feat(helm): add possibility to extend secrets for cp in helm charts w…

…hen reusing kuma charts (#6883) Signed-off-by: Marcin Skalski <marcin.skalski@konghq.com>
kumahq · Jun 1, 2023 · c918368 · c918368
1 parent db0897b
commit c918368
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/deployments/charts/kuma/templates/_helpers.tpl b/deployments/charts/kuma/templates/_helpers.tpl
@@ -172,6 +172,9 @@ returns: formatted image string
 {{- define "kuma.parentEnv" -}}
 {{- end -}}
 
+{{- define "kuma.parentSecrets" -}}
+{{- end -}}
+
 {{- define "kuma.defaultEnv" -}}
 {{ if (and (eq .Values.controlPlane.environment "universal") (not (eq .Values.controlPlane.mode "global"))) }}
   {{ fail "Currently you can only run universal mode on kubernetes in a global mode, this limitation might be lifted in the future" }}

diff --git a/deployments/charts/kuma/templates/cp-deployment.yaml b/deployments/charts/kuma/templates/cp-deployment.yaml
@@ -25,6 +25,9 @@
 {{- end }}
 {{- $envVarsCopy := deepCopy .Values.controlPlane.envVars }}
 {{- $mergedEnv := merge $envVarsCopy $defaultEnvDict }}
+{{- $defaultSecrets := include "kuma.parentSecrets" . | fromYaml }}
+{{- $extraSecrets := .Values.controlPlane.extraSecrets }}
+{{- $mergedSecrets := merge $extraSecrets $defaultSecrets }}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -241,10 +244,11 @@ spec:
               mountPath: {{ $extraConfigMap.mountPath }}
               readOnly: {{ $extraConfigMap.readOnly }}
           {{- end }}
-          {{- range $extraSecret := .Values.controlPlane.extraSecrets }}
-            - name: {{ $extraSecret.name }}
-              mountPath: {{ $extraSecret.mountPath }}
-              readOnly: {{ $extraSecret.readOnly }}
+          {{- range $mergedSecret := $mergedSecrets }}
+            - name: {{ $mergedSecret.name }}
+              mountPath: {{ $mergedSecret.mountPath }}
+              subPath: {{ $mergedSecret.subPath }}
+              readOnly: {{ $mergedSecret.readOnly }}
           {{- end }}
             - name: tmp
               mountPath: /tmp
@@ -323,10 +327,10 @@ spec:
           configMap:
             name: {{ $extraConfigMap.name }}
         {{- end }}
-        {{- range $extraSecret := .Values.controlPlane.extraSecrets }}
-        - name: {{ $extraSecret.name }}
+        {{- range $mergedSecret := $mergedSecrets }}
+        - name: {{ $mergedSecret.name }}
           secret:
-            secretName: {{ $extraSecret.name }}
+            secretName: {{ $mergedSecret.name }}
         {{- end }}
         - name: tmp
           emptyDir: {}