Fix group psk secret (#21)

**Description** <Describe what changed.> This PR fixes the group PSK secret when Cloud is enabled. Note: Refactoring to improve the config when cloud is enabled is forthcoming. **Testing** <Describe how you tested the change.> Locally and remote testing. **Documentation** <Describe any documentation that was added.> N/A
strata-io · Aug 23, 2023 · a647908 · a647908
1 parent 557b2f2
commit a647908
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 15 deletions.
diff --git a/charts/orchestrator/Chart.yaml b/charts/orchestrator/Chart.yaml
@@ -20,7 +20,7 @@ type: application
 # This is the chart version. This version number should be incremented each time we
 # make changes to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.8
+version: 0.1.9
 
 # This is the version number of the application being deployed. This version number
 # should be incremented each time we make changes to the application. Versions are

diff --git a/charts/orchestrator/templates/secret.yaml b/charts/orchestrator/templates/secret.yaml
@@ -1,12 +1,14 @@
-{{- if .Values.orchestrator.groups.primary.psk.createSecret -}}
+{{- with .Values.orchestrator.groups.primary.psk -}}
+{{- if .createSecret -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "orchestrator.primaryGroupPSKSecretName" . }}
-  namespace: {{ .Release.Namespace }}
+  name: {{ include "orchestrator.primaryGroupPSKSecretName" $ }}
+  namespace: {{ $.Release.Namespace }}
   labels:
-    {{- include "orchestrator.labels" . | nindent 4 }}
+    {{- include "orchestrator.labels" $ | nindent 4 }}
 type: Opaque
 data:
-  psk: {{ .Values.orchestrator.groups.primary.psk.value | b64enc }}
-{{- end }}
+  {{ required "A valid key name for the PSK is required!" .secretKey }}: {{ required "A valid 32-byte PSK is required!" .value | b64enc }}
+{{- end }}
+{{- end }}
diff --git a/charts/orchestrator/templates/statefulset.yaml b/charts/orchestrator/templates/statefulset.yaml
@@ -66,14 +66,14 @@ spec:
               value: "_membership-udp._udp.{{ include "orchestrator.fullname" . }}-groups.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}."
             - name: MAVERICS_GROUPS_PRIMARY_DATA_ADDR
               value: /ip4/0.0.0.0/tcp/9451
+            {{ with .Values.orchestrator.groups.primary.psk }}
+            {{ if or (and .createSecret .value) .secretName }}
             - name: MAVERICS_GROUPS_PRIMARY_SECURITY_PSK
-            {{ if .Values.orchestrator.groups.primary.psk.createSecret }}
               valueFrom:
                 secretKeyRef:
-                  name: "{{ include "orchestrator.primaryGroupPSKSecretName" .}}"
-                  key: psk
-            {{ else }}
-              value: "{{ .Values.orchestrator.groups.primary.psk.value }}"
+                  name: "{{ include "orchestrator.primaryGroupPSKSecretName" $ }}"
+                  key: "{{ required "A valid key name for the PSK is required!" .secretKey }}"
+            {{ end }}
             {{ end }}
             - name: MAVERICS_GROUPS_PRIMARY_NODE_KEY_FILE
               value: /etc/maverics/groups/tls/primary-key

diff --git a/charts/orchestrator/values.schema.json b/charts/orchestrator/values.schema.json
@@ -263,6 +263,9 @@
                                         "createSecret": {
                                             "type": "boolean"
                                         },
+                                        "secretKey": {
+                                            "type": "string"
+                                        },
                                         "secretName": {
                                             "type": "string"
                                         },

diff --git a/charts/orchestrator/values.yaml b/charts/orchestrator/values.yaml
@@ -161,10 +161,10 @@ orchestrator:
         # The name of the PSK secret.
         # If not set and create is true, a name is generated using the fullname template.
         secretName: ""
+        # The name of the key identifying the PSK within the secret.
+        secretKey: "psk"
         # The value of the PSK. This can be the raw value or it can take advantage of
-        # the Orchestrators support for environmental variables or secret stores. If
-        # createSecret is true, this value will be stored in the secret instead of
-        # being set as a raw environmental variable.
+        # the Orchestrators support for environmental variables or secret stores.
         value: ""
   # This is the base configuration used for the Orchestrator. By default, it
   # configures the Orchestrators to be in an Orchestrator Group and it has Group