From 01af15750c3ab4fa1fe413a72ec4abbe39861c92 Mon Sep 17 00:00:00 2001 From: Jason Schwanz Date: Fri, 28 Feb 2025 13:25:17 -0800 Subject: [PATCH] feat(configs): make configs available --- charts/opserver/templates/deployment.yaml | 21 ++++++++++--------- .../templates/opserver-config-secret.yaml | 21 +++++++++++++++++++ charts/opserver/values.yaml | 10 +++++++++ cnab/app/app.ps1 | 16 ++++++++------ 4 files changed, 52 insertions(+), 16 deletions(-) create mode 100644 charts/opserver/templates/opserver-config-secret.yaml diff --git a/charts/opserver/templates/deployment.yaml b/charts/opserver/templates/deployment.yaml index 1264f31c..36c48187 100644 --- a/charts/opserver/templates/deployment.yaml +++ b/charts/opserver/templates/deployment.yaml @@ -35,6 +35,8 @@ spec: volumeMounts: - name: writable-tmp #need our own read-write enabled temp directory because aspnet spills large requests over to disk mountPath: /mnt/tmp + - name: opserver-config + mountPath: /app/Config imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: {{ .Values.kestrel.endPoints.http.containerPort }} @@ -53,10 +55,6 @@ spec: initialDelaySeconds: 10 periodSeconds: 1 successThreshold: 3 - volumeMounts: - - name: writable-tmp - mountPath: /mnt/tmp - env: - name: NODE_IP valueFrom: @@ -134,10 +132,10 @@ spec: - name: Security__Scopes__1 value: "groups" - name: Security__Scopes__2 - value: "profile" + value: "profile" {{- end }} - {{- if hasKey .Values.opserverSettings "sql" }} + {{- if hasKey .Values.opserverSettings "sql" }} - name: SQL_STATUS_SERVERNAME valueFrom: secretKeyRef: @@ -164,7 +162,7 @@ spec: {{- end }} {{- end }} - {{- if hasKey .Values.opserverSettings "exceptions" }} + {{- if hasKey .Values.opserverSettings "exceptions" }} - name: SQL_EXCEPTIONAL_USERNAME valueFrom: secretKeyRef: @@ -214,10 +212,10 @@ spec: - key: {{ .key }} operator: {{ .operator }} value: {{ .value | quote }} - effect: {{ .effect }} + effect: {{ .effect }} {{- end }} - {{- end }} - + {{- end }} + restartPolicy: Always imagePullSecrets: - name: "{{ .Values.image.pullSecretName }}" @@ -229,3 +227,6 @@ spec: volumes: - name: writable-tmp emptyDir: {} + - name: opserver-config + secret: + secretName: {{ .Values.configSecret.targetName }} diff --git a/charts/opserver/templates/opserver-config-secret.yaml b/charts/opserver/templates/opserver-config-secret.yaml new file mode 100644 index 00000000..2c792ce9 --- /dev/null +++ b/charts/opserver/templates/opserver-config-secret.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.configSecret.name }} +spec: + refreshInterval: {{ .Values.configSecret.refreshInterval }} + secretStoreRef: + name: {{ .Values.configSecret.storeRefName }} + kind: ClusterSecretStore + target: + name: {{ .Values.configSecret.targetName }} + data: + - secretKey: ElasticSettings.json + remoteRef: + key: {{ .Values.configSecret.remoteRefs.ElasticSettings }} + - secretKey: RedisSettings.json + remoteRef: + key: {{ .Values.configSecret.remoteRefs.RedisSettings }} + - secretKey: SQLSettings.json + remoteRef: + key: {{ .Values.configSecret.remoteRefs.SQLSettings }} diff --git a/charts/opserver/values.yaml b/charts/opserver/values.yaml index 6f54816e..ea2c850a 100644 --- a/charts/opserver/values.yaml +++ b/charts/opserver/values.yaml @@ -76,3 +76,13 @@ sqlExternalSecret: exceptionalPassword: db-Exceptions-Password nodeScheduling: {} + +configSecret: + name: opserver-config + refreshInterval: 5m + storeRefName: fakeopserversecretstore + targetName: opserver-config + remoteRefs: + ElasticSettings: opserver-elastic-config + RedisSettings: opserver-redis-config + SQLSettings: opserver-sql-config diff --git a/cnab/app/app.ps1 b/cnab/app/app.ps1 index c6b0dbef..ac5eeaf6 100644 --- a/cnab/app/app.ps1 +++ b/cnab/app/app.ps1 @@ -1,4 +1,4 @@ -function Get-AppName() { +function Get-AppName() { $app = 'opserver' return $app } @@ -7,7 +7,7 @@ function Is-SingleRegistry() { return $True } -function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag, $pullSecretName) { +function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag, $pullSecretName) { Write-MajorStep "Generating Helm values" $values = @{ tier = $environment @@ -18,7 +18,7 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag db = @{ exceptionalDbName = $vars.exceptionalDbName; } - + images = @{ containerRegistry = "$containerRegistryUrl" opserver = @{ @@ -49,7 +49,7 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag agentHost = $vars.datadogAgentHost agentPort = $vars.datadogAgentPort } - + kestrel = @{ endPoints = @{ http = @{ @@ -80,6 +80,10 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag storeRefName = $vars.secretStore } + configSecret = @{ + storeRefName = $vars.secretStore + } + opserverExternalSecret = @{ storeRefName = $vars.secretStore } @@ -88,10 +92,10 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag adminRolebindingGroupId = $vars.adminRolebindingGroupId } - + # Helm expects a YAML file but YAML is also a superset of JSON, so we can use ConvertTo-Json here $valuesFileContent = $values | ConvertTo-Json -Depth 100 Write-MinorStep "Populated Helm values:" Write-MinorStep $valuesFileContent return $valuesFileContent -} \ No newline at end of file +}