diff --git a/charts/invenio/templates/NOTES.txt b/charts/invenio/templates/NOTES.txt index 8b5d149..31b0234 100644 --- a/charts/invenio/templates/NOTES.txt +++ b/charts/invenio/templates/NOTES.txt @@ -9,3 +9,20 @@ DEPRECATION WARNING: removed in a future release. {{- end }} + +{{- if .Values.invenio.sentry.existing_secret}} + +DEPRECATION WARNING: + `invenio.sentry.existing_secret` has been renamed to `invenio.sentry.existingSecret` + and its type has changed from boolean to string. + This key will be removed in a future release. + +{{- end }} + +{{- if .Values.invenio.sentry.secret_name}} + +DEPRECATION WARNING: + `invenio.sentry.secret_name` has been removed in favor of + `invenio.sentry.existingSecret` will be removed in a future release. + +{{- end }} diff --git a/charts/invenio/templates/_helpers.tpl b/charts/invenio/templates/_helpers.tpl index 579cd8a..54b7a14 100644 --- a/charts/invenio/templates/_helpers.tpl +++ b/charts/invenio/templates/_helpers.tpl @@ -273,3 +273,29 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- $databaseName := include "invenio.postgresql.databaseName" . -}} {{- printf "postgresql+psycopg2://%s:%s@%s:%v/%s" $username $password $hostname $port $databaseName -}} {{- end -}} + +{{/* +Get the sentry secret name +*/}} +{{- define "invenio.sentrySecretName" -}} +{{- if .Values.invenio.sentry.existingSecret -}} + {{- print (tpl .Values.invenio.sentry.existingSecret .) -}} +{{- else if .Values.invenio.sentry.secret_name -}} + {{- print (tpl .Values.invenio.sentry.secret_name .) -}} +{{- else -}} + {{- "sentry-secrets" -}} +{{- end -}} +{{- end -}} + +{{/* +Add sentry environmental variables +*/}} +{{- define "invenio.config.sentry" -}} +{{- if .Values.invenio.sentry.enabled -}} +- name: INVENIO_SENTRY_DSN + valueFrom: + secretKeyRef: + name: {{ include "invenio.sentrySecretName" . }} + key: {{ .Values.invenio.sentry.secretKeys.dsnKey }} +{{- end }} +{{- end -}} diff --git a/charts/invenio/templates/install-init-job.yaml b/charts/invenio/templates/install-init-job.yaml index 2e43019..86bad4a 100644 --- a/charts/invenio/templates/install-init-job.yaml +++ b/charts/invenio/templates/install-init-job.yaml @@ -57,6 +57,7 @@ spec: secretKeyRef: name: invenio-secrets key: INVENIO_CSRF_SECRET_SALT + {{- include "invenio.config.sentry" . | nindent 8 }} {{- if .Values.web.resources }} resources: {{- toYaml .Values.web.resources | nindent 10 }} {{- end }} diff --git a/charts/invenio/templates/sentry-secret.yaml b/charts/invenio/templates/sentry-secret.yaml index 40dc091..1a5ffb8 100644 --- a/charts/invenio/templates/sentry-secret.yaml +++ b/charts/invenio/templates/sentry-secret.yaml @@ -1,15 +1,16 @@ -{{- if and (.Values.invenio.sentry.enabled) (not .Values.invenio.sentry.existing_secret) }} +{{- if and (.Values.invenio.sentry.enabled) (and (not .Values.invenio.sentry.existingSecret) (not .Values.invenio.sentry.existing_secret))}} +{{- $dsn := .Values.invenio.sentry.dsn | required ".Values.invenio.sentry.dns is required if not secret is provided." -}} --- apiVersion: v1 kind: Secret type: Opaque metadata: - name: {{ .Values.invenio.sentry.secret_name }} + name: sentry-secrets labels: {{- include "invenio.labels" . | nindent 4 }} - app: {{ .Values.invenio.sentry.secret_name }} + app: sentry-secrets annotations: helm.sh/resource-policy: keep data: - SENTRY_DSN: {{ .Values.invenio.sentry.dsn | b64enc }} + {{ .Values.invenio.sentry.secretKeys.dsnKey }}: {{ $dsn | b64enc }} {{- end -}} diff --git a/charts/invenio/templates/web-deployment.yaml b/charts/invenio/templates/web-deployment.yaml index 673bd0a..4a6f063 100644 --- a/charts/invenio/templates/web-deployment.yaml +++ b/charts/invenio/templates/web-deployment.yaml @@ -54,13 +54,7 @@ spec: secretKeyRef: name: invenio-secrets key: INVENIO_CSRF_SECRET_SALT - {{- if .Values.invenio.sentry.enabled }} - - name: INVENIO_SENTRY_DSN - valueFrom: - secretKeyRef: - name: {{ .Values.invenio.sentry.secret_name }} - key: SENTRY_DSN - {{- end }} + {{- include "invenio.config.sentry" . | nindent 8 }} {{- if .Values.invenio.datacite.enabled }} - name: INVENIO_DATACITE_USERNAME valueFrom: diff --git a/charts/invenio/templates/worker-beat-deployment.yaml b/charts/invenio/templates/worker-beat-deployment.yaml index 22ac680..96326bc 100644 --- a/charts/invenio/templates/worker-beat-deployment.yaml +++ b/charts/invenio/templates/worker-beat-deployment.yaml @@ -62,13 +62,7 @@ spec: secretKeyRef: name: invenio-secrets key: INVENIO_CSRF_SECRET_SALT - {{- if .Values.invenio.sentry.enabled }} - - name: INVENIO_SENTRY_DSN - valueFrom: - secretKeyRef: - name: {{ .Values.invenio.sentry.secret_name }} - key: SENTRY_DSN - {{- end }} + {{- include "invenio.config.sentry" . | nindent 8 }} {{- if .Values.invenio.datacite.enabled }} - name: INVENIO_DATACITE_USERNAME valueFrom: diff --git a/charts/invenio/templates/worker-deployment.yaml b/charts/invenio/templates/worker-deployment.yaml index 3588334..0bd456b 100644 --- a/charts/invenio/templates/worker-deployment.yaml +++ b/charts/invenio/templates/worker-deployment.yaml @@ -58,13 +58,7 @@ spec: secretKeyRef: name: invenio-secrets key: INVENIO_CSRF_SECRET_SALT - {{- if .Values.invenio.sentry.enabled }} - - name: INVENIO_SENTRY_DSN - valueFrom: - secretKeyRef: - name: {{ .Values.invenio.sentry.secret_name }} - key: SENTRY_DSN - {{- end }} + {{- include "invenio.config.sentry" . | nindent 10 }} {{- if .Values.invenio.datacite.enabled }} - name: INVENIO_DATACITE_USERNAME valueFrom: diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml index a5aaf75..e7e8685 100644 --- a/charts/invenio/values.yaml +++ b/charts/invenio/values.yaml @@ -19,10 +19,25 @@ invenio: default_users: [] # Requires invenio.init=true demo_data: false # Setting invenio.demo_data=true requires also setting default_users! sentry: + ## @param invenio.sentry.enabled Enable Sentry.io integration + ## enabled: false - existing_secret: false - secret_name: "sentry-secrets" + ## @param invenio.sentry.dns Sentry DSN, required if not secret is provided + ## dsn: "" + ## @param invenio.sentry.secret_name DEPRECATED: invenio.sentry.existingSecret instead + ## + secret_name: "sentry-secrets" + ## @param invenio.sentry.existing_secret DEPRECATED: invenio.sentry.existingSecret instead + ## + existing_secret: false + ## @param invenio.sentry.existingSecret Existing secret name for sentry's dsn + ## + existingSecret: "" + ## @param invenio.sentry.secretKeys.dsnKey Name of key in existing secret to use for dns. Only used when `invenio.sentry.existingSecret` is set. + ## + secretKeys: + dsnKey: "SENTRY_DSN" datacite: enabled: false existing_secret: false