From becb791fb7ca1fb2813cdf567ff66530cd5e78e6 Mon Sep 17 00:00:00 2001 From: Lamar Daughma Date: Thu, 26 Sep 2024 20:28:35 +0100 Subject: [PATCH] some smaller fixes --- charts/zitadel/templates/certsjob.yaml | 13 ++++++++----- charts/zitadel/templates/rbac.yaml | 9 ++++----- charts/zitadel/templates/serviceaccount.yaml | 6 +++--- charts/zitadel/values.yaml | 2 ++ 4 files changed, 17 insertions(+), 13 deletions(-) diff --git a/charts/zitadel/templates/certsjob.yaml b/charts/zitadel/templates/certsjob.yaml index e749985..0ab322f 100644 --- a/charts/zitadel/templates/certsjob.yaml +++ b/charts/zitadel/templates/certsjob.yaml @@ -1,7 +1,10 @@ {{- if .Values.certJob.enabled -}} -{{- $overrideValid := and(not .Values.postgres.enabled) (not .Values.cockroach.enabled) -}} -{{- $cockroachOverride := and($overrideValid) (eq .Values.certJob.override "cockroach") -}} -{{- $postgresOverride := and($overrideValid) (eq .Values.certJob.override "postgres") -}} +{{- if and (or .Values.postgresql.enabled .Values.cockroachdb.enabled) (.Values.certJob.manual) -}} +{{ fail "cannot have both a DB enabled and manual option."}} +{{- end -}} +{{- if and .Values.postgresql.enabled .Values.cockroachdb.enabled -}} +{{ fail "you can only enable one database."}} +{{- end -}} apiVersion: batch/v1 kind: Job @@ -33,7 +36,7 @@ spec: restartPolicy: OnFailure serviceAccountName: {{ .Values.certJob.serviceAccountName }} - {{- if or (.Values.postgresql.enabled) ($postgresOverride) }} + {{- if or (.Values.postgresql.enabled) (eq .Values.certJob.manual "postgresql") }} initContainers: - image: alpine/openssl @@ -140,7 +143,7 @@ spec: emptyDir: {} {{- end}} - {{- if or (.Values.cockroach.enabled) ($cockroachOverride) }} + {{- if or (.Values.cockroachdb.enabled) (eq .Values.certJob.manual "cockroachdb") }} initContainers: - image: busybox imagePullPolicy: IfNotPresent diff --git a/charts/zitadel/templates/rbac.yaml b/charts/zitadel/templates/rbac.yaml index c37191f..09b3917 100644 --- a/charts/zitadel/templates/rbac.yaml +++ b/charts/zitadel/templates/rbac.yaml @@ -1,5 +1,5 @@ --- -{{- if include "deepCheck" (dict "root" .Values "path" (splitList "." "zitadel.configmapConfig.FirstInstance.Org.Machine")) }} +{{- if include "deepCheck" (dict "root" .Values "path" (splitList "." "zitadel.configmapConfig.FirstInstance.Org.Machine")) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -37,9 +37,9 @@ roleRef: name: {{ include "zitadel.serviceAccountName" . }} apiGroup: rbac.authorization.k8s.io -{{- end}} +{{- end -}} -{{- if .Values.certJob.enabled))}} +{{- if .Values.certJob.enabled -}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -74,6 +74,5 @@ roleRef: kind: Role name: {{ - toYaml .Values.certJob.serviceAccountName }} apiGroup: rbac.authorization.k8s.io - -{{- end}} --- +{{- end -}} diff --git a/charts/zitadel/templates/serviceaccount.yaml b/charts/zitadel/templates/serviceaccount.yaml index 523cac6..3ae1f97 100644 --- a/charts/zitadel/templates/serviceaccount.yaml +++ b/charts/zitadel/templates/serviceaccount.yaml @@ -20,9 +20,9 @@ metadata: name: {{ .Values.certJob.serviceAccountName }} labels: {{- include "zitadel.labels" . | nindent 4}} - {{ - with .Values.serviceAccount.annotations }} + {{ with .Values.serviceAccount.annotations }} annotations: - {{ - toYaml . | nindent 4}} - {{ - end}} + {{ toYaml . | nindent 4}} + {{ end}} --- {{- end}} diff --git a/charts/zitadel/values.yaml b/charts/zitadel/values.yaml index 86f9e49..8bad71d 100644 --- a/charts/zitadel/values.yaml +++ b/charts/zitadel/values.yaml @@ -169,6 +169,7 @@ topologySpreadConstraints: [] certJob: enabled: false + manual: "" annotations: helm.sh/hook: pre-install, pre-upgrade helm.sh/hook-delete-policy: before-hook-creation @@ -181,6 +182,7 @@ certJob: podAdditionalLabels: {} volumeName: certs secretName: certs-secret + serviceAccountName: zitadel-cert-creator initJob: # Once ZITADEL is installed, the initJob can be disabled.