diff --git a/charts/ocis/templates/_common/_configvalues.tpl b/charts/ocis/templates/_common/_configvalues.tpl index 2718b24dd..4eb402590 100644 --- a/charts/ocis/templates/_common/_configvalues.tpl +++ b/charts/ocis/templates/_common/_configvalues.tpl @@ -60,6 +60,10 @@ All take the scope as the first and only parameter. {{ .Values.secretRefs.transferSecretSecretRef | default "transfer-secret" | quote }} {{- end -}} +{{- define "secrets.s3CredentialsSecret" -}} +{{ .Values.secretRefs.s3CredentialsSecretRef | default "s3-credentials-secret" | quote }} +{{- end -}} + {{- define "config.storageUsers" -}} {{ .Values.configRefs.storageusersConfigRef | default "storage-users" | quote }} {{- end -}} diff --git a/charts/ocis/templates/storageusers/deployment.yaml b/charts/ocis/templates/storageusers/deployment.yaml index fafd39597..081cd80a7 100644 --- a/charts/ocis/templates/storageusers/deployment.yaml +++ b/charts/ocis/templates/storageusers/deployment.yaml @@ -93,12 +93,12 @@ spec: - name: STORAGE_USERS_S3NG_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ .Values.secretRefs.s3CredentialsSecretRef }} + name: {{ include "secrets.s3CredentialsSecret" . }} key: accessKey - name: STORAGE_USERS_S3NG_SECRET_KEY valueFrom: secretKeyRef: - name: {{ .Values.secretRefs.s3CredentialsSecretRef }} + name: {{ include "secrets.s3CredentialsSecret" . }} key: secretKey - name: STORAGE_USERS_S3NG_BUCKET value: {{ .Values.services.storageusers.storageBackend.driverConfig.s3ng.bucket | quote }} diff --git a/charts/ocis/templates/storageusers/jobs.yaml b/charts/ocis/templates/storageusers/jobs.yaml index 05dd1fe0a..cf321d65c 100644 --- a/charts/ocis/templates/storageusers/jobs.yaml +++ b/charts/ocis/templates/storageusers/jobs.yaml @@ -65,12 +65,12 @@ spec: - name: STORAGE_USERS_S3NG_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ .Values.secretRefs.s3CredentialsSecretRef }} + name: {{ include "secrets.s3CredentialsSecret" . }} key: accessKey - name: STORAGE_USERS_S3NG_SECRET_KEY valueFrom: secretKeyRef: - name: {{ .Values.secretRefs.s3CredentialsSecretRef }} + name: {{ include "secrets.s3CredentialsSecret" . }} key: secretKey - name: STORAGE_USERS_S3NG_BUCKET value: {{ .Values.services.storageusers.storageBackend.driverConfig.s3ng.bucket | quote }} diff --git a/charts/ocis/templates/storageusers/secret.yaml b/charts/ocis/templates/storageusers/secret.yaml index d8e369198..dd6f65b8d 100644 --- a/charts/ocis/templates/storageusers/secret.yaml +++ b/charts/ocis/templates/storageusers/secret.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.services.storageusers.storageBackend.driver "s3ng" -}} +{{ if and (eq .Values.services.storageusers.storageBackend.driver "s3ng") (not .Values.secretRefs.s3CredentialsSecretRef) -}} {{ if and (.Values.services.storageusers.storageBackend.driverConfig.s3ng.accessKey) (.Values.services.storageusers.storageBackend.driverConfig.s3ng.secretKey) -}} apiVersion: v1 kind: Secret diff --git a/charts/ocis/values.yaml b/charts/ocis/values.yaml index 3f84709f5..cffb9317d 100644 --- a/charts/ocis/values.yaml +++ b/charts/ocis/values.yaml @@ -521,9 +521,8 @@ secretRefs: # -- Reference to an existing transfer secret (see ref:Secrets#secrets) transferSecretSecretRef: "" # -- Reference to an existing s3 secret (see ref:Secrets#secrets) - # This secret needs to remain filled in, as the s3 credentials secret can be filled in via the settings - # for backwards compatibility reasons. - s3CredentialsSecretRef: "s3-credentials-secret" + # If not filled in, will attempt to to use values in `.storageusers.storageBackend.s3.driverConfig.s3ng` instead. + s3CredentialsSecretRef: "" # Security context options. securityContext: