This is an automated email from the ASF dual-hosted git repository.
willholley pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-helm.git
The following commit(s) were added to refs/heads/main by this push:
new 463b411 Support extra secrets (#185)
463b411 is described below
commit 463b411e3a1ab51c4db3f2d11a2c1d34e3226c35
Author: Tony Schmidt <[email protected]>
AuthorDate: Mon Mar 17 19:07:41 2025 +0100
Support extra secrets (#185)
Adds support for ExternalSecrets or secrets that are generated other than
from the chart itself. This is useful for those who may be managing secrets
with other services, such as Hashicorp Vault or OpenBao.
---
couchdb/Chart.yaml | 2 +-
couchdb/NEWS.md | 4 ++++
couchdb/README.md | 13 ++++++++-----
couchdb/templates/job.yaml | 8 ++++----
couchdb/templates/statefulset.yaml | 8 ++++----
couchdb/values.yaml | 4 ++++
6 files changed, 25 insertions(+), 14 deletions(-)
diff --git a/couchdb/Chart.yaml b/couchdb/Chart.yaml
index fbe0bfe..1a897bc 100644
--- a/couchdb/Chart.yaml
+++ b/couchdb/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: couchdb
-version: 4.5.6
+version: 4.5.7
appVersion: 3.3.3
description: A database featuring seamless multi-master sync, that scales from
big data to mobile, with an intuitive HTTP/JSON API and designed for
diff --git a/couchdb/NEWS.md b/couchdb/NEWS.md
index af0dd8a..694df9a 100644
--- a/couchdb/NEWS.md
+++ b/couchdb/NEWS.md
@@ -1,5 +1,9 @@
# NEWS
+## 4.5.7
+
+- Add support for extra secrets not created by the chart, such as Hashicorp
Vault or OpenBao.
+
## 4.5.6
- Add `extraPorts` to the network policy when the network policy is enabled.
diff --git a/couchdb/README.md b/couchdb/README.md
index 5ddefaa..267b7dd 100644
--- a/couchdb/README.md
+++ b/couchdb/README.md
@@ -1,6 +1,6 @@
# CouchDB
-
+
Apache CouchDB is a database featuring seamless multi-master sync, that scales
from big data to mobile, with an intuitive HTTP/JSON API and designed for
@@ -18,7 +18,7 @@ storage volumes to each Pod in the Deployment.
```bash
$ helm repo add couchdb https://apache.github.io/couchdb-helm
$ helm install couchdb/couchdb \
- --version=4.5.3 \
+ --version=4.5.7 \
--set allowAdminParty=true \
--set couchdbConfig.couchdb.uuid=$(curl
https://www.uuidgenerator.net/api/version4 2>/dev/null | tr -d -)
```
@@ -44,7 +44,7 @@ Afterwards install the chart replacing the UUID
```bash
$ helm install \
--name my-release \
- --version=4.5.3 \
+ --version=4.5.7 \
--set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
couchdb/couchdb
```
@@ -78,7 +78,7 @@ and then install the chart while overriding the
`createAdminSecret` setting:
```bash
$ helm install \
--name my-release \
- --version=4.5.3 \
+ --version=4.5.7 \
--set createAdminSecret=false \
--set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
couchdb/couchdb
@@ -133,7 +133,7 @@ version semantics. You can upgrade directly from
`stable/couchdb` to this chart
```bash
$ helm repo add couchdb https://apache.github.io/couchdb-helm
-$ helm upgrade my-release --version=4.5.3 couchdb/couchdb
+$ helm upgrade my-release --version=4.5.7 couchdb/couchdb
```
## Configuration
@@ -170,6 +170,9 @@ A variety of other parameters are also configurable. See
the comments in the
| `adminUsername` | admin
|
| `adminPassword` | auto-generated
|
| `adminHash` |
|
+| `extraSecretName` | "" (the name of a secret resource to
provide e.g. admin credentials from an ExternalSecret/vault/etc.) |
+| `adminUsernameKey` | "" (the string/key to access the
admin username secret from an extra secret if different from "adminUsername" |
+| `adminPasswordKey` | "" (the string/key to access the
admin password secret from an extra secret if different from "adminPassword" |
| `cookieAuthSecret` | auto-generated
|
| `extraPorts` | [] (a list of ContainerPort objects)
|
| `image.repository` | couchdb
|
diff --git a/couchdb/templates/job.yaml b/couchdb/templates/job.yaml
index 544955b..8d127bf 100644
--- a/couchdb/templates/job.yaml
+++ b/couchdb/templates/job.yaml
@@ -40,13 +40,13 @@ spec:
- name: COUCHDB_ADMIN
valueFrom:
secretKeyRef:
- name: {{ template "couchdb.fullname" . }}
- key: adminUsername
+ name: {{ .Values.extraSecretName | default (include
"couchdb.fullname" .) }}
+ key: {{ .Values.adminUsernameKey | default "adminUsername" }}
- name: COUCHDB_PASS
valueFrom:
secretKeyRef:
- name: {{ template "couchdb.fullname" . }}
- key: adminPassword
+ name: {{ .Values.extraSecretName | default (include
"couchdb.fullname" .) }}
+ key: {{ .Values.adminPasswordKey | default "adminPassword" }}
{{- if .Values.containerSecurityContext }}
securityContext: {{ .Values.containerSecurityContext | toYaml |
nindent 12 }}
{{- end }}
diff --git a/couchdb/templates/statefulset.yaml
b/couchdb/templates/statefulset.yaml
index 5686f1c..6de542c 100644
--- a/couchdb/templates/statefulset.yaml
+++ b/couchdb/templates/statefulset.yaml
@@ -109,13 +109,13 @@ spec:
- name: COUCHDB_USER
valueFrom:
secretKeyRef:
- name: {{ template "couchdb.fullname" . }}
- key: adminUsername
+ name: {{ .Values.extraSecretName | default (include
"couchdb.fullname" .) }}
+ key: {{ .Values.adminUsernameKey | default "adminUsername" }}
- name: COUCHDB_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ template "couchdb.fullname" . }}
- key: adminPassword
+ name: {{ .Values.extraSecretName | default (include
"couchdb.fullname" .) }}
+ key: {{ .Values.adminPasswordKey | default "adminPassword" }}
- name: COUCHDB_SECRET
valueFrom:
secretKeyRef:
diff --git a/couchdb/values.yaml b/couchdb/values.yaml
index 586dc54..e9dcefd 100644
--- a/couchdb/values.yaml
+++ b/couchdb/values.yaml
@@ -36,6 +36,10 @@ autoSetup:
# 2) This flag can be disabled and a Secret with the required keys can be
# created ahead of time.
createAdminSecret: true
+# defaults to chart name
+extraSecretName: ""
+adminUsernameKey: ""
+adminPasswordKey: ""
adminUsername: admin
# adminPassword: this_is_not_secure
