diff --git a/api/go.mod b/api/go.mod
index 5ae04c285..4de1aae16 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -4,9 +4,9 @@ go 1.17
require (
github.com/fluxcd/pkg/apis/kustomize v0.3.2
- github.com/fluxcd/pkg/apis/meta v0.12.1
+ github.com/fluxcd/pkg/apis/meta v0.12.3-0.20220415180444-df88b80c8323
k8s.io/apiextensions-apiserver v0.23.4
- k8s.io/apimachinery v0.23.4
+ k8s.io/apimachinery v0.23.5
sigs.k8s.io/controller-runtime v0.11.1
)
diff --git a/api/go.sum b/api/go.sum
index 4085d872e..e287ab85f 100644
--- a/api/go.sum
+++ b/api/go.sum
@@ -122,8 +122,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/fluxcd/pkg/apis/kustomize v0.3.2 h1:ULoAwOOekHf5cy6mYIwL+K6v8/cfcNVVbwfIPgWjdjg=
github.com/fluxcd/pkg/apis/kustomize v0.3.2/go.mod h1:p8iAH5TeqMBnnxkkpCNNDvWYfKlNRx89a6WKOo+hJHA=
-github.com/fluxcd/pkg/apis/meta v0.12.1 h1:m5PfKAqbqWBvGp9+JRj1sv+xNkGsHwUVf+3rJ8wm6SE=
-github.com/fluxcd/pkg/apis/meta v0.12.1/go.mod h1:f8YVt70/KAhqzZ7xxhjvqyzKubOYx2pAbakb/FfCEg8=
+github.com/fluxcd/pkg/apis/meta v0.12.3-0.20220415180444-df88b80c8323 h1:QaWnZ6IfBj6tcEb1C+G0u7A07IOCo74bZLQSBPJiBqA=
+github.com/fluxcd/pkg/apis/meta v0.12.3-0.20220415180444-df88b80c8323/go.mod h1:Z26X5uTU5LxAyWETGueRQY7TvdPaGfKU7Wye9bdUlho=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
@@ -882,8 +882,9 @@ k8s.io/api v0.23.4 h1:85gnfXQOWbJa1SiWGpE9EEtHs0UVvDyIsSMpEtl2D4E=
k8s.io/api v0.23.4/go.mod h1:i77F4JfyNNrhOjZF7OwwNJS5Y1S9dpwvb9iYRYRczfI=
k8s.io/apiextensions-apiserver v0.23.4 h1:AFDUEu/yEf0YnuZhqhIFhPLPhhcQQVuR1u3WCh0rveU=
k8s.io/apiextensions-apiserver v0.23.4/go.mod h1:TWYAKymJx7nLMxWCgWm2RYGXHrGlVZnxIlGnvtfYu+g=
-k8s.io/apimachinery v0.23.4 h1:fhnuMd/xUL3Cjfl64j5ULKZ1/J9n8NuQEgNL+WXWfdM=
k8s.io/apimachinery v0.23.4/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
+k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0=
+k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
k8s.io/apiserver v0.23.4/go.mod h1:A6l/ZcNtxGfPSqbFDoxxOjEjSKBaQmE+UTveOmMkpNc=
k8s.io/client-go v0.23.4/go.mod h1:PKnIL4pqLuvYUK1WU7RLTMYKPiIh7MYShLshtRY9cj0=
k8s.io/code-generator v0.23.4/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
diff --git a/api/v2beta1/helmrelease_types.go b/api/v2beta1/helmrelease_types.go
index 11dd09e6a..ba96d3cdb 100644
--- a/api/v2beta1/helmrelease_types.go
+++ b/api/v2beta1/helmrelease_types.go
@@ -213,8 +213,9 @@ func (in HelmReleaseSpec) GetUninstall() Uninstall {
// KubeConfig references a Kubernetes secret that contains a kubeconfig file.
type KubeConfig struct {
- // SecretRef holds the name to a secret that contains a 'value' key with
- // the kubeconfig file as the value. It must be in the same namespace as
+ // SecretRef holds the name to a secret that contains a key with
+ // the kubeconfig file as the value. If no key is specified the key will
+ // default to 'value'. The secret must be in the same namespace as
// the HelmRelease.
// It is recommended that the kubeconfig is self-contained, and the secret
// is regularly updated if credentials such as a cloud-access-token expire.
@@ -222,7 +223,7 @@ type KubeConfig struct {
// binaries and credentials to the Pod that is responsible for reconciling
// the HelmRelease.
// +required
- SecretRef meta.LocalObjectReference `json:"secretRef,omitempty"`
+ SecretRef meta.SecretKeyReference `json:"secretRef,omitempty"`
}
// HelmChartTemplate defines the template from which the controller will
diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml
index 2c4c6fa63..59d7a8e63 100644
--- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml
+++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml
@@ -245,16 +245,20 @@ spec:
properties:
secretRef:
description: SecretRef holds the name to a secret that contains
- a 'value' key with the kubeconfig file as the value. It must
- be in the same namespace as the HelmRelease. It is recommended
- that the kubeconfig is self-contained, and the secret is regularly
- updated if credentials such as a cloud-access-token expire.
- Cloud specific `cmd-path` auth helpers will not function without
- adding binaries and credentials to the Pod that is responsible
- for reconciling the HelmRelease.
+ a key with the kubeconfig file as the value. If no key is specified
+ the key will default to 'value'. The secret must be in the same
+ namespace as the HelmRelease. It is recommended that the kubeconfig
+ is self-contained, and the secret is regularly updated if credentials
+ such as a cloud-access-token expire. Cloud specific `cmd-path`
+ auth helpers will not function without adding binaries and credentials
+ to the Pod that is responsible for reconciling the HelmRelease.
properties:
+ key:
+ description: Key in the Secret, when not specified an implementation-specific
+ default key is used.
+ type: string
name:
- description: Name of the referent.
+ description: Name of the Secret.
type: string
required:
- name
diff --git a/controllers/helmrelease_controller.go b/controllers/helmrelease_controller.go
index c6804dcaa..619d36a42 100644
--- a/controllers/helmrelease_controller.go
+++ b/controllers/helmrelease_controller.go
@@ -495,16 +495,17 @@ func (r *HelmReleaseReconciler) getRESTClientGetter(ctx context.Context, hr v2.H
}
var kubeConfig []byte
- for k, _ := range secret.Data {
- if k == "value" || k == "value.yaml" {
- kubeConfig = secret.Data[k]
- break
- }
- }
-
- if len(kubeConfig) == 0 {
+ if key := hr.Spec.KubeConfig.SecretRef.Key; key != "" {
+ kubeConfig = secret.Data[key]
+ } else if val, ok := secret.Data["value"]; ok {
+ kubeConfig = val
+ } else if val, ok := secret.Data["value.yaml"]; ok {
+ kubeConfig = val
+ } else {
+ // User did not specify a key, and the 'value' key was not defined.
return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a 'value' key", secretName)
}
+
return kube.NewMemoryRESTClientGetter(kubeConfig, hr.GetReleaseNamespace(), impersonateAccount, r.Config.QPS, r.Config.Burst, r.KubeConfigOpts), nil
}
diff --git a/docs/api/helmrelease.md b/docs/api/helmrelease.md
index ee1ab6686..658c2ad19 100644
--- a/docs/api/helmrelease.md
+++ b/docs/api/helmrelease.md
@@ -1398,13 +1398,13 @@ no retries remain. Defaults to ‘false’.
secretRef
-
-github.com/fluxcd/pkg/apis/meta.LocalObjectReference
+
+SecretRef
|
- SecretRef holds the name to a secret that contains a ‘value’ key with
+ SecretRef holds the name to a secret that contains
the kubeconfig file as the value. It must be in the same namespace as
the HelmRelease.
It is recommended that the kubeconfig is self-contained, and the secret
@@ -1658,6 +1658,48 @@ rollback action when it fails.
+
+
+(Appears on:
+KubeConfig)
+
+
diff --git a/go.mod b/go.mod
index ca2e13033..7e0288048 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
github.com/fluxcd/helm-controller/api v0.19.0
github.com/fluxcd/pkg/apis/acl v0.0.3
github.com/fluxcd/pkg/apis/kustomize v0.3.2
- github.com/fluxcd/pkg/apis/meta v0.12.1
+ github.com/fluxcd/pkg/apis/meta v0.12.3-0.20220415180444-df88b80c8323
github.com/fluxcd/pkg/runtime v0.13.3
github.com/fluxcd/source-controller/api v0.22.3
github.com/go-logr/logr v1.2.3
@@ -19,7 +19,7 @@ require (
helm.sh/helm/v3 v3.8.1
k8s.io/api v0.23.4
k8s.io/apiextensions-apiserver v0.23.4
- k8s.io/apimachinery v0.23.4
+ k8s.io/apimachinery v0.23.5
k8s.io/cli-runtime v0.23.4
k8s.io/client-go v0.23.4
sigs.k8s.io/controller-runtime v0.11.1
diff --git a/go.sum b/go.sum
index 66a77d5ed..e0bf0040e 100644
--- a/go.sum
+++ b/go.sum
@@ -315,8 +315,8 @@ github.com/fluxcd/pkg/apis/acl v0.0.3 h1:Lw0ZHdpnO4G7Zy9KjrzwwBmDZQuy4qEjaU/RvA6
github.com/fluxcd/pkg/apis/acl v0.0.3/go.mod h1:XPts6lRJ9C9fIF9xVWofmQwftvhY25n1ps7W9xw0XLU=
github.com/fluxcd/pkg/apis/kustomize v0.3.2 h1:ULoAwOOekHf5cy6mYIwL+K6v8/cfcNVVbwfIPgWjdjg=
github.com/fluxcd/pkg/apis/kustomize v0.3.2/go.mod h1:p8iAH5TeqMBnnxkkpCNNDvWYfKlNRx89a6WKOo+hJHA=
-github.com/fluxcd/pkg/apis/meta v0.12.1 h1:m5PfKAqbqWBvGp9+JRj1sv+xNkGsHwUVf+3rJ8wm6SE=
-github.com/fluxcd/pkg/apis/meta v0.12.1/go.mod h1:f8YVt70/KAhqzZ7xxhjvqyzKubOYx2pAbakb/FfCEg8=
+github.com/fluxcd/pkg/apis/meta v0.12.3-0.20220415180444-df88b80c8323 h1:QaWnZ6IfBj6tcEb1C+G0u7A07IOCo74bZLQSBPJiBqA=
+github.com/fluxcd/pkg/apis/meta v0.12.3-0.20220415180444-df88b80c8323/go.mod h1:Z26X5uTU5LxAyWETGueRQY7TvdPaGfKU7Wye9bdUlho=
github.com/fluxcd/pkg/runtime v0.13.3 h1:k0Xun+RoEC/F6iuAPTA6rQb+I4B4oecBx6pOcodX11A=
github.com/fluxcd/pkg/runtime v0.13.3/go.mod h1:dzWNKqFzFXeittbpFcJzR3cdC9CWlbzw+pNOgaVvF/0=
github.com/fluxcd/source-controller/api v0.22.3 h1:HnpSnCtIytwSGSz2qu+GJwyZRmD5UXZL5oOQapiQOtk=
@@ -1560,8 +1560,9 @@ k8s.io/api v0.23.4/go.mod h1:i77F4JfyNNrhOjZF7OwwNJS5Y1S9dpwvb9iYRYRczfI=
k8s.io/apiextensions-apiserver v0.23.4 h1:AFDUEu/yEf0YnuZhqhIFhPLPhhcQQVuR1u3WCh0rveU=
k8s.io/apiextensions-apiserver v0.23.4/go.mod h1:TWYAKymJx7nLMxWCgWm2RYGXHrGlVZnxIlGnvtfYu+g=
k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apimachinery v0.23.4 h1:fhnuMd/xUL3Cjfl64j5ULKZ1/J9n8NuQEgNL+WXWfdM=
k8s.io/apimachinery v0.23.4/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
+k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0=
+k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
k8s.io/apiserver v0.23.4 h1:zNvQlG+C/ERjuUz4p7eY/0IWHaMixRSBoxgmyIdwo9Y=
k8s.io/apiserver v0.23.4/go.mod h1:A6l/ZcNtxGfPSqbFDoxxOjEjSKBaQmE+UTveOmMkpNc=
|