From 18966b01ab02abac4cb6e96d249d01a39c47c280 Mon Sep 17 00:00:00 2001 From: Nicholas Wilde Date: Sun, 28 Feb 2021 11:33:07 -0800 Subject: [PATCH] [common] 3.1.0 Addition of secret kind (#596) Signed-off-by: Nicholas Wilde --- charts/common/Chart.yaml | 4 +++- charts/common/README.md | 15 ++++++++++++--- charts/common/README_CHANGELOG.md.gotmpl | 8 ++++++++ charts/common/templates/_all.tpl | 6 +++++- charts/common/templates/_secret.tpl | 16 ++++++++++++++++ .../templates/lib/controller/_container.tpl | 12 +++++++++--- charts/common/values.yaml | 6 ++++++ test/charts/common-test_spec.rb | 14 ++++++++++++++ 8 files changed, 73 insertions(+), 8 deletions(-) create mode 100644 charts/common/templates/_secret.tpl diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml index a7dcb12e..e8a0d365 100644 --- a/charts/common/Chart.yaml +++ b/charts/common/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: common description: Function library for k8s-at-home charts type: library -version: 3.0.1 +version: 3.1.0 kubeVersion: ">=1.16.0-0" keywords: - k8s-at-home @@ -11,3 +11,5 @@ home: https://github.com/k8s-at-home/charts/tree/master/charts/common maintainers: - name: bjw-s email: me@bjw-s.dev +- name: nicholaswilde + email: ncwilde43@gmail.com diff --git a/charts/common/README.md b/charts/common/README.md index eeec51b3..ee63869a 100644 --- a/charts/common/README.md +++ b/charts/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 3.0.1](https://img.shields.io/badge/Version-3.0.1-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) +![Version: 3.1.0](https://img.shields.io/badge/Version-3.1.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) Function library for k8s-at-home charts @@ -74,7 +74,7 @@ Include this chart as a dependency in your `Chart.yaml` e.g. # Chart.yaml dependencies: - name: common - version: 3.0.1 + version: 3.1.0 repository: https://k8s-at-home.com/charts/ ``` Write a `values.yaml` with some basic defaults you want to present to the user e.g. @@ -252,6 +252,7 @@ helm dependency update | probes.startup.spec.timeoutSeconds | int | `1` | | | replicas | int | `1` | | | resources | object | `{}` | | +| secret | object | `{}` | | | securityContext | object | `{}` | | | service.additionalPorts | list | `[]` | | | service.additionalServices | list | `[]` | | @@ -277,6 +278,12 @@ All notable changes to this application Helm chart will be documented in this fi The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +### [3.1.0] + +#### Added + +- Allow setting secret values through Helm values file. + ### [3.0.1] #### Fixed @@ -389,6 +396,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 This is the last version before starting this changelog. All sorts of cool stuff was changed, but only `git log` remembers what that was :slightly_frowning_face: +[3.1.0]: #3.1.0 + [3.0.1]: #3.0.1 [3.0.0]: #3.0.0 @@ -421,4 +430,4 @@ This is the last version before starting this changelog. All sorts of cool stuff - Join our [Discord](https://discord.gg/sTMX7Vh) community ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) \ No newline at end of file +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/common/README_CHANGELOG.md.gotmpl b/charts/common/README_CHANGELOG.md.gotmpl index 7f384333..2d71b8dc 100644 --- a/charts/common/README_CHANGELOG.md.gotmpl +++ b/charts/common/README_CHANGELOG.md.gotmpl @@ -10,6 +10,12 @@ All notable changes to this application Helm chart will be documented in this fi The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +### [3.1.0] + +#### Added + +- Allow setting secret values through Helm values file. + ### [3.0.1] #### Fixed @@ -122,6 +128,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 This is the last version before starting this changelog. All sorts of cool stuff was changed, but only `git log` remembers what that was :slightly_frowning_face: +[3.1.0]: #3.1.0 + [3.0.1]: #3.0.1 [3.0.0]: #3.0.0 diff --git a/charts/common/templates/_all.tpl b/charts/common/templates/_all.tpl index 0a4555e5..36d42fdf 100644 --- a/charts/common/templates/_all.tpl +++ b/charts/common/templates/_all.tpl @@ -4,7 +4,7 @@ Main entrypoint for the common library chart. It will render all underlying temp {{- define "common.all" -}} {{- /* Merge the local chart values and the common chart defaults */ -}} {{- include "common.values.setup" . }} - + {{- /* Enable code-server add-on if required */ -}} {{- if .Values.addons.codeserver.enabled }} {{- include "common.addon.codeserver" . }} @@ -33,4 +33,8 @@ Main entrypoint for the common library chart. It will render all underlying temp {{ include "common.service" . | nindent 0 }} {{- print "---" | nindent 0 -}} {{ include "common.ingress" . | nindent 0 }} + {{- if .Values.secret -}} + {{- print "---" | nindent 0 -}} + {{ include "common.secret" . | nindent 0 }} + {{- end -}} {{- end -}} diff --git a/charts/common/templates/_secret.tpl b/charts/common/templates/_secret.tpl new file mode 100644 index 00000000..34d10d9c --- /dev/null +++ b/charts/common/templates/_secret.tpl @@ -0,0 +1,16 @@ +{{/* +The Secret object to be created. +*/}} +{{- define "common.secret" -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + {{- include "common.labels" . | nindent 4 }} +type: Opaque +{{- with .Values.secret }} +stringData: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/common/templates/lib/controller/_container.tpl b/charts/common/templates/lib/controller/_container.tpl index b8d77fae..921c8b4a 100644 --- a/charts/common/templates/lib/controller/_container.tpl +++ b/charts/common/templates/lib/controller/_container.tpl @@ -27,13 +27,19 @@ The main container included in the controller. {{- end }} {{- range $key, $value := .Values.envValueFrom }} - name: {{ $key }} - valueFrom: + valueFrom: {{- $value | toYaml | nindent 6 }} {{- end }} {{- end }} - {{- with .Values.envFrom }} + {{- if or .Values.envFrom .Values.secret }} envFrom: - {{- toYaml . | nindent 12 }} + {{- with .Values.envFrom }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- if or .Values.secret }} + - secretRef: + name: {{ include "common.names.fullname" . }} + {{- end }} {{- end }} {{- include "common.controller.ports" . | trim | nindent 2 }} volumeMounts: diff --git a/charts/common/values.yaml b/charts/common/values.yaml index 209d9c43..fceb32eb 100644 --- a/charts/common/values.yaml +++ b/charts/common/values.yaml @@ -32,6 +32,12 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" +## Use this to populate a secret with the values you specify. +## Be aware that these values are not encrypted by default, and could therefore visible +## to anybody with access to the values.yaml file. +secret: {} + # PASSWORD: my-password + env: {} # TZ: UTC diff --git a/test/charts/common-test_spec.rb b/test/charts/common-test_spec.rb index 50caf750..40483b43 100644 --- a/test/charts/common-test_spec.rb +++ b/test/charts/common-test_spec.rb @@ -97,6 +97,20 @@ class Test < ChartTest jq('.spec.template.spec.containers[0].env[0].name', resource('Deployment')).must_equal values[:envTpl].keys[0].to_s jq('.spec.template.spec.containers[0].env[0].value', resource('Deployment')).must_equal 'common-test-admin' end + + it 'set "static" secret variables' do + expectedSecretName = 'common-test' + values = { + secret: { + STATIC_SECRET: 'value_of_secret' + } + } + chart.value values + puts jq('.metadata', resource('Secret')) + jq('.spec.template.spec.containers[0].envFrom[0].secretRef.name', resource('Deployment')).must_equal expectedSecretName + jq('.metadata.name', resource('Secret')).must_equal expectedSecretName + jq('.stringData.STATIC_SECRET', resource('Secret')).must_equal values[:secret].values[0].to_s + end end describe 'ports settings' do