re-add control-plane token in secrets (#73)

also, separate token for registration and service itself

charts/neon-storage-controller/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: neon-storage-controller
 description: Neon storage controller
 type: application
-version: 1.0.6
+version: 1.0.7
 appVersion: "0.1.0"
 kubeVersion: "^1.18.x-x"
 home: https://neon.tech

charts/neon-storage-controller/README.md

@@ -1,6 +1,6 @@
 # neon-storage-controller
 
-![Version: 1.0.6](https://img.shields.io/badge/Version-1.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![Lint and Test Charts](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml/badge.svg)](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml)
+![Version: 1.0.7](https://img.shields.io/badge/Version-1.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![Lint and Test Charts](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml/badge.svg)](https://github.com/neondatabase/helm-charts/actions/workflows/lint-test.yaml)
 
 Neon storage controller
 
@@ -45,6 +45,8 @@ Kubernetes: `^1.18.x-x`
 | podAnnotations | object | `{}` | Annotations for neon-storage-controller pods |
 | podLabels | object | `{}` | Additional labels for neon-storage-controller pods |
 | podSecurityContext | object | `{}` | neon-storage-controller's pods Security Context |
+| registerControlPlane.apiKey | string | `""` |  |
+| registerControlPlane.controlPlaneJwtToken | string | `""` |  |
 | registerControlPlane.enable | bool | `false` |  |
 | registerControlPlane.resources.limits.cpu | string | `"100m"` |  |
 | registerControlPlane.resources.limits.memory | string | `"128M"` |  |
@@ -60,7 +62,6 @@ Kubernetes: `^1.18.x-x`
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
-| settings.apiKey | string | `""` |  |
 | settings.computeHookUrl | string | `""` |  |
 | settings.controlPlaneJwtToken | string | `""` |  |
 | settings.databaseUrl | string | `""` |  |

charts/neon-storage-controller/templates/secrets-registration.yaml

@@ -7,6 +7,6 @@ metadata:
     {{- include "neon-storage-controller.labels" . | nindent 4 }}
 type: Opaque
 data:
-  CONTROL_PLANE_JWT_TOKEN: {{ .Values.settings.controlPlaneJwtToken | b64enc | quote }}
-  CONSOLE_API_KEY: {{ .Values.settings.apiKey | b64enc | quote }}
+  CONTROL_PLANE_JWT_TOKEN: {{ .Values.registerControlPlane.controlPlaneJwtToken | b64enc | quote }}
+  CONSOLE_API_KEY: {{ .Values.registerControlPlane.apiKey | b64enc | quote }}
 {{- end }}

charts/neon-storage-controller/templates/secrets.yaml

@@ -7,4 +7,5 @@ metadata:
 type: Opaque
 data:
   DATABASE_URL: {{ .Values.settings.databaseUrl | b64enc | quote }}
+  CONTROL_PLANE_JWT_TOKEN: {{ .Values.settings.controlPlaneJwtToken | b64enc | quote }}
   PAGESERVER_JWT_TOKEN: {{ .Values.settings.jwtToken| b64enc | quote }}

charts/neon-storage-controller/values.yaml

@@ -34,8 +34,6 @@ settings:
   controlPlaneJwtToken: ""
   # URL for compute notifications
   computeHookUrl: ""
-  # Console API key to list existing pageserver to get version
-  apiKey: ""
 
 # Enable auto register to control plane
 # This will run postinstall job
@@ -48,6 +46,9 @@ registerControlPlane:
   #   -H "Content-Type: application/json" \
   #   -H "Authorization: Bearer $NEON_API_KEY" \
   #   -X POST -d '{"ttl_seconds": 31536000, "scope": "infra"}'
+  controlPlaneJwtToken: ""
+  # Console API key to list existing pageserver to get version
+  apiKey: ""
   # global_cplane_url: "http://neon-internal-api.aws.neon.build"
   # local_cplane_url: "https://control-plane.zeta.us-east-2.internal.aws.neon.build"
   # console_url: ""