Merge "Fluentd: Add support for arbitrary secret env variables"
This commit is contained in:
commit
3af64d1111
@ -157,8 +157,11 @@ spec:
|
||||
value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
|
||||
- name: KAFKA_BROKER
|
||||
value: {{ $kafkaBrokerURI }}
|
||||
{{- if .Values.pod.env.fluentd }}
|
||||
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.pod.env.fluentd | indent 12 }}
|
||||
{{- if .Values.pod.env.fluentd.vars }}
|
||||
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.pod.env.fluentd.vars | indent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.pod.env.fluentd.secrets }}
|
||||
{{ tuple $envAll .Values.pod.env.fluentd.secrets | include "helm-toolkit.utils.to_k8s_env_secret_vars" | indent 12 }}
|
||||
{{- end }}
|
||||
- name: ELASTICSEARCH_USERNAME
|
||||
valueFrom:
|
||||
@ -216,6 +219,12 @@ spec:
|
||||
{{- end }}
|
||||
- name: pod-etc-fluentd
|
||||
emptyDir: {}
|
||||
{{ if and (.Values.manifests.secret_fluentd_env) (.Values.pod.env.fluentd.secrets) }}
|
||||
- name: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }}
|
||||
secret:
|
||||
secretName: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }}
|
||||
defaultMode: 0444
|
||||
{{- end }}
|
||||
- name: fluentd-etc
|
||||
secret:
|
||||
secretName: {{ printf "%s-%s" $envAll.Release.Name "fluentd-etc" | quote }}
|
||||
|
29
fluentd/templates/secret-fluentd.yaml
Normal file
29
fluentd/templates/secret-fluentd.yaml
Normal file
@ -0,0 +1,29 @@
|
||||
{{/*
|
||||
Copyright 2019 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and (.Values.manifests.secret_fluentd_env) (.Values.pod.env.fluentd.secrets) }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{ range $key, $value := .Values.pod.env.fluentd.secrets }}
|
||||
{{$key | upper}}: {{ $value | b64enc }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -407,7 +407,9 @@ network_policy:
|
||||
|
||||
pod:
|
||||
env:
|
||||
fluentd: null
|
||||
fluentd:
|
||||
vars: null
|
||||
secrets: null
|
||||
tolerations:
|
||||
fluentd:
|
||||
enabled: false
|
||||
@ -489,5 +491,6 @@ manifests:
|
||||
service_exporter: true
|
||||
network_policy: false
|
||||
secret_elasticsearch: true
|
||||
secret_fluentd_env: true
|
||||
secret_kafka: false
|
||||
service_fluentd: true
|
||||
|
48
helm-toolkit/templates/utils/_to_k8s_env_secret_vars.tpl
Normal file
48
helm-toolkit/templates/utils/_to_k8s_env_secret_vars.tpl
Normal file
@ -0,0 +1,48 @@
|
||||
{{/*
|
||||
Copyright 2019 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{/*
|
||||
abstract: |
|
||||
Returns yaml formatted to be used in k8s templates as container
|
||||
env vars injected via secrets. This requires a secret-<chartname> template to
|
||||
be defined in the chart that can be used to house the desired secret
|
||||
variables. For reference, see the fluentd chart.
|
||||
values: |
|
||||
test:
|
||||
secrets:
|
||||
foo: bar
|
||||
|
||||
usage: |
|
||||
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.test }}
|
||||
return: |
|
||||
- name: foo
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "my-release-name-env-secret"
|
||||
key: foo
|
||||
*/}}
|
||||
|
||||
{{- define "helm-toolkit.utils.to_k8s_env_secret_vars" -}}
|
||||
{{- $context := index . 0 -}}
|
||||
{{- $secrets := index . 1 -}}
|
||||
{{ range $key, $config := $secrets -}}
|
||||
- name: {{ $key }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ printf "%s-%s" $context.Release.Name "env-secret" | quote }}
|
||||
key: {{ $key }}
|
||||
{{ end -}}
|
||||
{{- end -}}
|
@ -31,11 +31,16 @@ monitoring:
|
||||
prometheus:
|
||||
enabled: true
|
||||
pod:
|
||||
env:
|
||||
fluentd:
|
||||
vars:
|
||||
MY_TEST_VAR: FOO
|
||||
secrets:
|
||||
MY_TEST_SECRET: BAR
|
||||
security_context:
|
||||
fluentd:
|
||||
pod:
|
||||
runAsUser: 0
|
||||
|
||||
deployment:
|
||||
type: DaemonSet
|
||||
conf:
|
||||
|
Loading…
x
Reference in New Issue
Block a user