search

jfrog / charts

JFrog official Helm Charts
https://jfrog.com/integration/helm-repository/
Apache License 2.0
261 stars 447 forks source link

Artifactory StatefulSet pod annoations toYaml #1828

Closed kasey-weirich closed 1 year ago

kasey-weirich commented 1 year ago

FEATURE REQUEST: Which chart: Artifactory Which product license: Enterprise/Pro JFrog support reference: Working with Sudhindra Rao

What happened: Cannot use yaml-based annotations with elements such as multi-line when passing from values file. The current statefulset template uses a range of k:v's to pull in pod annotations from the values file. StatefulSet annotations use the toYaml function though.

Range (currently being used)

This results in only k:v pairs to be used within annotations, meaning you cannot use other yaml functions (lists, multiline)

      annotations:
      ...
      {{- end }}
      {{- range $key, $value := .Values.artifactory.annotations }}
        {{ $key }}: {{ tpl $value $ | quote }}
      {{- end }}

What you expected to happen: Ideally, we would allow yaml here, using the toYaml function.

toYaml (proposed change)

Would allow other yaml formats to be used within annotations. Note: annotations for the statefulSet itself already use the toYaml function (here)

      annotations:
      {{- with .Values.artifactory.annotations }}
{{ toYaml . | indent 8 }}
      {{- end }}

How to reproduce it: Add annotations under artifactory.annoations using multi-line yaml (or a list of values), the template will return an error when attempting to parse due to the range function being used.

Additional info

We would like to get the Vault injector working with Artifactory (Hashicorp docs)

Here is an example annotation snippet (note that there is additional Go templating within the annotation that must be used):

spec:
  template:
    metadata:
      annotations:
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-inject-status: "update"
        vault.hashicorp.com/agent-inject-secret-db-creds: "database/creds/db-app"
        vault.hashicorp.com/agent-inject-template-db-creds: |
          {{- with secret "database/creds/db-app" -}}
          postgres://{{ .Data.username }}:{{ .Data.password }}@postgres:5432/appdb?sslmode=disable
          {{- end }}
shahiinn commented 1 year ago

@kasey-weirich : Thank you for raising this feature request along with a proposed solution. We have opened a ticket on our end for this implementation and testing.