File secrets

charts/onechart/Chart.yaml

@@ -15,4 +15,4 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.15.3
+version: 0.16.0

charts/onechart/templates/deployment.yaml

@@ -75,6 +75,11 @@ spec:
               mountPath: {{ .path }}
               readOnly: true
             {{- end }}
+            {{- range .Values.fileSecrets }}
+            - name: {{ .name }}
+              mountPath: {{ .path }}
+              readOnly: true
+            {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
         {{- if .Values.debugSidecarEnabled }}
@@ -99,6 +104,11 @@ spec:
           secret:
             secretName: {{ printf "%s-%s" $.Release.Name .name }}
         {{- end }}
+        {{- range .Values.fileSecrets }}
+        - name: {{ .name }}
+          secret:
+            secretName: {{ printf "%s-%s" $.Release.Name .name }}
+        {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/onechart/templates/file-secret.yaml

@@ -0,0 +1,13 @@
+{{- range .Values.fileSecrets }}
+---
+kind: Secret
+apiVersion: v1
+type: Opaque
+metadata:
+  name: {{ printf "%s-%s" $.Release.Name .name }}
+  namespace: {{ $.Release.Namespace }}
+data:
+{{- range $key, $val := .secrets }}
+  {{ $key }}: {{ $val | b64enc }}
+{{- end }}
+{{- end }}

charts/onechart/tests/deployment_file_secrets_test.yaml

@@ -0,0 +1,34 @@
+suite: test deployment
+templates:
+  - deployment.yaml
+  - configmap.yaml
+  - pvc.yaml
+tests:
+  - it: Should mount volume
+    set:
+      fileSecrets:
+        - name: google-account-key
+          path: /google-account-key
+          secrets:
+            key.json: supersecret
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].volumeMounts
+          value:
+            - name: google-account-key
+              mountPath: /google-account-key
+              readOnly: true
+  - it: Should reference volume
+    set:
+      fileSecrets:
+        - name: google-account-key
+          path: /google-account-key
+          secrets:
+            key.json: supersecret
+    asserts:
+      - equal:
+          path: spec.template.spec.volumes
+          value:
+            - name: google-account-key
+              secret:
+                secretName: RELEASE-NAME-google-account-key