diff --git a/legacy/build-deploy-docker-compose.sh b/legacy/build-deploy-docker-compose.sh index 7304e4b8..e9f4ab0d 100755 --- a/legacy/build-deploy-docker-compose.sh +++ b/legacy/build-deploy-docker-compose.sh @@ -1356,6 +1356,9 @@ do # handle spot configurations . /kubectl-build-deploy/scripts/exec-spot-generation.sh + # handle dynamically added secrets + . /kubectl-build-deploy/scripts/exec-dynamic-secret-volumes.sh + # TODO: we don't need this anymore # DEPLOYMENT_STRATEGY=$(cat $DOCKER_COMPOSE_YAML | shyaml get-value services.$COMPOSE_SERVICE.labels.lagoon\\.deployment\\.strategy false) # if [ ! $DEPLOYMENT_STRATEGY == "false" ]; then diff --git a/legacy/helmcharts/basic-persistent/templates/deployment.yaml b/legacy/helmcharts/basic-persistent/templates/deployment.yaml index 5ad18672..9004a803 100644 --- a/legacy/helmcharts/basic-persistent/templates/deployment.yaml +++ b/legacy/helmcharts/basic-persistent/templates/deployment.yaml @@ -34,6 +34,9 @@ spec: - name: {{ include "basic-persistent.persistentStorageName" . }} persistentVolumeClaim: claimName: {{ include "basic-persistent.persistentStorageName" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "basic-persistent.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -70,6 +73,9 @@ spec: volumeMounts: - name: {{ include "basic-persistent.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/legacy/helmcharts/basic-persistent/values.yaml b/legacy/helmcharts/basic-persistent/values.yaml index acc05dbd..c5f08579 100644 --- a/legacy/helmcharts/basic-persistent/values.yaml +++ b/legacy/helmcharts/basic-persistent/values.yaml @@ -64,4 +64,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/basic/templates/deployment.yaml b/legacy/helmcharts/basic/templates/deployment.yaml index 455bc1d5..12a8f9fc 100644 --- a/legacy/helmcharts/basic/templates/deployment.yaml +++ b/legacy/helmcharts/basic/templates/deployment.yaml @@ -34,6 +34,10 @@ spec: enableServiceLinks: false securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.image | quote }} name: {{ .Chart.Name }} @@ -67,6 +71,10 @@ spec: name: lagoon-env resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/legacy/helmcharts/basic/values.yaml b/legacy/helmcharts/basic/values.yaml index ea7b04e0..383a592f 100644 --- a/legacy/helmcharts/basic/values.yaml +++ b/legacy/helmcharts/basic/values.yaml @@ -61,4 +61,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/cli-persistent/templates/deployment.yaml b/legacy/helmcharts/cli-persistent/templates/deployment.yaml index 38726244..569df5c4 100644 --- a/legacy/helmcharts/cli-persistent/templates/deployment.yaml +++ b/legacy/helmcharts/cli-persistent/templates/deployment.yaml @@ -40,6 +40,9 @@ spec: claimName: {{ .Values.persistentStorage.name }} - name: {{ include "cli-persistent.twig-storage.name" . | quote }} emptyDir: {} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "cli-persistent.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -70,6 +73,9 @@ spec: mountPath: {{ .Values.persistentStorage.path | quote }} - name: {{ include "cli-persistent.twig-storage.name" . | quote }} mountPath: {{ include "cli-persistent.twig-storage.path" . | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} readinessProbe: diff --git a/legacy/helmcharts/cli-persistent/values.yaml b/legacy/helmcharts/cli-persistent/values.yaml index 05c8942a..3d034540 100644 --- a/legacy/helmcharts/cli-persistent/values.yaml +++ b/legacy/helmcharts/cli-persistent/values.yaml @@ -58,4 +58,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/cli/templates/deployment.yaml b/legacy/helmcharts/cli/templates/deployment.yaml index 66a51d15..188e191a 100644 --- a/legacy/helmcharts/cli/templates/deployment.yaml +++ b/legacy/helmcharts/cli/templates/deployment.yaml @@ -39,6 +39,9 @@ spec: secret: defaultMode: 420 secretName: lagoon-sshkey + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.image | quote }} name: {{ include "cli.fullname" . }} @@ -63,6 +66,9 @@ spec: - mountPath: /var/run/secrets/lagoon/sshkey/ name: lagoon-sshkey readOnly: true + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} readinessProbe: initialDelaySeconds: 5 periodSeconds: 2 diff --git a/legacy/helmcharts/cli/values.yaml b/legacy/helmcharts/cli/values.yaml index 23b8a2dd..a33d40d4 100644 --- a/legacy/helmcharts/cli/values.yaml +++ b/legacy/helmcharts/cli/values.yaml @@ -56,4 +56,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/elasticsearch/templates/deployment.yaml b/legacy/helmcharts/elasticsearch/templates/deployment.yaml index acaaa2ab..451f22b2 100644 --- a/legacy/helmcharts/elasticsearch/templates/deployment.yaml +++ b/legacy/helmcharts/elasticsearch/templates/deployment.yaml @@ -36,6 +36,9 @@ spec: - name: {{ include "elasticsearch.persistentStorageName" . }} persistentVolumeClaim: claimName: {{ include "elasticsearch.persistentStorageName" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "elasticsearch.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -85,5 +88,8 @@ spec: volumeMounts: - name: {{ include "elasticsearch.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/legacy/helmcharts/elasticsearch/values.yaml b/legacy/helmcharts/elasticsearch/values.yaml index e74c5eb7..75549ce1 100644 --- a/legacy/helmcharts/elasticsearch/values.yaml +++ b/legacy/helmcharts/elasticsearch/values.yaml @@ -58,4 +58,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/kibana/templates/deployment.yaml b/legacy/helmcharts/kibana/templates/deployment.yaml index dcc3dc3e..32082dbb 100644 --- a/legacy/helmcharts/kibana/templates/deployment.yaml +++ b/legacy/helmcharts/kibana/templates/deployment.yaml @@ -31,6 +31,10 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.image | quote }} name: {{ .Chart.Name }} @@ -61,6 +65,10 @@ spec: periodSeconds: 10 resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/legacy/helmcharts/kibana/values.yaml b/legacy/helmcharts/kibana/values.yaml index a6244e31..c31c41ab 100644 --- a/legacy/helmcharts/kibana/values.yaml +++ b/legacy/helmcharts/kibana/values.yaml @@ -84,4 +84,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/logstash/templates/deployment.yaml b/legacy/helmcharts/logstash/templates/deployment.yaml index cbdc1c0d..231815ea 100644 --- a/legacy/helmcharts/logstash/templates/deployment.yaml +++ b/legacy/helmcharts/logstash/templates/deployment.yaml @@ -31,6 +31,10 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name | quote }} securityContext: @@ -63,6 +67,10 @@ spec: periodSeconds: 10 resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/legacy/helmcharts/logstash/values.yaml b/legacy/helmcharts/logstash/values.yaml index 94b7800f..563b7285 100644 --- a/legacy/helmcharts/logstash/values.yaml +++ b/legacy/helmcharts/logstash/values.yaml @@ -74,4 +74,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/mariadb-single/templates/deployment.yaml b/legacy/helmcharts/mariadb-single/templates/deployment.yaml index f11b63e3..9c4e6c47 100644 --- a/legacy/helmcharts/mariadb-single/templates/deployment.yaml +++ b/legacy/helmcharts/mariadb-single/templates/deployment.yaml @@ -37,6 +37,9 @@ spec: - name: {{ include "mariadb-single.fullname" . }} persistentVolumeClaim: claimName: {{ include "mariadb-single.fullname" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: @@ -69,6 +72,9 @@ spec: volumeMounts: - name: {{ include "mariadb-single.fullname" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/legacy/helmcharts/mariadb-single/values.yaml b/legacy/helmcharts/mariadb-single/values.yaml index 654422fc..8cae3797 100644 --- a/legacy/helmcharts/mariadb-single/values.yaml +++ b/legacy/helmcharts/mariadb-single/values.yaml @@ -82,4 +82,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/mongodb-single/templates/deployment.yaml b/legacy/helmcharts/mongodb-single/templates/deployment.yaml index 30779c7c..19272caa 100644 --- a/legacy/helmcharts/mongodb-single/templates/deployment.yaml +++ b/legacy/helmcharts/mongodb-single/templates/deployment.yaml @@ -37,6 +37,9 @@ spec: - name: {{ include "mongodb-single.fullname" . }} persistentVolumeClaim: claimName: {{ include "mongodb-single.fullname" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: @@ -64,6 +67,9 @@ spec: volumeMounts: - name: {{ include "mongodb-single.fullname" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/legacy/helmcharts/mongodb-single/values.yaml b/legacy/helmcharts/mongodb-single/values.yaml index f618d89f..cb6d6bd9 100644 --- a/legacy/helmcharts/mongodb-single/values.yaml +++ b/legacy/helmcharts/mongodb-single/values.yaml @@ -82,4 +82,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/nginx-php-persistent/templates/deployment.yaml b/legacy/helmcharts/nginx-php-persistent/templates/deployment.yaml index 70eacce7..26489ffc 100644 --- a/legacy/helmcharts/nginx-php-persistent/templates/deployment.yaml +++ b/legacy/helmcharts/nginx-php-persistent/templates/deployment.yaml @@ -36,6 +36,9 @@ spec: claimName: {{ include "nginx-php-persistent.persistentStorageName" . }} - name: {{ include "nginx-php-persistent.twig-storage.name" . | quote }} emptyDir: {} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "nginx-php-persistent.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -102,6 +105,9 @@ spec: volumeMounts: - name: {{ include "nginx-php-persistent.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources.nginx | nindent 12 }} @@ -136,6 +142,9 @@ spec: mountPath: {{ .Values.persistentStorage.path | quote }} - name: {{ include "nginx-php-persistent.twig-storage.name" . | quote }} mountPath: {{ include "nginx-php-persistent.twig-storage.path" . | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources.php | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/legacy/helmcharts/nginx-php-persistent/values.yaml b/legacy/helmcharts/nginx-php-persistent/values.yaml index 257a0d8a..383f2814 100644 --- a/legacy/helmcharts/nginx-php-persistent/values.yaml +++ b/legacy/helmcharts/nginx-php-persistent/values.yaml @@ -74,4 +74,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/nginx-php/templates/deployment.yaml b/legacy/helmcharts/nginx-php/templates/deployment.yaml index 1fbd0511..61def803 100644 --- a/legacy/helmcharts/nginx-php/templates/deployment.yaml +++ b/legacy/helmcharts/nginx-php/templates/deployment.yaml @@ -34,6 +34,10 @@ spec: enableServiceLinks: false securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.images.nginx | quote }} name: "nginx" @@ -69,6 +73,10 @@ spec: name: lagoon-env resources: {{- toYaml .Values.resources.nginx | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} - image: {{ .Values.images.php | quote }} name: "php" @@ -98,6 +106,10 @@ spec: value: '127.0.0.1' resources: {{- toYaml .Values.resources.php | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/legacy/helmcharts/nginx-php/values.yaml b/legacy/helmcharts/nginx-php/values.yaml index 58668700..8bc87857 100644 --- a/legacy/helmcharts/nginx-php/values.yaml +++ b/legacy/helmcharts/nginx-php/values.yaml @@ -71,4 +71,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/nginx/templates/deployment.yaml b/legacy/helmcharts/nginx/templates/deployment.yaml index 14c71a75..95192f07 100644 --- a/legacy/helmcharts/nginx/templates/deployment.yaml +++ b/legacy/helmcharts/nginx/templates/deployment.yaml @@ -32,6 +32,10 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.image | quote }} name: {{ .Chart.Name }} @@ -67,6 +71,10 @@ spec: name: lagoon-env resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/legacy/helmcharts/nginx/values.yaml b/legacy/helmcharts/nginx/values.yaml index 4197df52..c8c5bf87 100644 --- a/legacy/helmcharts/nginx/values.yaml +++ b/legacy/helmcharts/nginx/values.yaml @@ -84,4 +84,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/node-persistent/templates/deployment.yaml b/legacy/helmcharts/node-persistent/templates/deployment.yaml index b42015e8..c8343c57 100644 --- a/legacy/helmcharts/node-persistent/templates/deployment.yaml +++ b/legacy/helmcharts/node-persistent/templates/deployment.yaml @@ -34,6 +34,9 @@ spec: - name: {{ include "node-persistent.persistentStorageName" . }} persistentVolumeClaim: claimName: {{ include "node-persistent.persistentStorageName" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "node-persistent.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -70,6 +73,9 @@ spec: volumeMounts: - name: {{ include "node-persistent.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/legacy/helmcharts/node-persistent/values.yaml b/legacy/helmcharts/node-persistent/values.yaml index fe652431..4923270c 100644 --- a/legacy/helmcharts/node-persistent/values.yaml +++ b/legacy/helmcharts/node-persistent/values.yaml @@ -64,4 +64,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/node/templates/deployment.yaml b/legacy/helmcharts/node/templates/deployment.yaml index 3f2eed23..37e53af8 100644 --- a/legacy/helmcharts/node/templates/deployment.yaml +++ b/legacy/helmcharts/node/templates/deployment.yaml @@ -34,6 +34,10 @@ spec: enableServiceLinks: false securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.image | quote }} name: {{ .Chart.Name }} @@ -67,6 +71,10 @@ spec: name: lagoon-env resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/legacy/helmcharts/node/values.yaml b/legacy/helmcharts/node/values.yaml index b9043020..020a4b5c 100644 --- a/legacy/helmcharts/node/values.yaml +++ b/legacy/helmcharts/node/values.yaml @@ -61,4 +61,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/opensearch/templates/deployment.yaml b/legacy/helmcharts/opensearch/templates/deployment.yaml index 6cd2903a..2ea98154 100644 --- a/legacy/helmcharts/opensearch/templates/deployment.yaml +++ b/legacy/helmcharts/opensearch/templates/deployment.yaml @@ -36,6 +36,9 @@ spec: - name: {{ include "opensearch.persistentStorageName" . }} persistentVolumeClaim: claimName: {{ include "opensearch.persistentStorageName" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "opensearch.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -87,5 +90,8 @@ spec: volumeMounts: - name: {{ include "opensearch.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/legacy/helmcharts/opensearch/values.yaml b/legacy/helmcharts/opensearch/values.yaml index bbf983d0..0c68749f 100644 --- a/legacy/helmcharts/opensearch/values.yaml +++ b/legacy/helmcharts/opensearch/values.yaml @@ -59,3 +59,8 @@ configMapSha: "" useSpot: false cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] + diff --git a/legacy/helmcharts/postgres-single/templates/deployment.yaml b/legacy/helmcharts/postgres-single/templates/deployment.yaml index 54e6d608..d57c9953 100644 --- a/legacy/helmcharts/postgres-single/templates/deployment.yaml +++ b/legacy/helmcharts/postgres-single/templates/deployment.yaml @@ -37,6 +37,9 @@ spec: - name: {{ include "postgres-single.fullname" . }} persistentVolumeClaim: claimName: {{ include "postgres-single.fullname" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: @@ -69,6 +72,9 @@ spec: volumeMounts: - name: {{ include "postgres-single.fullname" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/legacy/helmcharts/postgres-single/values.yaml b/legacy/helmcharts/postgres-single/values.yaml index 138ba92f..673067c7 100644 --- a/legacy/helmcharts/postgres-single/values.yaml +++ b/legacy/helmcharts/postgres-single/values.yaml @@ -82,4 +82,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/python-persistent/templates/deployment.yaml b/legacy/helmcharts/python-persistent/templates/deployment.yaml index 1e096991..e361c11a 100644 --- a/legacy/helmcharts/python-persistent/templates/deployment.yaml +++ b/legacy/helmcharts/python-persistent/templates/deployment.yaml @@ -33,6 +33,9 @@ spec: - name: {{ include "python-persistent.persistentStorageName" . }} persistentVolumeClaim: claimName: {{ include "python-persistent.persistentStorageName" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "python-persistent.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -71,6 +74,9 @@ spec: volumeMounts: - name: {{ include "python-persistent.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/legacy/helmcharts/python-persistent/values.yaml b/legacy/helmcharts/python-persistent/values.yaml index e900bb4a..3b6e9b67 100644 --- a/legacy/helmcharts/python-persistent/values.yaml +++ b/legacy/helmcharts/python-persistent/values.yaml @@ -64,4 +64,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/python/templates/deployment.yaml b/legacy/helmcharts/python/templates/deployment.yaml index aaba74c1..753e945b 100644 --- a/legacy/helmcharts/python/templates/deployment.yaml +++ b/legacy/helmcharts/python/templates/deployment.yaml @@ -33,6 +33,10 @@ spec: enableServiceLinks: false securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.image | quote }} name: {{ .Chart.Name }} @@ -66,6 +70,10 @@ spec: name: lagoon-env resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/legacy/helmcharts/python/values.yaml b/legacy/helmcharts/python/values.yaml index 9963e1fe..9c4aa6c9 100644 --- a/legacy/helmcharts/python/values.yaml +++ b/legacy/helmcharts/python/values.yaml @@ -61,4 +61,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] \ No newline at end of file diff --git a/legacy/helmcharts/rabbitmq/templates/deployment.yaml b/legacy/helmcharts/rabbitmq/templates/deployment.yaml index 1bf3393f..2fb35787 100644 --- a/legacy/helmcharts/rabbitmq/templates/deployment.yaml +++ b/legacy/helmcharts/rabbitmq/templates/deployment.yaml @@ -38,6 +38,9 @@ spec: - name: {{ include "rabbitmq.persistentStorageName" . }} persistentVolumeClaim: claimName: {{ include "rabbitmq.persistentStorageName" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "rabbitmq.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -73,5 +76,8 @@ spec: volumeMounts: - name: {{ include "rabbitmq.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/legacy/helmcharts/rabbitmq/values.yaml b/legacy/helmcharts/rabbitmq/values.yaml index 5088d82c..09e424ba 100644 --- a/legacy/helmcharts/rabbitmq/values.yaml +++ b/legacy/helmcharts/rabbitmq/values.yaml @@ -58,4 +58,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/redis-persistent/templates/deployment.yaml b/legacy/helmcharts/redis-persistent/templates/deployment.yaml index 273016f3..fe6ba2a3 100644 --- a/legacy/helmcharts/redis-persistent/templates/deployment.yaml +++ b/legacy/helmcharts/redis-persistent/templates/deployment.yaml @@ -38,6 +38,9 @@ spec: - name: {{ include "redis-persistent.persistentStorageName" . }} persistentVolumeClaim: claimName: {{ include "redis-persistent.persistentStorageName" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "redis-persistent.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -75,6 +78,9 @@ spec: volumeMounts: - name: {{ include "redis-persistent.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/legacy/helmcharts/redis-persistent/values.yaml b/legacy/helmcharts/redis-persistent/values.yaml index 837f310f..9c31d007 100644 --- a/legacy/helmcharts/redis-persistent/values.yaml +++ b/legacy/helmcharts/redis-persistent/values.yaml @@ -79,4 +79,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/redis/templates/deployment.yaml b/legacy/helmcharts/redis/templates/deployment.yaml index b9a6793a..cd203234 100644 --- a/legacy/helmcharts/redis/templates/deployment.yaml +++ b/legacy/helmcharts/redis/templates/deployment.yaml @@ -34,6 +34,10 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.image | quote }} name: {{ .Chart.Name }} @@ -64,6 +68,10 @@ spec: periodSeconds: 10 resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/legacy/helmcharts/redis/values.yaml b/legacy/helmcharts/redis/values.yaml index 87cf3b33..92354da6 100644 --- a/legacy/helmcharts/redis/values.yaml +++ b/legacy/helmcharts/redis/values.yaml @@ -75,4 +75,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/solr/templates/deployment.yaml b/legacy/helmcharts/solr/templates/deployment.yaml index 17521a1e..fb95c0bc 100644 --- a/legacy/helmcharts/solr/templates/deployment.yaml +++ b/legacy/helmcharts/solr/templates/deployment.yaml @@ -38,6 +38,9 @@ spec: - name: {{ include "solr.persistentStorageName" . }} persistentVolumeClaim: claimName: {{ include "solr.persistentStorageName" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "solr.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -71,5 +74,8 @@ spec: volumeMounts: - name: {{ include "solr.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/legacy/helmcharts/solr/values.yaml b/legacy/helmcharts/solr/values.yaml index ff5d34c5..ec3f7dda 100644 --- a/legacy/helmcharts/solr/values.yaml +++ b/legacy/helmcharts/solr/values.yaml @@ -58,4 +58,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/varnish-persistent/templates/deployment.yaml b/legacy/helmcharts/varnish-persistent/templates/deployment.yaml index 84fb3bd9..c97d3f45 100644 --- a/legacy/helmcharts/varnish-persistent/templates/deployment.yaml +++ b/legacy/helmcharts/varnish-persistent/templates/deployment.yaml @@ -38,6 +38,9 @@ spec: - name: {{ include "varnish-persistent.persistentStorageName" . }} persistentVolumeClaim: claimName: {{ include "varnish-persistent.persistentStorageName" . }} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "varnish-persistent.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -74,6 +77,9 @@ spec: volumeMounts: - name: {{ include "varnish-persistent.persistentStorageName" . }} mountPath: {{ .Values.persistentStorage.path | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/legacy/helmcharts/varnish-persistent/values.yaml b/legacy/helmcharts/varnish-persistent/values.yaml index 67edf404..3a969ab4 100644 --- a/legacy/helmcharts/varnish-persistent/values.yaml +++ b/legacy/helmcharts/varnish-persistent/values.yaml @@ -83,4 +83,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/varnish/templates/deployment.yaml b/legacy/helmcharts/varnish/templates/deployment.yaml index 40bca791..4a700128 100644 --- a/legacy/helmcharts/varnish/templates/deployment.yaml +++ b/legacy/helmcharts/varnish/templates/deployment.yaml @@ -34,6 +34,10 @@ spec: enableServiceLinks: false securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.image | quote }} name: {{ .Chart.Name }} @@ -63,6 +67,10 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/legacy/helmcharts/varnish/values.yaml b/legacy/helmcharts/varnish/values.yaml index 0a52785b..c0b346ab 100644 --- a/legacy/helmcharts/varnish/values.yaml +++ b/legacy/helmcharts/varnish/values.yaml @@ -79,4 +79,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/worker-persistent/templates/deployment.yaml b/legacy/helmcharts/worker-persistent/templates/deployment.yaml index c0f17cd8..ca79b9b5 100644 --- a/legacy/helmcharts/worker-persistent/templates/deployment.yaml +++ b/legacy/helmcharts/worker-persistent/templates/deployment.yaml @@ -36,6 +36,9 @@ spec: claimName: {{ .Values.persistentStorage.name }} - name: {{ include "worker-persistent.twig-storage.name" . | quote }} emptyDir: {} + {{- if .Values.dynamicSecretVolumes }} + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} priorityClassName: {{ include "worker-persistent.lagoonPriority" . }} enableServiceLinks: false securityContext: @@ -63,6 +66,9 @@ spec: mountPath: {{ .Values.persistentStorage.path | quote }} - name: {{ include "worker-persistent.twig-storage.name" . | quote }} mountPath: {{ include "worker-persistent.twig-storage.path" . | quote }} + {{- if .Values.dynamicSecretMounts }} + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} readinessProbe: diff --git a/legacy/helmcharts/worker-persistent/values.yaml b/legacy/helmcharts/worker-persistent/values.yaml index 40c6488a..c3e98c20 100644 --- a/legacy/helmcharts/worker-persistent/values.yaml +++ b/legacy/helmcharts/worker-persistent/values.yaml @@ -58,4 +58,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/helmcharts/worker/templates/deployment.yaml b/legacy/helmcharts/worker/templates/deployment.yaml index b8687916..a6cc2dd1 100644 --- a/legacy/helmcharts/worker/templates/deployment.yaml +++ b/legacy/helmcharts/worker/templates/deployment.yaml @@ -34,6 +34,10 @@ spec: enableServiceLinks: false securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.dynamicSecretVolumes }} + volumes: + {{- toYaml .Values.dynamicSecretVolumes | nindent 8 }} + {{- end }} containers: - image: {{ .Values.image | quote }} name: {{ include "worker.fullname" . }} @@ -54,6 +58,10 @@ spec: name: lagoon-env resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.dynamicSecretMounts }} + volumeMounts: + {{- toYaml .Values.dynamicSecretMounts | nindent 12 }} + {{- end }} readinessProbe: initialDelaySeconds: 5 periodSeconds: 2 diff --git a/legacy/helmcharts/worker/values.yaml b/legacy/helmcharts/worker/values.yaml index 98effda2..61a57d08 100644 --- a/legacy/helmcharts/worker/values.yaml +++ b/legacy/helmcharts/worker/values.yaml @@ -56,4 +56,8 @@ configMapSha: "" useSpot: false -cronjobUseSpot: false \ No newline at end of file +cronjobUseSpot: false + +dynamicSecretMounts: [] + +dynamicSecretVolumes: [] diff --git a/legacy/scripts/exec-dynamic-secret-volumes.sh b/legacy/scripts/exec-dynamic-secret-volumes.sh new file mode 100755 index 00000000..131cd288 --- /dev/null +++ b/legacy/scripts/exec-dynamic-secret-volumes.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Dynamic secret loading +# This script will look in the current namespace for any secrets that have been + +DYNAMIC_SECRET_LABEL="lagoon.sh/dynamic-secret" + +KBD_SERVICE_VALUES_FILE="/${KBD_SERVICE_VALUES_OUTDIR:-kubectl-build-deploy}/${SERVICE_NAME}-values.yaml" + +VOLUME_MOUNT_BASE_PATH="/var/run/secrets/lagoon/dynamic/" + +VOLUME_NAME_PREFIX="dynamic-" +SECRET_NAME_PREFIX="dynamic-" + +RAW_KUBECTL_JSON_SECRET_LIST=$(kubectl --namespace ${NAMESPACE} get secrets -l $DYNAMIC_SECRET_LABEL -o json) + + +SECRET_MOUNT_VALUES=$'dynamicSecretMounts:\n' +SECRET_VOL_VALUES=$'dynamicSecretVolumes:\n' + +echo "$RAW_KUBECTL_JSON_SECRET_LIST" | jq -c --raw-output '.items[] | .metadata.name' | ( + while IFS=$"\n" read -r name; do + # so we have to do two things here. Generate the volume and the mount + MOUNT_PATH="$VOLUME_MOUNT_BASE_PATH$name" + SECRET_NAME="$name" + VOLUME_NAME="$VOLUME_NAME_PREFIX$name" + SECRET_MOUNT_VALUES+="\ + - name: $VOLUME_NAME + mountPath: "$MOUNT_PATH" + readOnly: true +" + + SECRET_VOL_VALUES+="\ + - name: $VOLUME_NAME + secret: + secretName: $SECRET_NAME + optional: false +" + done + echo "$SECRET_MOUNT_VALUES" >> $KBD_SERVICE_VALUES_FILE + echo "$SECRET_VOL_VALUES" >> $KBD_SERVICE_VALUES_FILE +)