Support extra secrets (#185)

Adds support for ExternalSecrets or secrets that are generated other than from the chart itself. This is useful for those who may be managing secrets with other services, such as Hashicorp Vault or OpenBao.

Author: yekibud

couchdb/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: couchdb
-version: 4.5.6
+version: 4.5.7
 appVersion: 3.3.3
 description: A database featuring seamless multi-master sync, that scales from
   big data to mobile, with an intuitive HTTP/JSON API and designed for

couchdb/NEWS.md

@@ -1,5 +1,9 @@
 # NEWS
 
+## 4.5.7
+
+- Add support for extra secrets not created by the chart, such as Hashicorp Vault or OpenBao.
+
 ## 4.5.6
 
 - Add `extraPorts` to the network policy when the network policy is enabled.

couchdb/README.md

@@ -1,6 +1,6 @@
 # CouchDB
 
-![Version: 4.5.3](https://img.shields.io/badge/Version-4.5.3-informational?style=flat-square) ![AppVersion: 3.3.3](https://img.shields.io/badge/AppVersion-3.3.3-informational?style=flat-square)
+![Version: 4.5.7](https://img.shields.io/badge/Version-4.5.7-informational?style=flat-square) ![AppVersion: 3.3.3](https://img.shields.io/badge/AppVersion-3.3.3-informational?style=flat-square)
 
 Apache CouchDB is a database featuring seamless multi-master sync, that scales
 from big data to mobile, with an intuitive HTTP/JSON API and designed for
@@ -18,7 +18,7 @@ storage volumes to each Pod in the Deployment.
 ```bash
 $ helm repo add couchdb https://apache.github.io/couchdb-helm
 $ helm install couchdb/couchdb \
-  --version=4.5.3 \
+  --version=4.5.7 \
   --set allowAdminParty=true \
   --set couchdbConfig.couchdb.uuid=$(curl https://www.uuidgenerator.net/api/version4 2>/dev/null | tr -d -)
 ```
@@ -44,7 +44,7 @@ Afterwards install the chart replacing the UUID
 ```bash
 $ helm install \
   --name my-release \
-  --version=4.5.3 \
+  --version=4.5.7 \
   --set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
   couchdb/couchdb
 ```
@@ -78,7 +78,7 @@ and then install the chart while overriding the `createAdminSecret` setting:
 ```bash
 $ helm install \
   --name my-release \
-  --version=4.5.3 \
+  --version=4.5.7 \
   --set createAdminSecret=false \
   --set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
   couchdb/couchdb
@@ -133,7 +133,7 @@ version semantics. You can upgrade directly from `stable/couchdb` to this chart
 
 ```bash
 $ helm repo add couchdb https://apache.github.io/couchdb-helm
-$ helm upgrade my-release --version=4.5.3 couchdb/couchdb
+$ helm upgrade my-release --version=4.5.7 couchdb/couchdb
 ```
 
 ## Configuration
@@ -170,6 +170,9 @@ A variety of other parameters are also configurable. See the comments in the
 | `adminUsername`                      | admin                                            |
 | `adminPassword`                      | auto-generated                                   |
 | `adminHash`                          |                                                  |
+| `extraSecretName`                    | "" (the name of a secret resource to provide e.g. admin credentials from an ExternalSecret/vault/etc.)     |
+| `adminUsernameKey`                   | "" (the string/key to access the admin username secret from an extra secret if different from "adminUsername"  |
+| `adminPasswordKey`                   | "" (the string/key to access the admin password secret from an extra secret if different from "adminPassword"  |
 | `cookieAuthSecret`                   | auto-generated                                   |
 | `extraPorts`                         | [] (a list of ContainerPort objects)             |
 | `image.repository`                   | couchdb                                          |

couchdb/templates/job.yaml

@@ -40,13 +40,13 @@ spec:
             - name: COUCHDB_ADMIN
               valueFrom:
                 secretKeyRef:
-                  name: {{ template "couchdb.fullname" . }}
-                  key: adminUsername
+                  name: {{ .Values.extraSecretName | default (include "couchdb.fullname" .) }}
+                  key: {{ .Values.adminUsernameKey | default "adminUsername" }}
             - name: COUCHDB_PASS
               valueFrom:
                 secretKeyRef:
-                  name: {{ template "couchdb.fullname" . }}
-                  key: adminPassword
+                  name: {{ .Values.extraSecretName | default (include "couchdb.fullname" .) }}
+                  key: {{ .Values.adminPasswordKey | default "adminPassword" }}
           {{- if .Values.containerSecurityContext }}
           securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }}
           {{- end }}

couchdb/templates/statefulset.yaml

@@ -109,13 +109,13 @@ spec:
             - name: COUCHDB_USER
               valueFrom:
                 secretKeyRef:
-                  name: {{ template "couchdb.fullname" . }}
-                  key: adminUsername
+                  name: {{ .Values.extraSecretName | default (include "couchdb.fullname" .) }}
+                  key: {{ .Values.adminUsernameKey | default "adminUsername" }}
             - name: COUCHDB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: {{ template "couchdb.fullname" . }}
-                  key: adminPassword
+                  name: {{ .Values.extraSecretName | default (include "couchdb.fullname" .) }}
+                  key: {{ .Values.adminPasswordKey | default "adminPassword" }}
             - name: COUCHDB_SECRET
               valueFrom:
                 secretKeyRef:

couchdb/values.yaml

@@ -36,6 +36,10 @@ autoSetup:
 # 2) This flag can be disabled and a Secret with the required keys can be
 #    created ahead of time.
 createAdminSecret: true
+# defaults to chart name
+extraSecretName: ""
+adminUsernameKey: ""
+adminPasswordKey: ""
 
 adminUsername: admin
 # adminPassword: this_is_not_secure