helm-toolkit: Enable custom secret annotations
Enable custom annotations for secrets [registry, tls] Change-Id: I811d5553f51ad2b26ea9d73db945c043ee2e7a10
This commit is contained in:
parent
34dd0bc5bd
commit
1e5ca80385
@ -15,7 +15,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Helm-Toolkit
|
description: OpenStack-Helm Helm-Toolkit
|
||||||
name: helm-toolkit
|
name: helm-toolkit
|
||||||
version: 0.2.63
|
version: 0.2.64
|
||||||
home: https://docs.openstack.org/openstack-helm
|
home: https://docs.openstack.org/openstack-helm
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -17,6 +17,11 @@ abstract: |
|
|||||||
Creates a manifest for a authenticating a registry with a secret
|
Creates a manifest for a authenticating a registry with a secret
|
||||||
examples:
|
examples:
|
||||||
- values: |
|
- values: |
|
||||||
|
annotations:
|
||||||
|
secret:
|
||||||
|
oci_image_registry:
|
||||||
|
{{ $serviceName }}:
|
||||||
|
custom.tld/key: "value"
|
||||||
secrets:
|
secrets:
|
||||||
oci_image_registry:
|
oci_image_registry:
|
||||||
{{ $serviceName }}: {{ $keyName }}
|
{{ $serviceName }}: {{ $keyName }}
|
||||||
@ -36,30 +41,8 @@ examples:
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $secretName }}
|
name: {{ $secretName }}
|
||||||
type: kubernetes.io/dockerconfigjson
|
annotations:
|
||||||
data:
|
custom.tld/key: "value"
|
||||||
dockerconfigjson: {{ $dockerAuth }}
|
|
||||||
|
|
||||||
- values: |
|
|
||||||
secrets:
|
|
||||||
oci_image_registry:
|
|
||||||
{{ $serviceName }}: {{ $keyName }}
|
|
||||||
endpoints:
|
|
||||||
oci_image_registry:
|
|
||||||
name: oci-image-registry
|
|
||||||
auth:
|
|
||||||
enabled: true
|
|
||||||
{{ $serviceName }}:
|
|
||||||
name: {{ $userName }}
|
|
||||||
password: {{ $password }}
|
|
||||||
usage: |
|
|
||||||
{{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}}
|
|
||||||
return: |
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ $secretName }}
|
|
||||||
type: kubernetes.io/dockerconfigjson
|
type: kubernetes.io/dockerconfigjson
|
||||||
data:
|
data:
|
||||||
dockerconfigjson: {{ $dockerAuth }}
|
dockerconfigjson: {{ $dockerAuth }}
|
||||||
@ -87,6 +70,8 @@ apiVersion: v1
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $secretName }}
|
name: {{ $secretName }}
|
||||||
|
annotations:
|
||||||
|
{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
|
||||||
type: kubernetes.io/dockerconfigjson
|
type: kubernetes.io/dockerconfigjson
|
||||||
data:
|
data:
|
||||||
.dockerconfigjson: {{ $dockerAuth }}
|
.dockerconfigjson: {{ $dockerAuth }}
|
||||||
|
@ -17,6 +17,11 @@ abstract: |
|
|||||||
Creates a manifest for a services public tls secret
|
Creates a manifest for a services public tls secret
|
||||||
examples:
|
examples:
|
||||||
- values: |
|
- values: |
|
||||||
|
annotations:
|
||||||
|
secret:
|
||||||
|
tls:
|
||||||
|
key_manager_api_public:
|
||||||
|
custom.tld/key: "value"
|
||||||
secrets:
|
secrets:
|
||||||
tls:
|
tls:
|
||||||
key_manager:
|
key_manager:
|
||||||
@ -41,6 +46,8 @@ examples:
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: barbican-tls-public
|
name: barbican-tls-public
|
||||||
|
annotations:
|
||||||
|
custom.tld/key: "value"
|
||||||
type: kubernetes.io/tls
|
type: kubernetes.io/tls
|
||||||
data:
|
data:
|
||||||
tls.key: Rk9PLUtFWQo=
|
tls.key: Rk9PLUtFWQo=
|
||||||
@ -88,11 +95,15 @@ examples:
|
|||||||
{{- if kindIs "map" $endpointHost }}
|
{{- if kindIs "map" $endpointHost }}
|
||||||
{{- if hasKey $endpointHost "tls" }}
|
{{- if hasKey $endpointHost "tls" }}
|
||||||
{{- if and $endpointHost.tls.key $endpointHost.tls.crt }}
|
{{- if and $endpointHost.tls.key $endpointHost.tls.crt }}
|
||||||
|
|
||||||
|
{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
|
name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
|
||||||
|
annotations:
|
||||||
|
{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
|
||||||
type: kubernetes.io/tls
|
type: kubernetes.io/tls
|
||||||
data:
|
data:
|
||||||
tls.key: {{ $endpointHost.tls.key | b64enc }}
|
tls.key: {{ $endpointHost.tls.key | b64enc }}
|
||||||
|
@ -63,7 +63,7 @@ examples:
|
|||||||
|
|
||||||
{{- define "helm-toolkit.snippets.custom_secret_annotations" -}}
|
{{- define "helm-toolkit.snippets.custom_secret_annotations" -}}
|
||||||
{{- $secretType := index . 0 -}}
|
{{- $secretType := index . 0 -}}
|
||||||
{{- $userClass := index . 1 -}}
|
{{- $userClass := index . 1 | replace "-" "_" -}}
|
||||||
{{- $envAll := index . 2 -}}
|
{{- $envAll := index . 2 -}}
|
||||||
{{- if (hasKey $envAll.Values "annotations") -}}
|
{{- if (hasKey $envAll.Values "annotations") -}}
|
||||||
{{- if (hasKey $envAll.Values.annotations "secret") -}}
|
{{- if (hasKey $envAll.Values.annotations "secret") -}}
|
||||||
|
@ -70,4 +70,5 @@ helm-toolkit:
|
|||||||
- 0.2.61 Add custom pod annotations snippet
|
- 0.2.61 Add custom pod annotations snippet
|
||||||
- 0.2.62 Add custom secret annotations snippet
|
- 0.2.62 Add custom secret annotations snippet
|
||||||
- 0.2.63 Add custom job annotations snippet and wire it into job templates
|
- 0.2.63 Add custom job annotations snippet and wire it into job templates
|
||||||
|
- 0.2.64 Use custom secret annotations snippet in other secret templates
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user