Merge pull request #2 from /issues/1

bsctl · web-flow · commit e2f2d6d99201 · 2025-05-03T19:07:16.000+02:00
use secrets not in the chart
diff --git a/README.md b/README.md
@@ -53,8 +53,6 @@ The implementation uses hash-suffixed templates, `ProxmoxMachineTemplate` and `K
 2. Run: `helm upgrade my-cluster ./cluster-api-kamaji-proxmox`
 3. Cluster API automatically replaces nodes using the new configuration
 
-
-
 ### Cluster Autoscaler Integration
 
 The chart includes support for enabling the Cluster Autoscaler for each node pool. This feature allows you to mark node pool machines to be autoscaled. However, you still need to install the Cluster Autoscaler separately.
@@ -122,17 +120,17 @@ export PROXMOX_TOKEN: "clastix@pam!capi"        # The Proxmox VE TokenID for aut
 export PROXMOX_SECRET: "REDACTED"               # The secret associated with the TokenID
 ```
 
-Then you can leave the chart to create the secret for you by filling the proper fields in your `values.yaml` or you can create the secret manually.
+Then you create the secret manually:
 
 ```bash
 # Create the proxmox secret for Cluster API
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Secret
 metadata:
-  name: proxmox-secret
+  name: sample-proxmox-secret
   labels:
-    cluster.x-k8s.io/cluster-name: "my-cluster"
+    cluster.x-k8s.io/cluster-name: "sample"
 stringData:
   url: "${PROXMOX_URL}"
   token: "${PROXMOX_TOKEN}"
@@ -148,8 +146,9 @@ and reference it in your `values.yaml`:
 # Using existing secrets
 proxmox:
   secret:
-    create: false
-    name: proxmox-secret
+    name: sample-proxmox-secret
+    # -- omitting namespace will use the release namespace
+    namespace: default
 ```
 
 ## Usage
diff --git a/charts/capi-kamaji-proxmox/README.md b/charts/capi-kamaji-proxmox/README.md
@@ -75,12 +75,9 @@ A Helm chart for deploying a Kamaji Tenant Cluster on Proxmox VE using Cluster A
 | nodePools[0].storage | string | `"local"` | Proxmox VE storage name for full clone |
 | nodePools[0].templateId | int | `100` | Proxmox VE template ID to clone |
 | nodePools[0].users | list | `[{"name":"clastix","sshAuthorizedKeys":[],"sudo":"ALL=(ALL) NOPASSWD:ALL"}]` | users to create on machines |
-| proxmox.secret | object | `{"create":true,"name":"proxmox-secret"}` | Create a secret with the Proxmox VE credentials |
-| proxmox.secret.create | bool | `true` | Specifies whether credentials secret should be created from config values |
-| proxmox.secret.name | string | `"proxmox-secret"` | The name of an existing credentials secret for Proxmox VE.  |
-| proxmox.tokenId | string | `"clastix@pam!capi"` | Proxmox VE TokenID for authentication |
-| proxmox.tokenSecret | string | `"READCTED"` | Proxmox VE TokenSecret for authentication |
-| proxmox.url | string | `"https://proxmox.pve:8006"` | Proxmox VE hostname or IP address |
+| proxmox.secret | object | `{"name":"proxmox-secret","namespace":""}` | Proxmox VE credentials |
+| proxmox.secret.name | string | `"proxmox-secret"` | The name of an existing credentials secret for Proxmox VE. |
+| proxmox.secret.namespace | string | `""` | The namespace of the existing credentials secret for Proxmox VE. When null or empty the release namespace will be used. |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/capi-kamaji-proxmox/templates/_helpers.tpl b/charts/capi-kamaji-proxmox/templates/_helpers.tpl
@@ -8,12 +8,3 @@
 {{- default .Release.Name .Values.cluster.name | trunc 63 | trimSuffix "-" }}
 {{- end -}}
 
-{{/* Proxmox VE secret name used by ClusterAPI */}}
-{{- define "cluster-api-kamaji-proxmox.proxmox-secret-name" -}}
-{{- if .Values.proxmox.secret.create -}}
-{{- printf "%s-proxmox-secret" (include "cluster-api-kamaji-proxmox.cluster-name" .) -}}
-{{- else -}}
-{{- .Values.proxmox.secret.name | default "proxmox-secret" -}}
-{{- end -}}
-{{- end -}}
-
diff --git a/charts/capi-kamaji-proxmox/templates/proxmox-cluster.yaml b/charts/capi-kamaji-proxmox/templates/proxmox-cluster.yaml
@@ -7,8 +7,8 @@ metadata:
   namespace: {{ .Release.Namespace }}
 spec:
   credentialsRef:
-    name: {{ include "cluster-api-kamaji-proxmox.proxmox-secret-name" . }}
-    namespace: {{ .Release.Namespace }}
+    name: {{ .Values.proxmox.secret.name }}
+    namespace: {{ .Values.proxmox.secret.namespace | default .Release.Namespace }}
   externalManagedControlPlane: true
   ipv4Config:
     addresses:
diff --git a/charts/capi-kamaji-proxmox/templates/proxmox-secret.yaml b/charts/capi-kamaji-proxmox/templates/proxmox-secret.yaml
diff --git a/charts/capi-kamaji-proxmox/values.yaml b/charts/capi-kamaji-proxmox/values.yaml
@@ -1,16 +1,10 @@
 proxmox:
-  # -- Create a secret with the Proxmox VE credentials
+  # -- Proxmox VE credentials
   secret:
-    # -- Specifies whether credentials secret should be created from config values
-    create: true
-    # -- The name of an existing credentials secret for Proxmox VE. 
+    # -- The name of an existing credentials secret for Proxmox VE.
     name: proxmox-secret
-  # -- Proxmox VE hostname or IP address
-  url: https://proxmox.pve:8006
-  # -- Proxmox VE TokenID for authentication
-  tokenId: 'clastix@pam!capi'
-  # -- Proxmox VE TokenSecret for authentication
-  tokenSecret: READCTED
+    # -- The namespace of the existing credentials secret for Proxmox VE. When null or empty the release namespace will be used.
+    namespace: ""
 
 ipamProvider:
   # -- Enable the IPAMProvider usage
