Add ability to configure an existing secret for S3 type storage

Signed-off-by: Domonkos Cinke <[email protected]>
Signed-off-by: Domonkos Cinke <[email protected]>

templates/chartmuseum/chartmuseum-cm.yaml

@@ -69,7 +69,7 @@ data:
   {{- if $storage.s3.regionendpoint }}
   STORAGE_AMAZON_ENDPOINT: {{ $storage.s3.regionendpoint }}
   {{- end }}
-  {{- if $storage.s3.accesskey }}
+  {{- if and (not $storage.s3.existingSecret) ($storage.s3.accesskey) }}
   AWS_ACCESS_KEY_ID: {{ $storage.s3.accesskey }}
   {{- end }}
   {{- if $storage.s3.keyid }}

templates/chartmuseum/chartmuseum-dpl.yaml

@@ -74,6 +74,10 @@ spec:
             name: "{{ template "harbor.chartmuseum" . }}"
         - secretRef:
             name: "{{ template "harbor.chartmuseum" . }}"
+        {{- if .Values.persistence.imageChartStorage.s3.existingSecret }}
+        - secretRef:
+            name: {{ .Values.persistence.imageChartStorage.s3.existingSecret }}
+        {{- end }}
         env:
           {{- if has "chartmuseum" .Values.proxy.components }}
           - name: HTTP_PROXY

templates/chartmuseum/chartmuseum-secret.yaml

@@ -15,7 +15,7 @@ data:
 {{- else if eq $storageType "gcs" }}
   # TODO support the keyfile of gcs
 {{- else if eq $storageType "s3" }}
-  {{- if $storage.s3.secretkey }}
+  {{- if and (not $storage.s3.existingSecret) ($storage.s3.secretkey) }}
   AWS_SECRET_ACCESS_KEY: {{ $storage.s3.secretkey | b64enc | quote }}
   {{- end }}
 {{- else if eq $storageType "swift" }}

values.yaml

@@ -298,6 +298,9 @@ persistence:
       #rootdirectory: /gcs/object/name/prefix
       #chunksize: "5242880"
     s3:
+      # Set an existing secret for S3 accesskey and secretkey
+      # keys in the secret should be AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
+      #existingSecret: ""
       region: us-west-1
       bucket: bucketname
       #accesskey: awsaccesskey