Fix issue with Helm configuration secret (#2412)

ramondeklein · web-flow · commit 27ba88641752 · 2025-04-11T13:05:45.000-07:00
diff --git a/helm/tenant/templates/checks.yaml b/helm/tenant/templates/checks.yaml
@@ -0,0 +1,24 @@
+{{- with .Values.tenant }}
+
+# If an existing secret is used, do not set access-key and secret-key explicitly
+# (note that we allow the default settings in values.yaml)
+{{- with .configSecret }}
+{{- if .existingSecret }}
+{{- if and .accessKey (ne .accessKey "minio") }}
+{{- fail "Cannot set access-key when an existing secret is used" }}
+{{- end }}
+{{- if and .secretKey (ne .secretKey "minio123") }}
+{{- fail "Cannot set secret-key when an existing secret is used" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+# If configuration.name is set and not the same as configSecret.name,
+# then we should raise an error and abort
+{{- if and .configuration .configuration.name }}
+{{- if and .configSecret (ne .configuration.name .configSecret.name) -}}
+{{- fail "configuration.name is deprecated and doesn't match .tenant.configSecret.name" }}
+{{- end -}}
+{{- end }}
+
+{{- end }}
diff --git a/helm/tenant/templates/tenant-configuration.yaml b/helm/tenant/templates/tenant-configuration.yaml
@@ -16,13 +16,6 @@ stringData:
     export MINIO_ROOT_USER={{ .Values.tenant.configSecret.accessKey | quote }}
     export MINIO_ROOT_PASSWORD={{ .Values.tenant.configSecret.secretKey | quote }}
 
-{{- else }}
-{{- if (.Values.tenant.configSecret.accessKey) }}
-{{- fail "# ERROR: cannot set access-key when an existing secret is used" }}
-{{- end }}
-{{- if (.Values.tenant.configSecret.secretKey) }}
-{{- fail "# ERROR: cannot set secret-key when an existing secret is used" }}
-{{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
diff --git a/helm/tenant/templates/tenant.yaml b/helm/tenant/templates/tenant.yaml
@@ -30,7 +30,7 @@ spec:
   {{- end }}
   ## Secret with default environment variable configurations
   configuration:
-    name: {{ .configuration.name }}
+    name: {{ .configSecret.name }}
   {{- if hasKey . "poolsMetadata" }}
   poolsMetadata: {{- if eq (len .poolsMetadata) 0 }} {} {{- end }}
   {{- with (dig "poolsMetadata" (dict) .) }}
diff --git a/helm/tenant/values.yaml b/helm/tenant/values.yaml
@@ -67,11 +67,6 @@ tenant:
   # Specify an empty dictionary ``{}`` to dispatch pods with the default scheduler.
   scheduler: { }
   ###
-  # The Kubernetes secret name that contains MinIO environment variable configurations.
-  # The secret is expected to have a key named config.env containing environment variables exports.
-  configuration:
-    name: myminio-env-configuration
-  ###
   # Root key for dynamically creating a secret for use with configuring root MinIO User
   # Specify the ``name`` and then a list of environment variables.
   #
