feat: better handling of kafka auth properties in helm chart

Author: achoimet

charts/steadybit-extension-kafka/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: steadybit-extension-kafka
 description: Steadybit scaffold extension Helm chart for Kubernetes.
-version: 1.0.17
+version: 1.0.18
 appVersion: v1.1.0
 home: https://www.steadybit.com/
 icon: https://steadybit-website-assets.s3.amazonaws.com/logo-symbol-transparent.png

charts/steadybit-extension-kafka/templates/_helpers.tpl

@@ -0,0 +1,5 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "kafka.auth.secret.name" -}}
+{{- default "steadybit-extension-kakfa" .Values.kafka.auth.existingSecret -}}
+{{- end -}}

charts/steadybit-extension-kafka/templates/deployment.yaml

@@ -70,17 +70,35 @@ spec:
             - name: STEADYBIT_EXTENSION_SEED_BROKERS
               value: {{ .Values.kafka.seedBrokers }}
             - name: STEADYBIT_EXTENSION_SASL_USER
-              value: {{ .Values.kafka.auth.saslUser }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "kafka.auth.secret.name" . }}
+                  key: saslUser
             - name: STEADYBIT_EXTENSION_SASL_PASSWORD
-              value: {{ .Values.kafka.auth.saslPassword }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "kafka.auth.secret.name" . }}
+                  key: saslPassword
             - name: STEADYBIT_EXTENSION_SASL_MECHANISM
-              value: {{ .Values.kafka.auth.saslMechanism }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "kafka.auth.secret.name" . }}
+                  key: saslMechanism
             - name: STEADYBIT_EXTENSION_KAFKA_CLUSTER_CERT_CHAIN_FILE
-              value: {{ .Values.kafka.auth.certChainFile }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "kafka.auth.secret.name" . }}
+                  key: certChainFile
             - name: STEADYBIT_EXTENSION_KAFKA_CLUSTER_CERT_KEY_FILE
-              value: {{ .Values.kafka.auth.certKeyFile }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "kafka.auth.secret.name" . }}
+                  key: certKeyFile
             - name: STEADYBIT_EXTENSION_KAFKA_CLUSTER_CA_FILE
-              value: {{ .Values.kafka.auth.CaFile }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "kafka.auth.secret.name" . }}
+                  key: caFile
             {{- include "extensionlib.deployment.env" (list .) | nindent 12 }}
             {{- with .Values.extraEnv }}
               {{- toYaml . | nindent 12 }}

charts/steadybit-extension-kafka/templates/secret.yaml

@@ -0,0 +1,19 @@
+{{- if not .Values.kafka.auth.existingSecret -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "kafka.auth.secret.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value }}
+  {{- end }}
+type: Opaque
+data:
+  saslMechanism: {{ .Values.kafka.auth.saslMechanism | b64enc | quote }}
+  saslUser: {{ .Values.kafka.auth.saslUser | b64enc | quote }}
+  saslPassword: {{ .Values.kafka.auth.saslPassword | b64enc | quote }}
+  certChainFile: {{ .Values.kafka.auth.certChainFile | b64enc | quote }}
+  certKeyFile: {{ .Values.kafka.auth.certKeyFile | b64enc | quote }}
+  caFile: {{ .Values.kafka.auth.caFile | b64enc | quote }}
+{{- end }}