Helm: fix secrets for non-default release name (#5403)

.github/workflows/helm.yml

@@ -63,7 +63,7 @@ jobs:
  cd helm-chart
  helm dependency update
  cd ..
- helm upgrade -n default cvat -i --create-namespace helm-chart -f helm-chart/values.yaml -f tests/values.test.yaml
+ helm upgrade -n default release-${{ github.run_id }}-${{ github.run_attempt }} -i --create-namespace helm-chart -f helm-chart/values.yaml -f tests/values.test.yaml
 
  - name: Update test config
  run: |

CHANGELOG.md

@@ -86,6 +86,7 @@ non-ascii paths while adding files from "Connected file share" (issue #4428)
 - Fixed FBRS serverless function runtime error on images with alpha channel (<https://github.com/opencv/cvat/pull/5384>)
 - Attaching manifest with custom name (<https://github.com/opencv/cvat/pull/5377>)
 - Uploading non-zip annotaion files (<https://github.com/opencv/cvat/pull/5386>)
+- Broken helm chart - if using custom release name (<https://github.com/opencv/cvat/pull/5403>)
 - Missing source tag in project annotations (<https://github.com/opencv/cvat/pull/5408>)
 
 ### Security

helm-chart/templates/cvat-postgres-secret.yml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  namespace: {{ .Release.Namespace }}
  labels:
  {{- include "cvat.labels" . | nindent 4 }}

helm-chart/templates/cvat-server-secret.yml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
- name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+ name: "{{ tpl ( .Values.cvat.backend.server.secret.name) . }}"
  namespace: {{ .Release.Namespace }}
 type: generic
 stringData:

helm-chart/templates/cvat_backend/cvat_worker_webhooks/deployment.yml

@@ -63,22 +63,22 @@ spec:
  - name: CVAT_POSTGRES_HOST
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-hostname
  - name: CVAT_POSTGRES_USER
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-username
  - name: CVAT_POSTGRES_DBNAME
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-database
  - name: CVAT_POSTGRES_PASSWORD
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-password
  {{- else }}
  - name: CVAT_POSTGRES_HOST

helm-chart/templates/cvat_backend/server/deployment.yml

@@ -62,22 +62,22 @@ spec:
  - name: SOCIAL_AUTH_GOOGLE_CLIENT_ID
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+ name: "{{ tpl (.Values.cvat.backend.server.secret.name) . }}"
  key: googleClientId
  - name: SOCIAL_AUTH_GOOGLE_CLIENT_SECRET
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+ name: "{{ tpl (.Values.cvat.backend.server.secret.name) . }}"
  key: googleClientSecret
  - name: SOCIAL_AUTH_GITHUB_CLIENT_ID
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+ name: "{{ tpl (.Values.cvat.backend.server.secret.name) . }}"
  key: githubClientId
  - name: SOCIAL_AUTH_GITHUB_CLIENT_SECRET
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.cvat.backend.server.secret.name }}"
+ name: "{{ tpl (.Values.cvat.backend.server.secret.name) . }}"
  key: googleClientSecret
  {{- end }}
  - name: IAM_OPA_BUNDLE
@@ -93,22 +93,22 @@ spec:
  - name: CVAT_POSTGRES_HOST
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-hostname
  - name: CVAT_POSTGRES_USER
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-username
  - name: CVAT_POSTGRES_DBNAME
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-database
  - name: CVAT_POSTGRES_PASSWORD
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-password
  {{- else }}
  - name: CVAT_POSTGRES_HOST

helm-chart/templates/cvat_backend/utils/deployment.yml

@@ -64,22 +64,22 @@ spec:
  - name: CVAT_POSTGRES_HOST
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-hostname
  - name: CVAT_POSTGRES_USER
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-username
  - name: CVAT_POSTGRES_DBNAME
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-database
  - name: CVAT_POSTGRES_PASSWORD
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-password
  {{- else }}
  - name: CVAT_POSTGRES_HOST

helm-chart/templates/cvat_backend/worker_default/deployment.yml

@@ -63,22 +63,22 @@ spec:
  - name: CVAT_POSTGRES_HOST
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-hostname
  - name: CVAT_POSTGRES_USER
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-username
  - name: CVAT_POSTGRES_DBNAME
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-database
  - name: CVAT_POSTGRES_PASSWORD
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-password
  {{- else }}
  - name: CVAT_POSTGRES_HOST

helm-chart/templates/cvat_backend/worker_low/deployment.yml

@@ -63,22 +63,22 @@ spec:
  - name: CVAT_POSTGRES_HOST
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-hostname
  - name: CVAT_POSTGRES_USER
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-username
  - name: CVAT_POSTGRES_DBNAME
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-database
  - name: CVAT_POSTGRES_PASSWORD
  valueFrom:
  secretKeyRef:
- name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}"
+ name: "{{ tpl (.Values.postgresql.secret.name) . }}"
  key: postgresql-password
  {{- else }}
  - name: CVAT_POSTGRES_HOST

helm-chart/values.yaml

@@ -22,7 +22,7 @@ cvat:
  USE_ALLAUTH_SOCIAL_ACCOUNTS: false
  secret:
  create: true
- name: cvat-server-secret
+ name: "{{ .Release.Name }}-cvat-server-secret"
  socialAccountAuthentication:
  googleClientId: ""
  googleClientSecret: ""
@@ -191,10 +191,10 @@ postgresql:
  # If not external following config will be applied by default
  global:
  postgresql:
- existingSecret: cvat-postgres-secret
+ existingSecret: "{{ .Release.Name }}-postgres-secret"
  secret:
  create: true
- name: postgres-secret
+ name: "{{ .Release.Name }}-postgres-secret"
  password: cvat_postgresql
  postgres_password: cvat_postgresql_postgres
  replication_password: cvat_postgresql_replica