From 21acce1891bb75e28e82a5163709d81395206224 Mon Sep 17 00:00:00 2001 From: Chris Mellard Date: Wed, 10 Feb 2021 03:39:22 +1300 Subject: [PATCH] feat(helm): add in ability to inject init containers in to deployment from values (#615) chore: added in jetbrains ignore files x Co-authored-by: Chris Mellard --- .gitignore | 2 ++ .../templates/deployment.yaml | 17 +++++++++++++++-- .../templates/rbac.yaml | 3 +++ charts/kubernetes-external-secrets/values.yaml | 16 ++++++++++++++++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 4433fb5d..9133c7f5 100644 --- a/.gitignore +++ b/.gitignore @@ -59,3 +59,5 @@ typings/ # e2e test stuff e2e/**/.kubeconfig + +.idea/ diff --git a/charts/kubernetes-external-secrets/templates/deployment.yaml b/charts/kubernetes-external-secrets/templates/deployment.yaml index 1a11cc7a..af74d18c 100644 --- a/charts/kubernetes-external-secrets/templates/deployment.yaml +++ b/charts/kubernetes-external-secrets/templates/deployment.yaml @@ -32,6 +32,9 @@ spec: imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} + {{- if .Values.deploymentInitContainers }} + {{- toYaml .Values.deploymentInitContainers | nindent 6 }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -60,14 +63,19 @@ spec: name: {{ $value.secretKeyRef | quote }} key: {{ $value.key | quote }} {{- end }} - {{- with .Values.filesFromSecret }} + {{- if or .Values.filesFromSecret .Values.extraVolumeMounts }} volumeMounts: + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- with .Values.filesFromSecret }} {{- range $key, $value := . }} - name: {{ $key }} mountPath: {{ $value.mountPath }} readOnly: true {{- end }} {{- end }} + {{- end }} {{- with .Values.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} @@ -91,11 +99,16 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.filesFromSecret }} + {{- if or .Values.filesFromSecret .Values.extraVolumes }} volumes: + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- with .Values.filesFromSecret }} {{- range $key, $value := . }} - name: {{ $key }} secret: secretName: {{ $value.secret }} {{- end }} {{- end }} + {{- end }} diff --git a/charts/kubernetes-external-secrets/templates/rbac.yaml b/charts/kubernetes-external-secrets/templates/rbac.yaml index 2e1b263f..9465af6d 100644 --- a/charts/kubernetes-external-secrets/templates/rbac.yaml +++ b/charts/kubernetes-external-secrets/templates/rbac.yaml @@ -34,6 +34,9 @@ rules: resources: ["customresourcedefinitions"] verbs: ["create"] {{- end }} + {{- if .Values.customClusterRoles }} + {{- toYaml .Values.customClusterRoles | nindent 2 }} + {{- end }} --- {{ if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: rbac.authorization.k8s.io/v1 diff --git a/charts/kubernetes-external-secrets/values.yaml b/charts/kubernetes-external-secrets/values.yaml index ecc8bdec..8d2ca410 100644 --- a/charts/kubernetes-external-secrets/values.yaml +++ b/charts/kubernetes-external-secrets/values.yaml @@ -125,3 +125,19 @@ serviceMonitor: enabled: false interval: "30s" namespace: + +deploymentInitContainers: {} + +# Add in additional named volumes and volume mounts to the deployment +# +extraVolumes: [] +# - name: namedVolume +# emptyDir: {} +# +extraVolumeMounts: [] +# - name: namedVolume +# mountPath: /usr/path +# readOnly: false + +# Add additional RBAC rules to the ClusterRole granted to the service account +customClusterRoles: {}