Add secret generation to main helm chart.

[ainmosni]

This creates a generic secret template that can be used to generate
secrets for all services. The secret template takes a dict of the scope,
the name of the secret, and the data to be stored in the secret.

This will be used to prefill any non-predefined secrets that are set in
the secretRefs.

Fixes #50

[d7oc]

I think @wkloucek wanted to use Jobs instead of lookup as he was afraid of race conditions with lookup and lookup won't work with helm template.

[mmattel]

This is a very cool feature. My intention is to have that somehow documented/mentioned in the admin docs. Any ideas?

[ainmosni]

This is a very cool feature. My intention is to have that somehow documented/mentioned in the admin docs. Any ideas?

@mmattel In theory, all that needs to be documented is that people don't need to add most secrets by default, only when they want to customise certain things. So it's more moving current docs around, and even removing some unneeded examples because they are for existing users.

We can chat about it, but I'll be gone until Tuesday, so if you can wait until then, I'll help.

[mmattel]

Tuesday is fine, I am just blocked with other stuff.

[d7oc]

Taking the ownership of externally-defined Secrets and ConfigMaps fails here:

Error: UPGRADE FAILED: rendered manifests contain a resource that already exists. Unable to continue with update: Secret "machine-auth-api-key" in namespace "default" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "owncloud"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "default"
helm.go:84: [debug] Secret "machine-auth-api-key" in namespace "default" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "owncloud"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "default"

Aside this the following places contain secrets which are not handled so far:

• ocis-charts/charts/ocis/templates/appprovider/deployment.yaml

  Line 79 in 9f85e54

  name: {{ $.Values.secretRefs.jwtSecretRef }}

• ocis-charts/charts/ocis/templates/policies/deployment.yaml

  Line 78 in 9f85e54

  name: {{ $.Values.secretRefs.jwtSecretRef }}

• ocis-charts/charts/ocis/templates/storageusers/deployment.yaml

  Line 97 in 9f85e54

  name: {{ .Values.secretRefs.s3CredentialsSecretRef }}

• ocis-charts/charts/ocis/templates/storageusers/deployment.yaml

  Line 102 in 9f85e54

  name: {{ .Values.secretRefs.s3CredentialsSecretRef }}

• ocis-charts/charts/ocis/templates/storageusers/jobs.yaml

  Line 69 in 9f85e54

  name: {{ .Values.secretRefs.s3CredentialsSecretRef }}

• ocis-charts/charts/ocis/templates/storageusers/jobs.yaml

  Line 74 in 9f85e54

  name: {{ .Values.secretRefs.s3CredentialsSecretRef }}

Other comments are inline

[ainmosni]

Taking the ownership of externally-defined Secrets and ConfigMaps fails here:

Error: UPGRADE FAILED: rendered manifests contain a resource that already exists. Unable to continue with update: Secret "machine-auth-api-key" in namespace "default" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "owncloud"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "default"
helm.go:84: [debug] Secret "machine-auth-api-key" in namespace "default" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "owncloud"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "default"

Aside this the following places contain secrets which are not handled so far:

* https://github.com/owncloud/ocis-charts/blob/9f85e54faaf86f628328d3d56497c47035bafb5f/charts/ocis/templates/appprovider/deployment.yaml#L79

* https://github.com/owncloud/ocis-charts/blob/9f85e54faaf86f628328d3d56497c47035bafb5f/charts/ocis/templates/policies/deployment.yaml#L78

* https://github.com/owncloud/ocis-charts/blob/9f85e54faaf86f628328d3d56497c47035bafb5f/charts/ocis/templates/storageusers/deployment.yaml#L97

* https://github.com/owncloud/ocis-charts/blob/9f85e54faaf86f628328d3d56497c47035bafb5f/charts/ocis/templates/storageusers/deployment.yaml#L102

* https://github.com/owncloud/ocis-charts/blob/9f85e54faaf86f628328d3d56497c47035bafb5f/charts/ocis/templates/storageusers/jobs.yaml#L69

* https://github.com/owncloud/ocis-charts/blob/9f85e54faaf86f628328d3d56497c47035bafb5f/charts/ocis/templates/storageusers/jobs.yaml#L74

Other comments are inline

These are all fixed, looking for a way around the first problem you mentioned now.

[mmattel]

@ainmosni Minor text bug in commit Update docs.:

If not filled in, will attempt to to use values in .storageusers.storageBackend.s3.driverConfig.s3ng instead.

to to --> to

[mmattel]

Maybe needs a rebase because merging of 305/306/307/308 yesterday.

[d7oc]

PR is fine for me after discussion. Ownership stuff will be documented.

[mmattel]

Ownership stuff will be documented.

Pls tell more so docs can address this.

[d7oc]

Ownership stuff will be documented.

Pls tell more so docs can address this.

My understanding was that the text fro this will be provided from @ainmosni or @wkloucek. If that's not the case I could also jump in here if needed.