some smaller fixes

zitadel · Sep 26, 2024 · becb791 · becb791
1 parent 6327276
commit becb791
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 13 deletions.
diff --git a/charts/zitadel/templates/certsjob.yaml b/charts/zitadel/templates/certsjob.yaml
@@ -1,7 +1,10 @@
 {{- if .Values.certJob.enabled -}}
-{{- $overrideValid := and(not .Values.postgres.enabled) (not .Values.cockroach.enabled) -}}
-{{- $cockroachOverride := and($overrideValid) (eq .Values.certJob.override "cockroach") -}}
-{{- $postgresOverride := and($overrideValid) (eq .Values.certJob.override "postgres") -}}
+{{- if and (or .Values.postgresql.enabled .Values.cockroachdb.enabled) (.Values.certJob.manual) -}}
+{{ fail "cannot have both a DB enabled and manual option."}}
+{{- end -}}
+{{- if and .Values.postgresql.enabled .Values.cockroachdb.enabled -}}
+{{ fail "you can only enable one database."}}
+{{- end -}}
 
 apiVersion: batch/v1
 kind: Job
@@ -33,7 +36,7 @@ spec:
       restartPolicy: OnFailure
       serviceAccountName: {{ .Values.certJob.serviceAccountName }}
 
-      {{- if or (.Values.postgresql.enabled) ($postgresOverride) }}
+      {{- if or (.Values.postgresql.enabled) (eq .Values.certJob.manual "postgresql") }}
 
       initContainers:
       - image: alpine/openssl
@@ -140,7 +143,7 @@ spec:
         emptyDir: {}
       {{- end}}
 
-      {{- if or (.Values.cockroach.enabled) ($cockroachOverride) }}
+      {{- if or (.Values.cockroachdb.enabled) (eq .Values.certJob.manual "cockroachdb") }}
       initContainers:
       - image: busybox
         imagePullPolicy: IfNotPresent

diff --git a/charts/zitadel/templates/rbac.yaml b/charts/zitadel/templates/rbac.yaml
@@ -1,5 +1,5 @@
 ---
-{{- if include "deepCheck" (dict "root" .Values "path" (splitList "." "zitadel.configmapConfig.FirstInstance.Org.Machine")) }}
+{{- if include "deepCheck" (dict "root" .Values "path" (splitList "." "zitadel.configmapConfig.FirstInstance.Org.Machine")) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -37,9 +37,9 @@ roleRef:
   name: {{ include "zitadel.serviceAccountName" . }}
   apiGroup: rbac.authorization.k8s.io
 
-{{- end}}
+{{- end -}}
 
-{{- if .Values.certJob.enabled))}}
+{{- if .Values.certJob.enabled -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -74,6 +74,5 @@ roleRef:
   kind: Role
   name: {{ - toYaml .Values.certJob.serviceAccountName }}
   apiGroup: rbac.authorization.k8s.io
-
-{{- end}}
 ---
+{{- end -}}
diff --git a/charts/zitadel/templates/serviceaccount.yaml b/charts/zitadel/templates/serviceaccount.yaml
@@ -20,9 +20,9 @@ metadata:
   name: {{ .Values.certJob.serviceAccountName }}
   labels:
     {{- include "zitadel.labels" . | nindent 4}}
-  {{ - with .Values.serviceAccount.annotations }}
+  {{ with .Values.serviceAccount.annotations }}
   annotations:
-    {{ - toYaml . | nindent 4}}
-  {{ - end}}
+    {{ toYaml . | nindent 4}}
+  {{  end}}
 ---
 {{- end}}
diff --git a/charts/zitadel/values.yaml b/charts/zitadel/values.yaml
@@ -169,6 +169,7 @@ topologySpreadConstraints: []
 
 certJob:
   enabled: false
+  manual: ""
   annotations:
     helm.sh/hook: pre-install, pre-upgrade
     helm.sh/hook-delete-policy: before-hook-creation
@@ -181,6 +182,7 @@ certJob:
   podAdditionalLabels: {}
   volumeName: certs
   secretName: certs-secret
+  serviceAccountName: zitadel-cert-creator
 
 initJob:
   # Once ZITADEL is installed, the initJob can be disabled.