Added support for specifying an existing secret for weaviate-cluster-api-basic-auth

.cicd/test.sh

@@ -76,6 +76,9 @@ function check_creates_template() {
   check_no_setting "" "name: ENABLE_MODULES"
   check_setting_has_value "" "name: DEFAULT_VECTORIZER_MODULE" "value: none"
   check_no_setting "" "serviceAccountName"
+  check_string_existence "" "type: kubernetes.io/basic-auth"
+  check_no_setting "--set clusterApi.basicAuth.secret.create=false" "type: kubernetes.io/basic-auth"
+  check_string_existence "--set clusterApi.basicAuth.secret.name=external-cluster-api-basic-auth" "name: external-cluster-api-basic-auth"
   check_setting_has_value "--set serviceAccountName=my-service-account-test" "serviceAccountName" "my-service-account-test"
   check_setting_has_value "--set modules.default_vectorizer_module=text2vec-openai" "name: DEFAULT_VECTORIZER_MODULE" "value: text2vec-openai"
   check_modules "--set modules.text2vec-contextionary.enabled=true" "value: text2vec-contextionary"

weaviate/templates/_helpers.tpl

@@ -234,19 +234,20 @@ imagePullSecrets:
 Cluster API Secrets
 */}}
 {{- define "cluster_api.secret" -}}
-{{- $secret := lookup "v1" "Secret" .Release.Namespace "weaviate-cluster-api-basic-auth" -}}
+{{- $secretName := .Values.clusterApi.basicAuth.secret.name -}}
+{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName -}}
 {{- if $secret -}}
 {{/*
    Reusing value of secret if exist
 */}}
-username: {{ $secret.data.username }}
-password: {{ $secret.data.password }}
+{{ .Values.clusterApi.basicAuth.secret.usernameKey }}: {{ $secret.data.username }}
+{{ .Values.clusterApi.basicAuth.secret.passwordKey }}: {{ $secret.data.password }}
 {{- else -}}
 {{/*
     add new data
 */}}
-username: {{ randAlphaNum 32 | b64enc | quote }}
-password: {{ randAlphaNum 32 | b64enc | quote }}
+{{ .Values.clusterApi.basicAuth.secret.usernameKey }}: {{ randAlphaNum 32 | b64enc | quote }}
+{{ .Values.clusterApi.basicAuth.secret.passwordKey }}: {{ randAlphaNum 32 | b64enc | quote }}
 {{- end -}}
 {{- end -}}
 

weaviate/templates/weaviateSecretClusterAPI.yaml

@@ -1,7 +1,9 @@
+{{- if (index .Values.clusterApi.basicAuth.secret.create) }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: weaviate-cluster-api-basic-auth
+  name: {{ .Values.clusterApi.basicAuth.secret.name }}
 type: kubernetes.io/basic-auth
 data:
 {{- ( include "cluster_api.secret" . ) | indent 2 -}}
+{{- end }}

weaviate/templates/weaviateStatefulset.yaml

@@ -105,13 +105,13 @@ spec:
           - name: CLUSTER_BASIC_AUTH_USERNAME
             valueFrom:
               secretKeyRef:
-                name: weaviate-cluster-api-basic-auth
-                key: username
+                name: {{ .Values.clusterApi.basicAuth.secret.name }}
+                key: {{ .Values.clusterApi.basicAuth.secret.usernameKey }}
           - name: CLUSTER_BASIC_AUTH_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: weaviate-cluster-api-basic-auth
-                key: password
+                name: {{ .Values.clusterApi.basicAuth.secret.name }}
+                key: {{ .Values.clusterApi.basicAuth.secret.passwordKey }}
           - name: PERSISTENCE_DATA_PATH
             value: '/var/lib/weaviate'
           - name: DEFAULT_VECTORIZER_MODULE

weaviate/values.yaml

@@ -296,6 +296,15 @@ query_defaults:
   limit: 100
 debug: false
 
+clusterApi:
+  basicAuth:
+    secret:
+      # Set to false when the Secret is created/managed externally (for example via a secrets operator).
+      create: true
+      # Existing Secret name to read CLUSTER_BASIC_AUTH_USERNAME/CLUSTER_BASIC_AUTH_PASSWORD from.
+      name: weaviate-cluster-api-basic-auth
+      usernameKey: username
+      passwordKey: password
 
 # Insert any custom environment variables or envSecrets by putting the exact name
 # and desired value into the settings below. Any env name passed will be automatically