davidfrickert/onechart
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow mounting of existing secrets (#53)

Browse Source
This commit is contained in:
Marcel Lambacher
2022-09-15 09:35:08 +02:00
committed by GitHub
parent 966f0672c7
commit afcfc36e5f
4 changed files with 101 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
charts/common/templates/_volumeMountsRef.yaml
+9 -1
View File
@@ -1,5 +1,5 @@
{{- define "common.volumeMountsRef.tpl" -}}
{{- if or (or (.Values.volumes) (.Values.sealedFileSecrets)) .Values.fileSecrets }}
{{- if or (or (or (.Values.volumes) (.Values.sealedFileSecrets)) .Values.fileSecrets) .Values.existingFileSecrets }}
volumeMounts: &volumeMounts
{{- range .Values.volumes }}
- name: {{ .name }}
@@ -15,5 +15,13 @@ volumeMounts: &volumeMounts
mountPath: {{ .path }}
readOnly: true
{{- end }}
{{- range .Values.existingFileSecrets }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- if .subPath}}
subPath: {{ .subPath }}
{{- end }}
readOnly: true
{{- end }}
{{- end }}
{{- end }}
charts/common/templates/_volumesRef.yaml
+6 -1
View File
@@ -1,5 +1,5 @@
{{- define "common.volumesRef.tpl" -}}
{{- if or (or (.Values.volumes) (.Values.sealedFileSecrets)) .Values.fileSecrets }}
{{- if or (or (or (.Values.volumes) (.Values.sealedFileSecrets)) .Values.fileSecrets) .Values.existingFileSecrets }}
volumes:
{{- range .Values.volumes }}
- name: {{ .name }}
@@ -30,5 +30,10 @@ volumes:
secret:
secretName: {{ printf "%s-%s" $.Release.Name .name }}
{{- end }}
{{- range .Values.existingFileSecrets }}
- name: {{ .name }}
secret:
secretName: {{ .name }}
{{- end }}
{{- end }}
{{- end -}}
charts/onechart/tests/deployment_existing_file_secrets_test.yaml
+44
View File
@@ -0,0 +1,44 @@
suite: test deployment
templates:
- deployment.yaml
- configmap.yaml
- pvc.yaml
tests:
- it: Should mount volume
set:
existingFileSecrets:
- name: my-existing-secret
path: /config
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- name: my-existing-secret
mountPath: /config
readOnly: true
- it: Should mount volume with optional subPath
set:
existingFileSecrets:
- name: my-existing-secret
path: /config/config.yaml
subPath: config.yml
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- name: my-existing-secret
mountPath: /config/config.yaml
subPath: config.yml
readOnly: true
- it: Should reference volume
set:
existingFileSecrets:
- name: my-existing-secret
path: /config
asserts:
- equal:
path: spec.template.spec.volumes
value:
- name: my-existing-secret
secret:
secretName: my-existing-secret
charts/onechart/values.schema.json
+42
View File
@@ -693,6 +693,48 @@
}
}
},
"existingFileSecrets": {
"$id": "#/properties/existingFileSecrets",
"type": "array",
"title": "Existing file secrets",
"description": "Allows to mount existing secrets into a container",
"default": [],
"additionalItems": true,
"items": {
"$id": "#/properties/existingFileSecrets/items",
"type": "object",
"anyOf": [
{
"id": "#/properties/existingFileSecrets/oneOf/0",
"title": "existingFileSecrets",
"type": "object",
"properties": {
"name": {
"type": "string",
"title": "Name",
"description": "The name of the existing secret to mount",
"default": "data"
},
"path": {
"type": "string",
"title": "Path",
"description": "The mount path inside the container",
"default": "/data"
},
"subPath": {
"type": "string",
"title": "SubPath",
"description": "The optinal mount subpath inside the container, to only mount a specific file but not a complete directory.",
"default": "config.yaml"
}
},
"required": [
"name", "path"
]
}
]
}
},
"volumes": {
"$id": "#/properties/volumes",
"type": "array",