feat(configs): make configs available

StackEng · Feb 28, 2025 · 01af157 · 01af157
1 parent adf46fa
commit 01af157
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 16 deletions.
diff --git a/charts/opserver/templates/deployment.yaml b/charts/opserver/templates/deployment.yaml
@@ -35,6 +35,8 @@ spec:
         volumeMounts:
         - name: writable-tmp #need our own read-write enabled temp directory because aspnet spills large requests over to disk
           mountPath: /mnt/tmp
+        - name: opserver-config
+          mountPath: /app/Config
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
         - containerPort: {{ .Values.kestrel.endPoints.http.containerPort }}
@@ -53,10 +55,6 @@ spec:
           initialDelaySeconds: 10
           periodSeconds: 1
           successThreshold: 3
-        volumeMounts:
-        - name: writable-tmp
-          mountPath: /mnt/tmp
-
         env:
         - name: NODE_IP
           valueFrom:
@@ -134,10 +132,10 @@ spec:
         - name: Security__Scopes__1
           value: "groups"
         - name: Security__Scopes__2
-          value: "profile"          
+          value: "profile"
 {{- end }}
 
-      {{- if hasKey .Values.opserverSettings "sql" }}      
+      {{- if hasKey .Values.opserverSettings "sql" }}
         - name: SQL_STATUS_SERVERNAME
           valueFrom:
             secretKeyRef:
@@ -164,7 +162,7 @@ spec:
         {{- end }}
       {{- end }}
 
-      {{- if hasKey .Values.opserverSettings "exceptions" }}      
+      {{- if hasKey .Values.opserverSettings "exceptions" }}
         - name: SQL_EXCEPTIONAL_USERNAME
           valueFrom:
             secretKeyRef:
@@ -214,10 +212,10 @@ spec:
         - key: {{ .key }}
           operator: {{ .operator }}
           value: {{ .value | quote }}
-          effect: {{ .effect }}        
+          effect: {{ .effect }}
         {{- end }}
-      {{- end }}      
-     
+      {{- end }}
+
       restartPolicy: Always
       imagePullSecrets:
       - name: "{{ .Values.image.pullSecretName }}"
@@ -229,3 +227,6 @@ spec:
       volumes:
       - name: writable-tmp
         emptyDir: {}
+      - name: opserver-config
+        secret:
+          secretName: {{ .Values.configSecret.targetName }}
diff --git a/charts/opserver/templates/opserver-config-secret.yaml b/charts/opserver/templates/opserver-config-secret.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ .Values.configSecret.name }}
+spec:
+  refreshInterval: {{ .Values.configSecret.refreshInterval }}
+  secretStoreRef:
+    name: {{ .Values.configSecret.storeRefName }}
+    kind: ClusterSecretStore
+  target:
+    name: {{ .Values.configSecret.targetName }}
+  data:
+  - secretKey: ElasticSettings.json
+    remoteRef:
+      key: {{ .Values.configSecret.remoteRefs.ElasticSettings }}
+  - secretKey: RedisSettings.json
+    remoteRef:
+      key: {{ .Values.configSecret.remoteRefs.RedisSettings }}
+  - secretKey: SQLSettings.json
+    remoteRef:
+      key: {{ .Values.configSecret.remoteRefs.SQLSettings }}
diff --git a/charts/opserver/values.yaml b/charts/opserver/values.yaml
@@ -76,3 +76,13 @@ sqlExternalSecret:
     exceptionalPassword: db-Exceptions-Password
 
 nodeScheduling: {}
+
+configSecret:
+  name: opserver-config
+  refreshInterval: 5m
+  storeRefName: fakeopserversecretstore
+  targetName: opserver-config
+  remoteRefs:
+    ElasticSettings: opserver-elastic-config
+    RedisSettings: opserver-redis-config
+    SQLSettings: opserver-sql-config
diff --git a/cnab/app/app.ps1 b/cnab/app/app.ps1
@@ -1,4 +1,4 @@
-function Get-AppName() {  
+function Get-AppName() {
     $app = 'opserver'
     return $app
 }
@@ -7,7 +7,7 @@ function Is-SingleRegistry() {
     return $True
 }
 
-function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag, $pullSecretName) {  
+function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag, $pullSecretName) {
     Write-MajorStep "Generating Helm values"
     $values = @{
         tier                    = $environment
@@ -18,7 +18,7 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
         db                      = @{
             exceptionalDbName = $vars.exceptionalDbName;
         }
-        
+
         images                  = @{
             containerRegistry = "$containerRegistryUrl"
             opserver          = @{
@@ -49,7 +49,7 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
             agentHost = $vars.datadogAgentHost
             agentPort = $vars.datadogAgentPort
         }
-        
+
         kestrel                 = @{
             endPoints = @{
                 http = @{
@@ -80,6 +80,10 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
             storeRefName = $vars.secretStore
         }
 
+        configSecret       = @{
+            storeRefName = $vars.secretStore
+        }
+
         opserverExternalSecret  = @{
             storeRefName = $vars.secretStore
         }
@@ -88,10 +92,10 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
 
         adminRolebindingGroupId = $vars.adminRolebindingGroupId
     }
-    
+
     # Helm expects a YAML file but YAML is also a superset of JSON, so we can use ConvertTo-Json here
     $valuesFileContent = $values | ConvertTo-Json -Depth 100
     Write-MinorStep "Populated Helm values:"
     Write-MinorStep $valuesFileContent
     return $valuesFileContent
-}
+}