true
-    name: postgres-secret
+    name: "{{ .Release.Name }}-postgres-secret"
    password: cvat_postgresql
    postgres_password: cvat_postgresql_postgres
    replication_password: cvat_postgresql_replica