[bitnami/harbor] Revert merge chart generated env vart secret with existing secret (#32382)

* Revert "[bitnami/harbor] fix: secret envvars and their documentation (#28989)"

Signed-off-by: Miguel Ruiz <[email protected]>

* Add conditional

Signed-off-by: Miguel Ruiz <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

* Restore values.yaml

Signed-off-by: Miguel Ruiz <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

---------

Signed-off-by: Miguel Ruiz <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
Co-authored-by: Bitnami Containers <[email protected]>

Author: migruiz4

bitnami/harbor/CHANGELOG.md

@@ -1,8 +1,12 @@
 # Changelog
 
-## 24.3.4 (2025-03-08)
+## 24.4.0 (2025-03-13)
 
-* [bitnami/harbor] removed /etc/core/token mount since it's unused ([#32364](https://github.com/bitnami/charts/pull/32364))
+* [bitnami/harbor] Revert merge chart generated env vart secret with existing secret ([#32382](https://github.com/bitnami/charts/pull/32382))
+
+## <small>24.3.4 (2025-03-10)</small>
+
+* [bitnami/harbor] removed /etc/core/token mount since it's unused (#32364) ([a4ba8ad](https://github.com/bitnami/charts/commit/a4ba8ad7c4ba8a62dc9f945fa48d07f29565b4ad)), closes [#32364](https://github.com/bitnami/charts/issues/32364)
 
 ## <small>24.3.3 (2025-02-20)</small>
 

bitnami/harbor/Chart.yaml

@@ -56,4 +56,4 @@ maintainers:
 name: harbor
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/harbor
-version: 24.3.4
+version: 24.4.0

bitnami/harbor/templates/core/core-secret-envvars.yaml

@@ -3,29 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- $secretName := .Values.core.existingEnvVarsSecret -}}
-{{- $namespace := .Release.Namespace -}}
-{{- $secret := lookup "v1" "Secret" $namespace $secretName -}}
-{{- $existingEnvVarsSecretCore := dict -}}
-{{- if $secret.data }}
-  {{- $_REDIS_URL_CORE := index $secret.data "_REDIS_URL_CORE" | default "" -}}
-  {{- $_REDIS_URL_REG := index $secret.data "_REDIS_URL_REG" | default "" -}}
-  {{- $_CSRF_KEY := index $secret.data "CSRF_KEY" | default "" -}}
-  {{- $_HARBOR_ADMIN_PASSWORD := index $secret.data "HARBOR_ADMIN_PASSWORD" | default "" -}}
-  {{- $_POSTGRESQL_PASSWORD := index $secret.data "POSTGRESQL_PASSWORD" | default "" -}}
-  {{- $_REGISTRY_CREDENTIAL_PASSWORD := index $secret.data "REGISTRY_CREDENTIAL_PASSWORD" | default "" -}}
-  {{- $_REGISTRY_CREDENTIAL_USERNAME := index $secret.data "REGISTRY_CREDENTIAL_USERNAME" | default "" -}}
-  {{- $existingEnvVarsSecretCore = dict
-    "_REDIS_URL_CORE" ($_REDIS_URL_CORE | b64dec)
-    "_REDIS_URL_REG" ($_REDIS_URL_REG | b64dec)
-    "CSRF_KEY" ($_CSRF_KEY | b64dec)
-    "HARBOR_ADMIN_PASSWORD" ($_HARBOR_ADMIN_PASSWORD | b64dec)
-    "POSTGRESQL_PASSWORD" ($_POSTGRESQL_PASSWORD | b64dec)
-    "REGISTRY_CREDENTIAL_PASSWORD" ($_REGISTRY_CREDENTIAL_PASSWORD | b64dec)
-    "REGISTRY_CREDENTIAL_USERNAME" ($_REGISTRY_CREDENTIAL_USERNAME | b64dec)
-  -}}
-{{- end }}
-
+{{- if not .Values.core.existingEnvVarsSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -40,20 +18,11 @@ metadata:
   {{- end }}
 type: Opaque
 data:
-  _REDIS_URL_CORE: {{ $existingEnvVarsSecretCore._REDIS_URL_CORE | default (include "harbor.redisForCore" .) | b64enc | quote }}
-  _REDIS_URL_REG: {{ $existingEnvVarsSecretCore._REDIS_URL_REG | default (include "harbor.redisForGC" .) | b64enc | quote }}
-  REGISTRY_CREDENTIAL_USERNAME: {{ $existingEnvVarsSecretCore.REGISTRY_CREDENTIAL_USERNAME | default .Values.registry.credentials.username | b64enc | quote }}
-  REGISTRY_CREDENTIAL_PASSWORD: {{ $existingEnvVarsSecretCore.REGISTRY_CREDENTIAL_PASSWORD | default .Values.registry.credentials.password | b64enc | quote }}
-  POSTGRESQL_PASSWORD: {{ $existingEnvVarsSecretCore.POSTGRESQL_PASSWORD | default (include "harbor.database.rawPassword" .) | b64enc | quote }}
-  {{- $existingCSRFKey := $existingEnvVarsSecretCore.CSRF_KEY | default "" -}}
-  {{- if eq $existingCSRFKey "" }}
+  _REDIS_URL_CORE: {{ include "harbor.redisForCore" . | b64enc | quote }}
+  _REDIS_URL_REG: {{ include "harbor.redisForGC" . | b64enc | quote }}
+  REGISTRY_CREDENTIAL_USERNAME: {{ .Values.registry.credentials.username | b64enc | quote }}
+  REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
   CSRF_KEY: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-envvars" (include "harbor.core" .)) "key" "CSRF_KEY" "length" 32 "providedValues" (list "core.csrfKey") "context" $) }}
-  {{- else }}
-  CSRF_KEY: {{ $existingCSRFKey | b64enc | quote }}
-  {{- end }}
-  {{- $existingHarborAdmPW := $existingEnvVarsSecretCore.HARBOR_ADMIN_PASSWORD | default "" -}}
-  {{- if eq $existingHarborAdmPW "" }}
   HARBOR_ADMIN_PASSWORD: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-envvars" (include "harbor.core" .)) "key" "HARBOR_ADMIN_PASSWORD" "length" 22 "providedValues" (list "adminPassword") "context" $) }}
-  {{- else }}
-  HARBOR_ADMIN_PASSWORD: {{ $existingHarborAdmPW | b64enc | quote }}
-  {{- end }}
+  POSTGRESQL_PASSWORD: {{ include "harbor.database.rawPassword" . | b64enc | quote }}
+{{- end }}

bitnami/harbor/templates/jobservice/jobservice-secret-envvars.yaml

@@ -3,19 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- $secretName := .Values.jobservice.existingEnvVarsSecret -}}
-{{- $namespace := .Release.Namespace -}}
-{{- $secret := lookup "v1" "Secret" $namespace $secretName -}}
-{{- $existingEnvVarsSecretJobservice := dict -}}
-{{- if $secret.data }}
-  {{- $_REGISTRY_CREDENTIAL_PASSWORD := index $secret.data "REGISTRY_CREDENTIAL_PASSWORD" | default "" -}}
-  {{- $_JOB_SERVICE_POOL_REDIS_URL := index $secret.data "JOB_SERVICE_POOL_REDIS_URL" | default "" -}}
-  {{- $existingEnvVarsSecretJobservice = dict 
-        "REGISTRY_CREDENTIAL_PASSWORD" ($_REGISTRY_CREDENTIAL_PASSWORD | b64dec)
-        "JOB_SERVICE_POOL_REDIS_URL" ($_JOB_SERVICE_POOL_REDIS_URL | b64dec)
-     -}}
-{{- end }}
-
+{{- if not .Values.jobservice.existingEnvVarsSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -30,5 +18,6 @@ metadata:
   {{- end }}
 type: Opaque
 data:
-  REGISTRY_CREDENTIAL_PASSWORD: {{ $existingEnvVarsSecretJobservice.REGISTRY_CREDENTIAL_PASSWORD | default .Values.registry.credentials.password | b64enc | quote }}
-  JOB_SERVICE_POOL_REDIS_URL: {{ $existingEnvVarsSecretJobservice.JOB_SERVICE_POOL_REDIS_URL | default (include "harbor.redisForJobservice" .) | b64enc | quote }}
+  REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
+  JOB_SERVICE_POOL_REDIS_URL: {{ include "harbor.redisForJobservice" . | b64enc | quote }}
+{{- end }}

bitnami/harbor/templates/registry/registry-secret.yaml

@@ -3,37 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- $secretName := .Values.registry.existingSecret -}}
-{{- $namespace := .Release.Namespace -}}
-{{- $secret := lookup "v1" "Secret" $namespace $secretName -}}
-{{- $existingEnvVarsSecretRegistry := dict -}}
-{{- if $secret.data }}
-  {{- $_REGISTRY_HTPASSWD := index $secret.data "REGISTRY_HTPASSWD" | default "" -}}
-  {{- $_REGISTRY_HTTP_SECRET := index $secret.data "REGISTRY_HTTP_SECRET" | default "" -}}
-  {{- $_REGISTRY_REDIS_PASSWORD := index $secret.data "REGISTRY_REDIS_PASSWORD" | default "" -}}
-  {{- $_REGISTRY_STORAGE_AZURE_ACCOUNTKEY := index $secret.data "REGISTRY_STORAGE_AZURE_ACCOUNTKEY" | default "" -}}
-  {{- $_GCS_KEY_DATA := index $secret.data "GCS_KEY_DATA" | default "" -}}
-  {{- $_REGISTRY_STORAGE_S3_ACCESSKEY := index $secret.data "REGISTRY_STORAGE_S3_ACCESSKEY" | default "" -}}
-  {{- $_REGISTRY_STORAGE_S3_SECRETKEY := index $secret.data "REGISTRY_STORAGE_S3_SECRETKEY" | default "" -}}
-  {{- $_REGISTRY_STORAGE_SWIFT_PASSWORD := index $secret.data "REGISTRY_STORAGE_SWIFT_PASSWORD" | default "" -}}
-  {{- $_REGISTRY_STORAGE_SWIFT_SECRETKEY := index $secret.data "REGISTRY_STORAGE_SWIFT_SECRETKEY" | default "" -}}
-  {{- $_REGISTRY_STORAGE_SWIFT_ACCESSKEY := index $secret.data "REGISTRY_STORAGE_SWIFT_ACCESSKEY" | default "" -}}
-  {{- $_REGISTRY_STORAGE_OSS_ACCESSKEYSECRET := index $secret.data "REGISTRY_STORAGE_OSS_ACCESSKEYSECRET" | default "" -}}
-  {{- $existingEnvVarsSecretRegistry = dict 
-        "REGISTRY_HTPASSWD" ($_REGISTRY_HTPASSWD | b64dec)
-        "REGISTRY_HTTP_SECRET" ($_REGISTRY_HTTP_SECRET | b64dec)
-        "REGISTRY_REDIS_PASSWORD" ($_REGISTRY_REDIS_PASSWORD | b64dec)
-        "REGISTRY_STORAGE_AZURE_ACCOUNTKEY" ($_REGISTRY_STORAGE_AZURE_ACCOUNTKEY | b64dec)
-        "GCS_KEY_DATA" ($_GCS_KEY_DATA | b64dec)
-        "REGISTRY_STORAGE_S3_ACCESSKEY" ($_REGISTRY_STORAGE_S3_ACCESSKEY | b64dec)
-        "REGISTRY_STORAGE_S3_SECRETKEY" ($_REGISTRY_STORAGE_S3_SECRETKEY | b64dec)
-        "REGISTRY_STORAGE_SWIFT_PASSWORD" ($_REGISTRY_STORAGE_SWIFT_PASSWORD | b64dec)
-        "REGISTRY_STORAGE_SWIFT_SECRETKEY" ($_REGISTRY_STORAGE_SWIFT_SECRETKEY | b64dec)
-        "REGISTRY_STORAGE_SWIFT_ACCESSKEY" ($_REGISTRY_STORAGE_SWIFT_ACCESSKEY | b64dec)
-        "REGISTRY_STORAGE_OSS_ACCESSKEYSECRET" ($_REGISTRY_STORAGE_OSS_ACCESSKEYSECRET | b64dec)
-     -}}
-{{- end }}
-
+{{- if not .Values.registry.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -47,35 +17,31 @@ metadata:
   {{- end }}
 type: Opaque
 data:
-  REGISTRY_HTPASSWD: {{ $existingEnvVarsSecretRegistry.REGISTRY_HTPASSWD | default .Values.registry.credentials.htpasswd | b64enc | quote }}
-  {{- $registryHttpSecret := $existingEnvVarsSecretRegistry.REGISTRY_HTTP_SECRET | default "" -}}
-  {{- if eq $registryHttpSecret "" }}
-  REGISTRY_HTTP_SECRET: {{ include "common.secrets.passwords.manage" ( dict "secret" (include "harbor.registry" .) "key" "REGISTRY_HTTP_SECRET" "length" 16 "providedValues" (list "registry.secret") "context" $ ) }}
-  {{- else }}
-  REGISTRY_HTTP_SECRET: {{ print $registryHttpSecret | b64enc | quote }}
-  {{- end }}
-  REGISTRY_REDIS_PASSWORD: {{ $existingEnvVarsSecretRegistry.REGISTRY_REDIS_PASSWORD | default (include "harbor.redis.rawPassword" .) | b64enc | quote }}
+  REGISTRY_HTPASSWD: {{ .Values.registry.credentials.htpasswd | b64enc | quote }}
+  REGISTRY_HTTP_SECRET: {{ include "common.secrets.passwords.manage" (dict "secret" (include "harbor.registry" .) "key" "REGISTRY_HTTP_SECRET" "length" 16 "providedValues" (list "registry.secret") "context" $) }}
+  REGISTRY_REDIS_PASSWORD: {{ (include "harbor.redis.rawPassword" .) | b64enc | quote }}
   {{- if eq .Values.persistence.imageChartStorage.type "azure" }}
-  REGISTRY_STORAGE_AZURE_ACCOUNTKEY: {{ $existingEnvVarsSecretRegistry.REGISTRY_STORAGE_AZURE_ACCOUNTKEY | default .Values.persistence.imageChartStorage.azure.accountkey | b64enc | quote }}
+  REGISTRY_STORAGE_AZURE_ACCOUNTKEY: {{ .Values.persistence.imageChartStorage.azure.accountkey | b64enc | quote }}
   {{- else if eq .Values.persistence.imageChartStorage.type "gcs" }}
   {{- if .Values.persistence.imageChartStorage.gcs.encodedkey }}
-  GCS_KEY_DATA: {{ $existingEnvVarsSecretRegistry.GCS_KEY_DATA | default .Values.persistence.imageChartStorage.gcs.encodedkey | quote }}
+  GCS_KEY_DATA: {{ .Values.persistence.imageChartStorage.gcs.encodedkey | quote }}
   {{- end }}
   {{- else if eq .Values.persistence.imageChartStorage.type "s3" }}
   {{- if .Values.persistence.imageChartStorage.s3.accesskey }}
-  REGISTRY_STORAGE_S3_ACCESSKEY: {{ $existingEnvVarsSecretRegistry.REGISTRY_STORAGE_S3_ACCESSKEY | default .Values.persistence.imageChartStorage.s3.accesskey | b64enc | quote }}
+  REGISTRY_STORAGE_S3_ACCESSKEY: {{ .Values.persistence.imageChartStorage.s3.accesskey | b64enc | quote }}
   {{- end }}
   {{- if .Values.persistence.imageChartStorage.s3.secretkey }}
-  REGISTRY_STORAGE_S3_SECRETKEY: {{ $existingEnvVarsSecretRegistry.REGISTRY_STORAGE_S3_SECRETKEY | default .Values.persistence.imageChartStorage.s3.secretkey | b64enc | quote }}
+  REGISTRY_STORAGE_S3_SECRETKEY: {{ .Values.persistence.imageChartStorage.s3.secretkey | b64enc | quote }}
   {{- end }}
   {{- else if eq .Values.persistence.imageChartStorage.type "swift" }}
-  REGISTRY_STORAGE_SWIFT_PASSWORD: {{ $existingEnvVarsSecretRegistry.REGISTRY_STORAGE_SWIFT_PASSWORD | default .Values.persistence.imageChartStorage.swift.password | b64enc | quote }}
+  REGISTRY_STORAGE_SWIFT_PASSWORD: {{ .Values.persistence.imageChartStorage.swift.password | b64enc | quote }}
   {{- if .Values.persistence.imageChartStorage.swift.secretkey }}
-  REGISTRY_STORAGE_SWIFT_SECRETKEY: {{ $existingEnvVarsSecretRegistry.REGISTRY_STORAGE_SWIFT_SECRETKEY | default .Values.persistence.imageChartStorage.swift.secretkey | b64enc | quote }}
+  REGISTRY_STORAGE_SWIFT_SECRETKEY: {{ .Values.persistence.imageChartStorage.swift.secretkey | b64enc | quote }}
   {{- end }}
   {{- if .Values.persistence.imageChartStorage.swift.accesskey }}
-  REGISTRY_STORAGE_SWIFT_ACCESSKEY: {{ $existingEnvVarsSecretRegistry.REGISTRY_STORAGE_SWIFT_ACCESSKEY | default .Values.persistence.imageChartStorage.swift.accesskey | b64enc | quote }}
+  REGISTRY_STORAGE_SWIFT_ACCESSKEY: {{ .Values.persistence.imageChartStorage.swift.accesskey | b64enc | quote }}
   {{- end }}
   {{- else if eq .Values.persistence.imageChartStorage.type "oss" }}
-  REGISTRY_STORAGE_OSS_ACCESSKEYSECRET: {{ $existingEnvVarsSecretRegistry.REGISTRY_STORAGE_OSS_ACCESSKEYSECRET | default .Values.persistence.imageChartStorage.oss.accesskeysecret | b64enc | quote }}
+  REGISTRY_STORAGE_OSS_ACCESSKEYSECRET: {{ .Values.persistence.imageChartStorage.oss.accesskeysecret | b64enc | quote }}
   {{- end }}
+{{- end }}

bitnami/harbor/templates/trivy/trivy-secret-envvars.yaml

@@ -3,24 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- $secretName := .Values.trivy.existingEnvVarsSecret -}}
-{{- $namespace := .Release.Namespace -}}
-{{- $secret := lookup "v1" "Secret" $namespace $secretName -}}
-{{- $existingEnvVarsSecretTrivy := dict -}}
-{{- if $secret.data }}
-  {{- $_SCANNER_TRIVY_GITHUB_TOKEN := index $secret.data "SCANNER_TRIVY_GITHUB_TOKEN" | default "" -}}
-  {{- $_SCANNER_REDIS_URL := index $secret.data "SCANNER_REDIS_URL" | default "" -}}
-  {{- $_SCANNER_STORE_REDIS_URL := index $secret.data "SCANNER_STORE_REDIS_URL" | default "" -}}
-  {{- $_SCANNER_JOB_QUEUE_REDIS_URL := index $secret.data "SCANNER_JOB_QUEUE_REDIS_URL" | default "" -}}
-  {{- $existingEnvVarsSecretTrivy = dict 
-        "SCANNER_TRIVY_GITHUB_TOKEN" ($_SCANNER_TRIVY_GITHUB_TOKEN | b64dec)
-        "SCANNER_REDIS_URL" ($_SCANNER_REDIS_URL | b64dec)
-        "SCANNER_STORE_REDIS_URL" ($_SCANNER_STORE_REDIS_URL | b64dec)
-        "SCANNER_JOB_QUEUE_REDIS_URL" ($_SCANNER_JOB_QUEUE_REDIS_URL | b64dec)
-     -}}
-{{- end }}
-
-{{- if and .Values.trivy.enabled }}
+{{- if and .Values.trivy.enabled (not .Values.trivy.existingEnvVarsSecret) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -35,8 +18,8 @@ metadata:
   {{- end }}
 type: Opaque
 data:
-  SCANNER_TRIVY_GITHUB_TOKEN: {{ $existingEnvVarsSecretTrivy.SCANNER_TRIVY_GITHUB_TOKEN | default (.Values.trivy.gitHubToken | default "") | b64enc | quote }}
-  SCANNER_REDIS_URL: {{ $existingEnvVarsSecretTrivy.SCANNER_REDIS_URL | default (include "harbor.redisForTrivyAdapter" .) | b64enc }}
-  SCANNER_STORE_REDIS_URL: {{ $existingEnvVarsSecretTrivy.SCANNER_STORE_REDIS_URL | default (include "harbor.redisForTrivyAdapter" .) | b64enc }}
-  SCANNER_JOB_QUEUE_REDIS_URL: {{ $existingEnvVarsSecretTrivy.SCANNER_JOB_QUEUE_REDIS_URL | default (include "harbor.redisForTrivyAdapter" .) | b64enc }}
+  SCANNER_TRIVY_GITHUB_TOKEN: {{ .Values.trivy.gitHubToken | default "" | b64enc | quote }}
+  SCANNER_REDIS_URL: {{ include "harbor.redisForTrivyAdapter" . | b64enc }}
+  SCANNER_STORE_REDIS_URL: {{ include "harbor.redisForTrivyAdapter" . | b64enc }}
+  SCANNER_JOB_QUEUE_REDIS_URL: {{ include "harbor.redisForTrivyAdapter" . | b64enc }}
 {{- end }}