pulsar-helm-chart icon indicating copy to clipboard operation
pulsar-helm-chart copied to clipboard
verified publisher icon apache

Kubernetes compliant token secret name as volume mounts

Open MarkusNeuron opened this issue 3 years ago • 0 comments

Is your feature request related to a problem? Please describe. At the moment the charts render the token secret volume directly derived from .Values.auth.superUsers.x for the broker, the proxy- and the toolset-stateful sets.

Because the superUsers configuration represents a token subscription that is issued by an IDP there is no control over the syntax of this value. e.g. "sub": "NR_CO_PROD_ADM_M2M-T"

For values not compliant to Kubernetes metadata.name syntax value will break the deployment.

Describe the solution you'd like To add more robustness I propose to introduce a simple transformation to lowercase + kebabcase like:

secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.broker | lower | kebabcase }}"

This will cover most of the edge cases.

Describe alternatives you've considered A even more generic approach to make the configured string value metadata.name compliant. Not aware of any.

Additional context Deployments fails by try to mount a volume secret named like

  - name: client-token
    secret:
      secretName: pulsar-token-NR_CO_PROD_ADM_M2M-T

MarkusNeuron avatar Oct 21 '22 08:10 MarkusNeuron