From 94e8ba2c937e9fe8cc2157ef266ab22d07f947a3 Mon Sep 17 00:00:00 2001 From: Dom Goodwin Date: Thu, 23 Apr 2020 17:22:27 +0100 Subject: [PATCH 1/2] Add ability to set the file permissions when mounting a secret --- elasticsearch/templates/statefulset.yaml | 3 +++ elasticsearch/values.yaml | 1 + 2 files changed, 4 insertions(+) diff --git a/elasticsearch/templates/statefulset.yaml b/elasticsearch/templates/statefulset.yaml index 5297aac25..d40802bbd 100644 --- a/elasticsearch/templates/statefulset.yaml +++ b/elasticsearch/templates/statefulset.yaml @@ -113,6 +113,9 @@ spec: - name: {{ .name }} secret: secretName: {{ .secretName }} + {{- if .defaultMode }} + defaultMode: {{ .defaultMode }} + {{- end }} {{- end }} {{- if .Values.esConfig }} - name: esconfig diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 888d14f51..a197c450f 100755 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -48,6 +48,7 @@ secretMounts: [] # - name: elastic-certificates # secretName: elastic-certificates # path: /usr/share/elasticsearch/config/certs +# defaultMode: 0755 image: "docker.elastic.co/elasticsearch/elasticsearch" imageTag: "7.6.2" From 8a48458141728449a0d2e74bca485ff4e00e649d Mon Sep 17 00:00:00 2001 From: Dom Goodwin Date: Thu, 23 Apr 2020 17:24:43 +0100 Subject: [PATCH 2/2] Added test for defaultMode on secret mount --- elasticsearch/tests/elasticsearch_test.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index 82e5d279b..87b598e0d 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -514,6 +514,24 @@ def test_adding_a_secret_mount_with_subpath(): } +def test_adding_a_secret_mount_with_default_mode(): + config = """ +secretMounts: + - name: elastic-certificates + secretName: elastic-certs + path: /usr/share/elasticsearch/config/certs + subPath: cert.crt + defaultMode: 0755 +""" + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + assert s["containers"][0]["volumeMounts"][-1] == { + "mountPath": "/usr/share/elasticsearch/config/certs", + "subPath": "cert.crt", + "name": "elastic-certificates", + } + + def test_adding_image_pull_secrets(): config = """ imagePullSecrets: