diff --git a/templates/csi-daemonset.yaml b/templates/csi-daemonset.yaml index 4a1c17d..10a0d63 100644 --- a/templates/csi-daemonset.yaml +++ b/templates/csi-daemonset.yaml @@ -42,10 +42,8 @@ spec: - name: mountpoint-dir mountPath: /var/lib/kubelet/pods mountPropagation: HostToContainer - {{- range .Values.csi.extraVolumes }} - - name: userconfig-{{ .name }} - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - readOnly: true + {{- if .Values.csi.volumeMounts }} + {{- toYaml .Values.csi.volumeMounts | nindent 12}} {{- end }} livenessProbe: httpGet: @@ -72,14 +70,7 @@ spec: - name: mountpoint-dir hostPath: path: /var/lib/kubelet/pods - {{- range .Values.csi.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} + {{- if .Values.csi.volumes }} + {{- toYaml .Values.csi.volumes | nindent 8}} + {{- end }} {{- end }} diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats index dec29c9..31540fb 100644 --- a/test/unit/csi-daemonset.bats +++ b/test/unit/csi-daemonset.bats @@ -167,82 +167,48 @@ load _helpers } #-------------------------------------------------------------------- -# extraVolumes +# volumes -@test "csi/daemonset: csi.extraVolumes adds extra volume" { +@test "csi/daemonset: csi.volumes adds volume" { cd `chart_dir` # Test that it defines it local object=$(helm template \ --show-only templates/csi-daemonset.yaml \ --set 'csi.enabled=true' \ - --set 'csi.extraVolumes[0].type=configMap' \ - --set 'csi.extraVolumes[0].name=foo' \ + --set 'csi.volumes[0].name=plugins' \ + --set 'csi.volumes[0].emptyDir=\{\}' \ . | tee /dev/stderr | - yq -r '.spec.template.spec.volumes[] | select(.name == "userconfig-foo")' | tee /dev/stderr) + yq -r '.spec.template.spec.volumes[] | select(.name == "plugins")' | tee /dev/stderr) local actual=$(echo $object | - yq -r '.configMap.name' | tee /dev/stderr) - [ "${actual}" = "foo" ] - - local actual=$(echo $object | - yq -r '.configMap.secretName' | tee /dev/stderr) - [ "${actual}" = "null" ] - - # Test that it mounts it - local object=$(helm template \ - --show-only templates/csi-daemonset.yaml \ - --set 'csi.enabled=true' \ - --set 'csi.extraVolumes[0].type=configMap' \ - --set 'csi.extraVolumes[0].name=foo' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "userconfig-foo")' | tee /dev/stderr) - - local actual=$(echo $object | - yq -r '.readOnly' | tee /dev/stderr) - [ "${actual}" = "true" ] - - local actual=$(echo $object | - yq -r '.mountPath' | tee /dev/stderr) - [ "${actual}" = "/vault/userconfig/foo" ] + yq -r '.emptyDir' | tee /dev/stderr) + [ "${actual}" = "{}" ] } -@test "csi/daemonset: csi.extraVolumes adds extra secret volume" { +#-------------------------------------------------------------------- +# volumeMounts + +@test "csi/daemonset: csi.volumeMounts adds volume mounts" { cd `chart_dir` # Test that it defines it local object=$(helm template \ --show-only templates/csi-daemonset.yaml \ --set 'csi.enabled=true' \ - --set 'csi.extraVolumes[0].type=secret' \ - --set 'csi.extraVolumes[0].name=foo' \ + --set 'csi.volumeMounts[0].name=plugins' \ + --set 'csi.volumeMounts[0].mountPath=/usr/local/libexec/vault' \ + --set 'csi.volumeMounts[0].readOnly=true' \ . | tee /dev/stderr | - yq -r '.spec.template.spec.volumes[] | select(.name == "userconfig-foo")' | tee /dev/stderr) + yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "plugins")' | tee /dev/stderr) local actual=$(echo $object | - yq -r '.secret.name' | tee /dev/stderr) - [ "${actual}" = "null" ] - - local actual=$(echo $object | - yq -r '.secret.secretName' | tee /dev/stderr) - [ "${actual}" = "foo" ] - - # Test that it mounts it - local object=$(helm template \ - --show-only templates/csi-daemonset.yaml \ - --set 'csi.enabled=true' \ - --set 'csi.extraVolumes[0].type=configMap' \ - --set 'csi.extraVolumes[0].name=foo' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "userconfig-foo")' | tee /dev/stderr) + yq -r '.mountPath' | tee /dev/stderr) + [ "${actual}" = "/usr/local/libexec/vault" ] local actual=$(echo $object | yq -r '.readOnly' | tee /dev/stderr) [ "${actual}" = "true" ] - - local actual=$(echo $object | - yq -r '.mountPath' | tee /dev/stderr) - [ "${actual}" = "/vault/userconfig/foo" ] } #-------------------------------------------------------------------- diff --git a/values.yaml b/values.yaml index fe4f6d1..80c7805 100644 --- a/values.yaml +++ b/values.yaml @@ -320,6 +320,7 @@ server: # secretName: vault # secretKey: AWS_SECRET_ACCESS_KEY + # Deprecated: please use 'volumes' instead. # extraVolumes is a list of extra volumes to mount. These will be exposed # to Vault in the path `/vault/userconfig//`. The value below is # an array of objects, examples are shown below. @@ -656,13 +657,21 @@ csi: tag: "0.1.0" pullPolicy: IfNotPresent - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` + # volumes is a list of volumes made available to all containers. These are rendered + # via toYaml rather than pre-processed like the extraVolumes value. + # The purpose is to make it easy to share volumes between containers. + volumes: null + # - name: tls + # secret: + # secretName: vault-tls + + # volumeMounts is a list of volumeMounts for the main server container. These are rendered + # via toYaml rather than pre-processed like the extraVolumes value. + # The purpose is to make it easy to share volumes between containers. + volumeMounts: null + # - name: tls + # mountPath: "/vault/tls" + # readOnly: true resources: {} # resources: