it works!

OctopusDeploy · Jul 11, 2024 · faefa55 · faefa55
1 parent 08e25b7
commit faefa55
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 41 deletions.
diff --git a/charts/octopus-deploy/charts/mssql/templates/_helpers.tpl b/charts/octopus-deploy/charts/mssql/templates/_helpers.tpl
@@ -47,6 +47,6 @@ this template will return sa_password - either from values or autogenerated
 {{- if .Values.SA_PASSWORD -}}
 {{- .Values.SA_PASSWORD -}}
 {{- else -}}
-{{- include "generate_secret" (list . "sapassword" false) -}}
+{{- include "random_secret" (list . "sapassword") -}}
 {{- end -}}
 {{- end -}}
diff --git a/charts/octopus-deploy/templates/NOTES.txt b/charts/octopus-deploy/templates/NOTES.txt
@@ -0,0 +1,21 @@
+Thanks for installing Octopus Deploy!
+
+Your Octopus Server is now starting. 
+
+{{- if not .Values.octopus.ingress.enabled }}
+To connect, you can use the following command, then go to http://localhost:8080 in your web browser:
+    $ kubectl --namespace {{.Release.Namespace}} port-forward svc/{{ template "octopus.fullname" . }} 8080:{{.Values.octopus.webPort}}
+{{- end }}
+
+{{- if or (not .Values.octopus.masterKey) or (not .Values.octopus.password) or (and .Values.mssql.enabled (not .Values.mssql.SA_PASSWORD)) }}
+At least one required secret was not set, and has been autogenerated for you:
+{{- if not .Values.octopus.masterKey }}
+    Master Key: {{ index (index .Release "generatedSecrets") (printf "%s-%s" .Release.Name "masterkey") }}
+{{- end -}}
+{{- if not .Values.octopus.password }}
+    Admin Password: {{ index (index .Release "generatedSecrets") (printf "%s-%s" .Release.Name "adminpassword") }}
+{{- end -}}
+{{- if and .Values.mssql.enabled (not .Values.mssql.SA_PASSWORD) }}
+    SQL Server "SA" User Password: {{ index (index .Release "generatedSecrets") (printf "%s-%s" .Release.Name "sapassword") }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/octopus-deploy/templates/_helpers.tpl b/charts/octopus-deploy/templates/_helpers.tpl
@@ -78,7 +78,6 @@ Allows us to generate random passwords to store in k8s secrets
 Takes a list as its parameter
 Item 0 = current root
 Item 1 = secret name
-Item 2 = Boolean to determine if the secret is a master key or not
 */}}
 {{- define "generate_secret" -}}
 {{- $root := index . 0 -}}
@@ -89,7 +88,7 @@ Item 2 = Boolean to determine if the secret is a master key or not
 {{- $key := printf "%s-%s" $root.Release.Name $secretName -}}
 {{- if not (index $root.Release.generatedSecrets $key) -}}
 {{-   if eq $secretName "masterkey" -}}
-{{-     $_ := set $root.Release.generatedSecrets $key (randAlphaNum 64 | b64enc | trunc 16) -}}
+{{-     $_ := set $root.Release.generatedSecrets $key (randAscii 16 | b64enc) -}}
 {{-   else -}}
 {{-     $_ := set $root.Release.generatedSecrets $key (randAlphaNum 32) -}}
 {{-   end -}}
@@ -105,16 +104,22 @@ If the secret doesn't exist, the secret is autogenerated to be stored in the clu
 Takes a list as its parameter
 Item 0 = current root
 Item 1 = secret name
-Item 2 = Boolean to determine if the secret is a master key or not
 */}}
 {{- define "random_secret" -}}
 {{- $root := index . 0 -}}
-{{- $secretName := index . 1 -}}
+{{- $secret := index . 1 -}}
+{{- $secretName := printf "%s-%s" $root.Release.Name $secret -}}
+{{- $d := "" -}}
 {{- $data := default dict (lookup "v1" "Secret" $root.Release.Namespace $secretName).data -}}
 {{- if $data -}}
-  {{- index $data.secret | b64dec -}}
+{{-   if not (index $root.Release "generatedSecrets") -}}
+{{-     $_ := set $root.Release "generatedSecrets" dict -}}
+{{-   end -}}
+{{-   $_ := set $root.Release.generatedSecrets $secretName (index $data.secret | b64dec) -}}
+{{-   index $data.secret | b64dec -}}
+{{- else -}}
+{{- (include "generate_secret" .) -}}
 {{- end -}}
-  {{- (include "generate_secret" .) -}}
 {{- end -}}
 
 {{/*
@@ -124,7 +129,7 @@ If mssql is enabled, this template will return the password - either from values
 {{- if .Values.mssql.SA_PASSWORD -}}
 {{- .Values.mssql.SA_PASSWORD -}}
 {{- else -}}
-{{- include "generate_secret" (list . "sapassword") -}}
+{{- include "random_secret" (list . "sapassword") -}}
 {{- end -}}
 {{- end -}}
 

diff --git a/charts/octopus-deploy/templates/pvc.yaml b/charts/octopus-deploy/templates/pvc.yaml
@@ -3,21 +3,16 @@ apiVersion: v1
 metadata:
   name: package-repository-claim
   labels:
-    app: {{ template "octopus.name" . }}
-    chart: {{ template "octopus.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+    {{- include "labels" . | nindent 4 }}
 spec:
   accessModes:
     {{- if (gt (.Values.octopus.replicaCount | int) 1)}}
     - ReadWriteMany
     {{- else }}
     - {{.Values.octopus.packageRepositoryVolume.storageAccessMode}}
     {{- end }}
-  {{- if (eq "-" (.Values.octopus.packageRepositoryVolume.storageClassName | toString)) }}
-  storageClassName: ""
-  {{- else if .Values.octopus.packageRepositoryVolume.storageClassName }}
-  storageClassName: "{{ .Values.octopus.packageRepositoryVolume.storageClassName }}"
+  {{- if $storageClass := (default .Values.global.storageClass .Values.octopus.packageRepositoryVolume.storageClassName) }}
+  storageClassName: {{ $storageClass }}
   {{- end }}
   resources:
     requests:
@@ -28,21 +23,16 @@ apiVersion: v1
 metadata:
   name: artifacts-claim
   labels:
-    app: {{ template "octopus.name" . }}
-    chart: {{ template "octopus.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+    {{- include "labels" . | nindent 4 }}
 spec:
   accessModes:
     {{- if (gt (.Values.octopus.replicaCount | int) 1)}}
     - ReadWriteMany
     {{- else }}
     - {{.Values.octopus.artifactVolume.storageAccessMode}}
     {{- end }}
-  {{- if (eq "-" (.Values.octopus.artifactVolume.storageClassName | toString)) }}
-  storageClassName: ""
-  {{- else if .Values.octopus.artifactVolume.storageClassName }}
-  storageClassName: "{{ .Values.octopus.artifactVolume.storageClassName }}"
+  {{- if $storageClass := (default .Values.global.storageClass .Values.octopus.artifactVolume.storageClassName) }}
+  storageClassName: {{ $storageClass }}
   {{- end }}
   resources:
     requests:
@@ -53,21 +43,16 @@ apiVersion: v1
 metadata:
   name: task-log-claim
   labels:
-    app: {{ template "octopus.name" . }}
-    chart: {{ template "octopus.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+    {{- include "labels" . | nindent 4 }}
 spec:
   accessModes:
     {{- if (gt (.Values.octopus.replicaCount | int) 1)}}
     - ReadWriteMany
     {{- else }}
     - {{.Values.octopus.taskLogVolume.storageAccessMode}}
       {{- end }}
-  {{- if (eq "-" (.Values.octopus.taskLogVolume.storageClassName | toString)) }}
-  storageClassName: ""
-  {{- else if .Values.octopus.taskLogVolume.storageClassName }}
-  storageClassName: "{{ .Values.octopus.taskLogVolume.storageClassName }}"
+  {{- if $storageClass := (default .Values.global.storageClass .Values.octopus.taskLogVolume.storageClassName) }}
+  storageClassName: {{ $storageClass }}
   {{- end }}
   resources:
     requests:

diff --git a/charts/octopus-deploy/templates/secrets.yaml b/charts/octopus-deploy/templates/secrets.yaml
@@ -14,9 +14,9 @@ $_ := set $secrets "sapassword" ""
 
 {{/* Master Key */}}
 {{- if not .Values.octopus.masterKey }}
-{{- $_ := set $secrets "masterKey" "" }}
+{{- $_ := set $secrets "masterkey" "" }}
 {{- else }}
-{{- $_ := set $secrets "masterKey" .Values.octopus.masterKey }}
+{{- $_ := set $secrets "masterkey" .Values.octopus.masterKey }}
 {{- end }}
 
 {{/* Octopus Password */}}
@@ -44,12 +44,12 @@ apiVersion: v1
 kind: Secret
 type: opaque
 metadata:
-  name: {{ $secretName }}
+  name: {{printf "%s-%s" $.Release.Name $secretName }}
   labels:
     {{- include "labels" $ | nindent 4 }}
 data:
   {{- if not $secretValue }}
-  secret: {{ include "generate_secret" (list $ $secretName) | b64enc }}
+  secret: {{ include "random_secret" (list $ $secretName) | b64enc }}
   {{- else }}
   secret: {{ $secretValue | b64enc }}
   {{- end }}

diff --git a/charts/octopus-deploy/templates/statefulset.yaml b/charts/octopus-deploy/templates/statefulset.yaml
@@ -60,17 +60,17 @@ spec:
           - name: DB_CONNECTION_STRING
             valueFrom:
               secretKeyRef:
-                name: connectionstring
+                name: {{printf "%s-%s" $.Release.Name "connectionstring"}}
                 key: secret
           - name: ADMIN_USERNAME
             valueFrom:
               secretKeyRef:
-                name: adminusername
+                name: {{printf "%s-%s" $.Release.Name "adminusername"}}
                 key: secret
           - name: ADMIN_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: adminpassword
+                name: {{printf "%s-%s" $.Release.Name "adminpassword"}}
                 key: secret
           - name: ADMIN_EMAIL
             value: {{.Values.octopus.email}}
@@ -82,13 +82,13 @@ spec:
             # Without a HA license, the stateful set can have a replica count of 1.
             valueFrom:
               secretKeyRef:
-                name: licensekey
+                name: {{printf "%s-%s" $.Release.Name "licensekey"}}
                 key: secret
           {{- end}}
           - name: MASTER_KEY
             valueFrom:
               secretKeyRef:
-                name: masterkey
+                name: {{printf "%s-%s" $.Release.Name "masterkey"}}
                 key: secret
         {{- if not .Values.octopus.enableDockerInDocker }}
           - name: DISABLE_DIND