Fixed vault authentication params (#1253)

tuteng · web-flow · commit 2c7bb46ad81a · 2025-11-11T10:16:22.000+08:00
diff --git a/charts/sn-platform/templates/_helpers.tpl b/charts/sn-platform/templates/_helpers.tpl
@@ -257,10 +257,10 @@ Define function for get authenticaiton environment variable
         key: PULSAR_PREFIX_OIDCTokenAudienceID
 {{- if and (eq .Component "proxy") .Values.auth.superUsers.proxyRolesEnabled }}
 - name: brokerClientAuthenticationParameters
-  value: "file:///mnt/token/TOKEN"
+  value: "file:///mnt/vault/PROXY_brokerClientAuthenticationParameters"
 {{- else }}
 - name: brokerClientAuthenticationParameters
-  value: "file:///mnt/token/TOKEN"
+  value: "file:///mnt/vault/brokerClientAuthenticationParameters"
 {{- end }}
 {{- end }}
 {{- if .Values.auth.authentication.jwt.enabled }}
@@ -291,17 +291,14 @@ Define function for get authenticaiton secret
   secretName: "{{ .Values.auth.oauth.brokerClientCredentialSecret }}"
 {{- end }}
 {{- if and .Values.auth.vault.enabled (or .Values.broker.readPublicKeyFromFile .Values.proxy.readPublicKeyFromFile) }}
-{{- if and (eq .Component "proxy") .Values.auth.superUsers.proxyRolesEnabled }}
-- mountPath: /mnt/token
-  secretName: {{ .Release.Name }}-token-proxy-admin
-{{- else }}
-- mountPath: /mnt/token
-  secretName: {{ .Release.Name }}-token-admin
-{{- end }}
 - mountPath: {{ default "/pulsar/vault/v1/identity/oidc/.well-known/keys" .Values.broker.publicKeyPath }}
   {{ $defaultSecretName := print (include "pulsar.fullname" .) "-" .Values.vault.component "-public-key" }}
   secretName: {{ default $defaultSecretName .Values.broker.publicKeySecret }}
 {{- end }}
+{{- if .Values.auth.vault.enabled }}
+- mountPath: /mnt/vault
+  secretName: {{ template "pulsar.fullname" . }}-vault-secret-env-injection
+{{- end }}
 {{- if .Values.auth.authentication.jwt.enabled }}
 {{- if and (eq .Component "proxy") .Values.auth.superUsers.proxyRolesEnabled }}
 - mountPath: /mnt/token
diff --git a/charts/sn-platform/templates/broker/broker-cluster.yaml b/charts/sn-platform/templates/broker/broker-cluster.yaml
@@ -84,7 +84,7 @@ spec:
 {{ toYaml . | indent 6 }}
 {{- end }}
 {{- end }}
-{{- if or (and .Values.auth.vault.enabled .Values.broker.readPublicKeyFromFile) (and .Values.broker.offload.gcs.enabled .Values.broker.offload.gcs.secret) .Values.broker.extraSecretRefs .Values.auth.oauth.enabled .Values.auth.authentication.jwt.enabled }}
+{{- if or .Values.auth.vault.enabled (and .Values.broker.offload.gcs.enabled .Values.broker.offload.gcs.secret) .Values.broker.extraSecretRefs .Values.auth.oauth.enabled .Values.auth.authentication.jwt.enabled }}
     secretRefs:
     {{- if .Values.broker.offload.gcs.secret }}
     - mountPath: /pulsar/srvaccts/gcs.json
@@ -93,7 +93,7 @@ spec:
 {{- with .Values.broker.extraSecretRefs }}
 {{ toYaml . | indent 4 }}
 {{- end }}
-    {{- if or .Values.auth.oauth.enabled .Values.auth.authentication.jwt.enabled (and .Values.auth.vault.enabled .Values.broker.readPublicKeyFromFile) }}
+    {{- if or .Values.auth.oauth.enabled .Values.auth.authentication.jwt.enabled .Values.auth.vault.enabled }}
 {{- include "pulsar.authSecret" (dict "Values" .Values "Component" .Values.broker.component "Release" .Release "Chart" .Chart) | indent 4 }}
     {{- end }}
 {{- end }}
diff --git a/charts/sn-platform/templates/proxy/proxy-cluster.yaml b/charts/sn-platform/templates/proxy/proxy-cluster.yaml
@@ -67,7 +67,7 @@ spec:
 {{ toYaml . | indent 6 }}
 {{- end }}
 {{- end }}
-{{- if or (and .Values.auth.vault.enabled .Values.proxy.readPublicKeyFromFile) .Values.proxy.extraSecretRefs  .Values.auth.oauth.enabled .Values.auth.authentication.jwt.enabled }}
+{{- if or .Values.auth.vault.enabled .Values.proxy.extraSecretRefs  .Values.auth.oauth.enabled .Values.auth.authentication.jwt.enabled }}
     secretRefs:
 {{- with .Values.proxy.extraSecretRefs }}
 {{ toYaml . | indent 4 }}
