Merge pull request #36 from foomo/auto-secrets-mount

feat(squadron): auto mount secrets
foomo · Oct 30, 2024 · b71dc16 · b71dc16
2 parents 4b29293 + e3eba8d
commit b71dc16
Show file tree

Hide file tree

Showing 15 changed files with 143 additions and 69 deletions.
diff --git a/charts/squadron-keel-cronjob/Chart.yaml b/charts/squadron-keel-cronjob/Chart.yaml
@@ -15,5 +15,5 @@ annotations:
     - name: Chart Source
       url: https://github.com/foomo/helm-charts
 
-version: 0.1.5
-appVersion: 0.1.5
+version: 0.1.6
+appVersion: 0.1.6
diff --git a/charts/squadron-keel-cronjob/README.md b/charts/squadron-keel-cronjob/README.md
@@ -1,6 +1,6 @@
 # squadron-keel-cronjob
 
-![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.5](https://img.shields.io/badge/AppVersion-0.1.5-informational?style=flat-square)
+![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.6](https://img.shields.io/badge/AppVersion-0.1.6-informational?style=flat-square)
 
 Squadron Keel CronJob Chart
 

diff --git a/charts/squadron-keel-cronjob/templates/cronjob.yaml b/charts/squadron-keel-cronjob/templates/cronjob.yaml
@@ -85,6 +85,11 @@ spec:
                 {{- with .Values.cronjob.additionalVolumeMounts }}
                 {{- toYaml . | nindent 16 }}
                 {{- end }}
+                {{- range $key, $value := .Values.secrets }}
+                - name: {{ include "keel.cronjob.fullname" $ }}-{{ $key }}
+                  readOnly: true
+                  mountPath: /run/secrets/{{ $key }}
+                {{- end }}
                 {{- range .Values.secretMounts }}
                 - name: {{ . }}
                   readOnly: true
@@ -131,6 +136,11 @@ spec:
               persistentVolumeClaim:
                 claimName: {{ include "keel.cronjob.fullname" . }}-data
             {{- end }}
+            {{- range $key, $value := .Values.secrets }}
+              - name: {{ $key }}
+                secret:
+                  secretName: {{ include "keel.cronjob.fullname" $ }}-{{ $key }}
+            {{- end }}
             {{- range .Values.secretMounts }}
             - name: {{ . }}
               secret:

diff --git a/charts/squadron-keel-cronjob/values.schema.json b/charts/squadron-keel-cronjob/values.schema.json
@@ -803,13 +803,13 @@
     },
     "secretEnv": {
       "additionalProperties": true,
-      "description": "Map of environment variables to add as a secret",
+      "description": "env:\n  FOO: bar\nMap of environment variables to add as a secret",
       "required": [],
       "title": "secretEnv",
       "type": "object"
     },
     "secretMounts": {
-      "description": "secretEnv:\n  FOO: bar\nList of existing secrets to be mounted",
+      "description": "secrets:\n  my-secret:\n    data: ...\nList of existing secrets to be mounted",
       "items": {
         "required": [],
         "type": "string"
@@ -832,7 +832,7 @@
         },
         "type": "object"
       },
-      "description": "env:\n  FOO: bar\nMap of secrets to be mounted",
+      "description": "secretEnv:\n  FOO: bar\nMap of secrets to be mounted",
       "required": [],
       "title": "secrets",
       "type": "object"

diff --git a/charts/squadron-keel-cronjob/values.yaml b/charts/squadron-keel-cronjob/values.yaml
@@ -41,6 +41,7 @@ global:
       # -- Will be automatically injected (optional)
       # @section -- Global
       fleet: ''
+
 # @schema
 # type: string
 # @schema
@@ -78,6 +79,52 @@ schedule: ''
 # -- Cron job time zone
 # @section -- General
 timeZone: 'Europe/Berlin'
+# @schema
+# type: object
+# additionalProperties: true
+# @schema
+# -- Map of environment variables to add
+# @section -- General
+env: { }
+# env:
+#   FOO: bar
+# @schema
+# type: object
+# additionalProperties: true
+# @schema
+# -- Map of environment variables to add as a secret
+# @section -- General
+secretEnv: { }
+# secretEnv:
+#   FOO: bar
+# @schema
+# type: object
+# additionalProperties:
+#   type: object
+#   properties:
+#     data:
+#       type: object
+#       additionalProperties: true
+#     stringData:
+#       type: object
+#       additionalProperties: true
+# @schema
+# -- Map of secrets to be mounted
+# @section -- General
+secrets: { }
+# secrets:
+#   my-secret:
+#     data: ...
+# @schema
+# type: array
+# items:
+#   type: string
+# @schema
+# -- List of existing secrets to be mounted
+# @section -- General
+secretMounts: []
+# secretMounts:
+#   - my-secret
 
 # @schema
 # type: object
@@ -220,50 +267,6 @@ image:
   # @section -- Image settings
   tag: ''
 
-# @schema
-# type: object
-# additionalProperties: true
-# @schema
-# -- Map of environment variables to add
-# @section -- General
-env: { }
-# env:
-#   FOO: bar
-# @schema
-# type: object
-# additionalProperties:
-#   type: object
-#   properties:
-#     data:
-#       type: object
-#       additionalProperties: true
-#     stringData:
-#       type: object
-#       additionalProperties: true
-# @schema
-# -- Map of secrets to be mounted
-# @section -- General
-secrets: { }
-# @schema
-# type: object
-# additionalProperties: true
-# @schema
-# -- Map of environment variables to add as a secret
-# @section -- General
-secretEnv: { }
-# secretEnv:
-#   FOO: bar
-# @schema
-# type: array
-# items:
-#   type: string
-# @schema
-# -- List of existing secrets to be mounted
-# @section -- General
-secretMounts: []
-# secretMounts:
-#   - my-secret
-
 # @schema
 # type: object
 # @schema

diff --git a/charts/squadron-keel-server/Chart.yaml b/charts/squadron-keel-server/Chart.yaml
@@ -15,5 +15,5 @@ annotations:
     - name: Chart Source
       url: https://github.com/foomo/helm-charts
 
-version: 0.1.11
-appVersion: 0.1.11
+version: 0.1.12
+appVersion: 0.1.12
diff --git a/charts/squadron-keel-server/README.md b/charts/squadron-keel-server/README.md
@@ -1,6 +1,6 @@
 # squadron-keel-server
 
-![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.11](https://img.shields.io/badge/AppVersion-0.1.11-informational?style=flat-square)
+![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.12](https://img.shields.io/badge/AppVersion-0.1.12-informational?style=flat-square)
 
 Squadron Keel Server Chart
 

diff --git a/charts/squadron-keel-server/templates/deployment.yaml b/charts/squadron-keel-server/templates/deployment.yaml
@@ -97,6 +97,11 @@ spec:
             {{- with .Values.server.additionalVolumeMounts }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
+            {{- range $key, $value := .Values.secrets }}
+            - name: {{ include "keel.server.fullname" $ }}-{{ $key }}
+              readOnly: true
+              mountPath: /run/secrets/{{ $key }}
+            {{- end }}
             {{- range .Values.secretMounts }}
             - name: {{ . }}
               readOnly: true
@@ -143,6 +148,11 @@ spec:
           persistentVolumeClaim:
             claimName: {{ include "keel.server.fullname" . }}-data
         {{- end }}
+        {{- range $key, $value := .Values.secrets }}
+        - name: {{ $key }}
+          secret:
+            secretName: {{ include "keel.server.fullname" $ }}-{{ $key }}
+        {{- end }}
         {{- range .Values.secretMounts }}
         - name: {{ . }}
           secret:

diff --git a/charts/squadron-keel-server/values.schema.json b/charts/squadron-keel-server/values.schema.json
@@ -713,13 +713,13 @@
     },
     "secretEnv": {
       "additionalProperties": true,
-      "description": "Map of environment variables to add as a secret",
+      "description": "env:\n  FOO: bar\nMap of environment variables to add as a secret",
       "required": [],
       "title": "secretEnv",
       "type": "object"
     },
     "secretMounts": {
-      "description": "secretEnv:\n  FOO: bar\nList of existing secrets to be mounted",
+      "description": "secrets:\n  my-secret:\n    data: ...\nList of existing secrets to be mounted",
       "items": {
         "required": [],
         "type": "string"
@@ -742,7 +742,7 @@
         },
         "type": "object"
       },
-      "description": "env:\n  FOO: bar\nMap of secrets to be mounted",
+      "description": "secretEnv:\n  FOO: bar\nMap of secrets to be mounted",
       "required": [],
       "title": "secrets",
       "type": "object"

diff --git a/charts/squadron-keel-server/values.yaml b/charts/squadron-keel-server/values.yaml
@@ -99,6 +99,15 @@ env: { }
 #   FOO: bar
 # @schema
 # type: object
+# additionalProperties: true
+# @schema
+# -- Map of environment variables to add as a secret
+# @section -- General
+secretEnv: { }
+# secretEnv:
+#   FOO: bar
+# @schema
+# type: object
 # additionalProperties:
 #   type: object
 #   properties:
@@ -112,15 +121,9 @@ env: { }
 # -- Map of secrets to be mounted
 # @section -- General
 secrets: { }
-# @schema
-# type: object
-# additionalProperties: true
-# @schema
-# -- Map of environment variables to add as a secret
-# @section -- General
-secretEnv: { }
-# secretEnv:
-#   FOO: bar
+# secrets:
+#   my-secret:
+#     data: ...
 # @schema
 # type: array
 # items:

diff --git a/charts/squadron-nextjs-server/Chart.yaml b/charts/squadron-nextjs-server/Chart.yaml
@@ -14,5 +14,5 @@ annotations:
     - name: Chart Source
       url: https://github.com/foomo/helm-charts
 
-version: 0.1.5
-appVersion: 0.1.5
+version: 0.1.6
+appVersion: 0.1.6
diff --git a/charts/squadron-nextjs-server/README.md b/charts/squadron-nextjs-server/README.md
@@ -1,6 +1,6 @@
 # squadron-nextjs-server
 
-![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.5](https://img.shields.io/badge/AppVersion-0.1.5-informational?style=flat-square)
+![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.6](https://img.shields.io/badge/AppVersion-0.1.6-informational?style=flat-square)
 
 Squadron NextJS Server Chart
 
@@ -35,6 +35,7 @@ Squadron NextJS Server Chart
 | revisionHistoryLimit | int | `10` | Number of revisions to keep |
 | secretEnv | object | `{}` | Map of environment variables to add as a secret |
 | secretMounts | list | `[]` | List of existing secrets to be mounted |
+| secrets | object | `{}` | Map of secrets to be mounted |
 | updateStrategy | string | `"RollingUpdate"` | Deployment update strategy |
 
 ### Overrides

diff --git a/charts/squadron-nextjs-server/templates/deployment.yaml b/charts/squadron-nextjs-server/templates/deployment.yaml
@@ -81,6 +81,11 @@ spec:
             - name: {{ include "nextjs.server.fullname" . }}-data
               mountPath: {{ .Values.persistence.mountPath }}
             {{- end }}
+            {{- range $key, $value := .Values.secrets }}
+            - name: {{ include "nextjs.server.fullname" $ }}-{{ $key }}
+              readOnly: true
+              mountPath: /run/secrets/{{ $key }}
+            {{- end }}
             {{- with .Values.server.additionalVolumeMounts }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
@@ -130,6 +135,11 @@ spec:
           persistentVolumeClaim:
             claimName: {{ include "nextjs.server.fullname" . }}-data
         {{- end }}
+        {{- range $key, $value := .Values.secrets }}
+        - name: {{ $key }}
+          secret:
+            secretName: {{ include "nextjs.server.fullname" $ }}-{{ $key }}
+        {{- end }}
         {{- range .Values.secretMounts }}
         - name: {{ . }}
           secret:

diff --git a/charts/squadron-nextjs-server/values.schema.json b/charts/squadron-nextjs-server/values.schema.json
@@ -769,7 +769,7 @@
       "type": "object"
     },
     "secretMounts": {
-      "description": "secretEnv:\n  FOO: bar\nList of existing secrets to be mounted",
+      "description": "secrets:\n  my-secret:\n    data: ...\nList of existing secrets to be mounted",
       "items": {
         "required": [],
         "type": "string"
@@ -778,6 +778,25 @@
       "title": "secretMounts",
       "type": "array"
     },
+    "secrets": {
+      "additionalProperties": {
+        "properties": {
+          "data": {
+            "additionalProperties": true,
+            "type": "object"
+          },
+          "stringData": {
+            "additionalProperties": true,
+            "type": "object"
+          }
+        },
+        "type": "object"
+      },
+      "description": "secretEnv:\n  FOO: bar\nMap of secrets to be mounted",
+      "required": [],
+      "title": "secrets",
+      "type": "object"
+    },
     "securityContext": {
       "additionalProperties": false,
       "description": "Security context",

diff --git a/charts/squadron-nextjs-server/values.yaml b/charts/squadron-nextjs-server/values.yaml
@@ -86,6 +86,24 @@ secretEnv: { }
 # secretEnv:
 #   FOO: bar
 # @schema
+# type: object
+# additionalProperties:
+#   type: object
+#   properties:
+#     data:
+#       type: object
+#       additionalProperties: true
+#     stringData:
+#       type: object
+#       additionalProperties: true
+# @schema
+# -- Map of secrets to be mounted
+# @section -- General
+secrets: { }
+# secrets:
+#   my-secret:
+#     data: ...
+# @schema
 # type: array
 # items:
 #   type: string