search

jfrog / charts

JFrog official Helm Charts
https://jfrog.com/integration/helm-repository/
Apache License 2.0
254 stars 439 forks source link

Artifactory StatefulSet pod annoations toYaml #1828

Closed kasey-weirich closed 10 months ago

kasey-weirich commented 11 months ago

FEATURE REQUEST: Which chart: Artifactory Which product license: Enterprise/Pro JFrog support reference: Working with Sudhindra Rao

What happened: Cannot use yaml-based annotations with elements such as multi-line when passing from values file. The current statefulset template uses a range of k:v's to pull in pod annotations from the values file. StatefulSet annotations use the toYaml function though.

Range (currently being used)

This results in only k:v pairs to be used within annotations, meaning you cannot use other yaml functions (lists, multiline)

      annotations:
      ...
      {{- end }}
      {{- range $key, $value := .Values.artifactory.annotations }}
        {{ $key }}: {{ tpl $value $ | quote }}
      {{- end }}

What you expected to happen: Ideally, we would allow yaml here, using the toYaml function.

toYaml (proposed change)

Would allow other yaml formats to be used within annotations. Note: annotations for the statefulSet itself already use the toYaml function (here)

      annotations:
      {{- with .Values.artifactory.annotations }}
{{ toYaml . | indent 8 }}
      {{- end }}

How to reproduce it: Add annotations under artifactory.annoations using multi-line yaml (or a list of values), the template will return an error when attempting to parse due to the range function being used.

Additional info

We would like to get the Vault injector working with Artifactory (Hashicorp docs)

Here is an example annotation snippet (note that there is additional Go templating within the annotation that must be used):

spec:
  template:
    metadata:
      annotations:
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-inject-status: "update"
        vault.hashicorp.com/agent-inject-secret-db-creds: "database/creds/db-app"
        vault.hashicorp.com/agent-inject-template-db-creds: |
          {{- with secret "database/creds/db-app" -}}
          postgres://{{ .Data.username }}:{{ .Data.password }}@postgres:5432/appdb?sslmode=disable
          {{- end }}
shahiinn commented 10 months ago

@kasey-weirich : Thank you for raising this feature request along with a proposed solution. We have opened a ticket on our end for this implementation and testing.