feat: delete secret volumne for private key and add secret name (#2020)

<!--
Thank you for contributing to New Relic's Helm charts. Before you submit
this PR we'd like to
make sure you are aware of our technical requirements:

*
https://github.com/newrelic-experimental/helm-charts/blob/master/CONTRIBUTING.md#technical-requirements

For a quick overview across what we will look at reviewing your PR,
please read
our review guidelines:

*
https://github.com/newrelic-experimental/helm-charts/blob/master/REVIEW_GUIDELINES.md

Following our best practices right from the start will accelerate the
review process and
help get your PR merged quicker.

When updates to your PR are requested, please add new commits and do not
squash the
history. This will make it easier to identify new changes. The PR will
be squashed
anyways when it is merged. Thanks.

For fast feedback, please @-mention maintainers that are listed in the
Chart.yaml file.

Please make sure you test your changes before you push them. Once
pushed, a Github Action
will run across your changes and do some initial checks and linting.
These checks run
very quickly. Please check the results. We would like these checks to
pass before we
even continue reviewing your changes.
-->
#### Is this a new chart

#### What this PR does / why we need it:

Delete de volumne for the private key for opamp and and adding the name
to be requested with the k8s api

#### Which issue this PR fixes
*(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)`
format, will close that issue when PR gets merged)*
  - fixes #

#### Special notes for your reviewer:

#### Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove
unrelated fields.]
- [ ] Chart Version bumped
- [ ] Variables are documented in the README.md
- [ ] Title of the PR starts with chart name (e.g. `[mychartname]`)

# Release Notes to Publish (nr-k8s-otel-collector)
If this PR contains changes in `nr-k8s-otel-collector`, please complete
the following section. All other charts should ignore this section.

<!--BEGIN-RELEASE-NOTES-->
## 🚀 What's Changed
* Tell the world about the latest changes in the chart.
<!--END-RELEASE-NOTES-->

Author: vjripoll

charts/agent-control-deployment/Chart.yaml

@@ -4,7 +4,7 @@ description: A Helm chart to install New Relic Agent Control on Kubernetes
 
 type: application
 
-version: 1.1.0
+version: 1.1.1
 appVersion: "1.6.1"
 
 dependencies:

charts/agent-control-deployment/README.md

@@ -96,6 +96,13 @@ agents:
 			<td>"true"</td>
 			<td>enables or disables remote update from Fleet Control for the agent-control-cd chart</td>
 		</tr>
+        <tr>
+			<td>config.secretPrivateKeyName</td>
+			<td>string</td>
+			<td>`""`</td>
+			<td>Provide the secret name from where the private key should be loaded</td>
+		</tr>
+		<tr>
 		<tr>
 			<td>config.fleet_control.enabled</td>
 			<td>bool</td>

charts/agent-control-deployment/templates/_helpers.tpl

@@ -72,6 +72,11 @@ cluster name, licenses, and custom attributes
 {{- /* Add ac_remote_update and cd_remote_update to the config */ -}}
 {{- $k8s = mustMerge $k8s (dict "ac_remote_update" .Values.config.acRemoteUpdate "cd_remote_update" .Values.config.cdRemoteUpdate) -}}
 {{- $k8s = mustMerge $k8s (dict "ac_release_name" .Release.Name "cd_release_name" .Values.config.cdReleaseName) -}}
+{{- $authSecret := .Values.config.authSecret | default dict -}}
+{{- $sName := $authSecret.secretName | default "agent-control-auth" -}}
+{{- $sKey  := $authSecret.secretKeyName | default "private_key" -}}
+{{- $secretObj := dict "secret_name" $sName "secret_key_name" $sKey -}}
+{{- $k8s = mustMerge $k8s (dict "auth_secret" $secretObj) -}}
 {{- $config = mustMerge $config (dict "k8s" $k8s) -}}
 
 {{- with .Values.config.log -}}

charts/agent-control-deployment/templates/deployment-agentcontrol.yaml

@@ -111,11 +111,6 @@ spec:
               mountPath: /etc/newrelic-agent-control/local-data/agent-control/local_config.yaml
               readOnly: true
               subPath: config.yaml
-            {{- if ((.Values.config).fleet_control).enabled }}
-            - name: auth-secret-private-key
-              mountPath: "/etc/newrelic-agent-control/keys"
-              readOnly: true
-            {{- end }}
             {{- with .Values.extraVolumeMounts }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
@@ -145,14 +140,6 @@ spec:
                 path: config.yaml
         - name: var-lib-newrelic-agent-control
           emptyDir: {}
-        {{- if ((.Values.config).fleet_control).enabled }}
-        - name: auth-secret-private-key
-          secret:
-            secretName: {{ include "newrelic-agent-control.auth.secret.name" . }}
-            items:
-              - key: private_key
-                path: from-secret.key
-        {{- end }}
         {{- with .Values.extraVolumes }}
         {{- toYaml . | nindent 8 }}
         {{- end }}

charts/agent-control-deployment/tests/auth_secret_test.yaml

@@ -8,7 +8,7 @@ release:
   namespace: my-namespace
 
 tests:
-  - it: authSecret is created and mounted correctly by default
+  - it: authSecret is NOT mounted as volume (auth handled via k8s API)
     set:
       cluster: test
       config:
@@ -28,9 +28,7 @@ tests:
               mountPath: /etc/newrelic-agent-control/local-data/agent-control/local_config.yaml
               readOnly: true
               subPath: config.yaml
-            - mountPath: /etc/newrelic-agent-control/keys
-              name: auth-secret-private-key
-              readOnly: true
+
       - template: templates/deployment-agentcontrol.yaml
         equal:
           path: spec.template.spec.volumes
@@ -43,12 +41,6 @@ tests:
                     path: config.yaml
             - name: var-lib-newrelic-agent-control
               emptyDir: {}
-            - name: auth-secret-private-key
-              secret:
-                secretName: my-release-agent-control-auth
-                items:
-                  - key: private_key
-                    path: from-secret.key
 
   - it: no mount and secret is created when auth is disabled
     set:
@@ -67,4 +59,4 @@ tests:
         notContains:
           path: spec.template.spec.volumes
           content:
-            name: auth-secret-private-key
+            name: auth-secret-private-key

charts/agent-control-deployment/tests/configmap_agentcontrol_config_test.yaml

@@ -21,6 +21,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -47,6 +50,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -80,6 +86,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -105,6 +114,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -130,6 +142,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -161,6 +176,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -194,6 +212,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -232,6 +253,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: config-cluster
@@ -264,6 +288,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -290,6 +317,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: false
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: false
               cluster_name: my-cluster
@@ -385,6 +415,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -413,6 +446,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -442,6 +478,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -478,6 +517,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -516,6 +558,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster
@@ -557,6 +602,9 @@ tests:
             k8s:
               ac_release_name: my-release
               ac_remote_update: true
+              auth_secret:
+                secret_key_name: private_key
+                secret_name: agent-control-auth
               cd_release_name: agent-control-cd
               cd_remote_update: true
               cluster_name: my-cluster

charts/agent-control-deployment/tests/deployment_agentcontrol_subagent_configs_test.yaml

@@ -19,9 +19,7 @@ tests:
               mountPath: /etc/newrelic-agent-control/local-data/agent-control/local_config.yaml
               readOnly: true
               subPath: config.yaml
-            - mountPath: /etc/newrelic-agent-control/keys
-              name: auth-secret-private-key
-              readOnly: true
+
       - template: templates/deployment-agentcontrol.yaml
         equal:
           path: spec.template.spec.volumes
@@ -33,10 +31,4 @@ tests:
                   - key: local_config
                     path: config.yaml
             - name: var-lib-newrelic-agent-control
-              emptyDir: {}
-            - name: auth-secret-private-key
-              secret:
-                secretName: agent-control-auth
-                items:
-                  - key: private_key
-                    path: from-secret.key
+              emptyDir: {}

charts/agent-control-deployment/values.yaml

@@ -160,6 +160,14 @@ config:
   # -- The name of the release for the CD chart.
   # @default -- agent-control-cd
   cdReleaseName: agent-control-cd
+  # -- Configuration for the authentication secret needed for OpAMP connection.
+  authSecret:
+    # -- (string) The name of the Kubernetes Secret resource containing the credentials.
+    # @default -- "agent-control-auth"
+    secretName: agent-control-auth
+    # -- (string) The specific key within the Secret data map that holds the actual private key content.
+    # @default -- "private_key"
+    secretKeyName: private_key
 
   # -- List of allowed chart repository URLs. The Agent Control will only allow to deploy agents from these repositories.
   #