Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add volumes and mounts support for CSI (#479)

Browse source 
* Remove extraVolumes from CSI, add volumes and mounts

* Add better example
This commit is contained in:
Jason O'Donnell 2021-03-25 10:21:21 -04:00 committed by GitHub
parent f75b19f068
commit 7fd6959cdc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 38 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
templates/csi-daemonset.yaml
View file

@ -42,10 +42,8 @@ spec:
- name: mountpoint-dir - name: mountpoint-dir
mountPath: /var/lib/kubelet/pods mountPath: /var/lib/kubelet/pods
mountPropagation: HostToContainer mountPropagation: HostToContainer
{{- range .Values.csi.extraVolumes }} {{- if .Values.csi.volumeMounts }}
- name: userconfig-{{ .name }} {{- toYaml .Values.csi.volumeMounts | nindent 12}}
mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
readOnly: true
{{- end }} {{- end }}
livenessProbe: livenessProbe:
httpGet: httpGet:
@ -72,14 +70,7 @@ spec:
- name: mountpoint-dir - name: mountpoint-dir
hostPath: hostPath:
path: /var/lib/kubelet/pods path: /var/lib/kubelet/pods
{{- range .Values.csi.extraVolumes }} {{- if .Values.csi.volumes }}
- name: userconfig-{{ .name }} {{- toYaml .Values.csi.volumes | nindent 8}}
{{ .type }}: {{- end }}
{{- if (eq .type "configMap") }}
name: {{ .name }}
{{- else if (eq .type "secret") }}
secretName: {{ .name }}
{{- end }}
defaultMode: {{ .defaultMode | default 420 }}
{{- end }}
{{- end }} {{- end }}

68
test/unit/csi-daemonset.bats
View file

@ -167,82 +167,48 @@ load _helpers
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------
# extraVolumes # volumes
@test "csi/daemonset: csi.extraVolumes adds extra volume" { @test "csi/daemonset: csi.volumes adds volume" {
cd `chart_dir` cd `chart_dir`
# Test that it defines it # Test that it defines it
local object=$(helm template \ local object=$(helm template \
--show-only templates/csi-daemonset.yaml \ --show-only templates/csi-daemonset.yaml \
--set 'csi.enabled=true' \ --set 'csi.enabled=true' \
--set 'csi.extraVolumes[0].type=configMap' \ --set 'csi.volumes[0].name=plugins' \
--set 'csi.extraVolumes[0].name=foo' \ --set 'csi.volumes[0].emptyDir=\{\}' \
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.volumes[] | select(.name == "userconfig-foo")' | tee /dev/stderr) yq -r '.spec.template.spec.volumes[] | select(.name == "plugins")' | tee /dev/stderr)
local actual=$(echo $object | local actual=$(echo $object |
yq -r '.configMap.name' | tee /dev/stderr) yq -r '.emptyDir' | tee /dev/stderr)
[ "${actual}" = "foo" ] [ "${actual}" = "{}" ]
local actual=$(echo $object |
yq -r '.configMap.secretName' | tee /dev/stderr)
[ "${actual}" = "null" ]
# Test that it mounts it
local object=$(helm template \
--show-only templates/csi-daemonset.yaml \
--set 'csi.enabled=true' \
--set 'csi.extraVolumes[0].type=configMap' \
--set 'csi.extraVolumes[0].name=foo' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "userconfig-foo")' | tee /dev/stderr)
local actual=$(echo $object |
yq -r '.readOnly' | tee /dev/stderr)
[ "${actual}" = "true" ]
local actual=$(echo $object |
yq -r '.mountPath' | tee /dev/stderr)
[ "${actual}" = "/vault/userconfig/foo" ]
} }
@test "csi/daemonset: csi.extraVolumes adds extra secret volume" { #--------------------------------------------------------------------
# volumeMounts
@test "csi/daemonset: csi.volumeMounts adds volume mounts" {
cd `chart_dir` cd `chart_dir`
# Test that it defines it # Test that it defines it
local object=$(helm template \ local object=$(helm template \
--show-only templates/csi-daemonset.yaml \ --show-only templates/csi-daemonset.yaml \
--set 'csi.enabled=true' \ --set 'csi.enabled=true' \
--set 'csi.extraVolumes[0].type=secret' \ --set 'csi.volumeMounts[0].name=plugins' \
--set 'csi.extraVolumes[0].name=foo' \ --set 'csi.volumeMounts[0].mountPath=/usr/local/libexec/vault' \
--set 'csi.volumeMounts[0].readOnly=true' \
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.volumes[] | select(.name == "userconfig-foo")' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "plugins")' | tee /dev/stderr)
local actual=$(echo $object | local actual=$(echo $object |
yq -r '.secret.name' | tee /dev/stderr) yq -r '.mountPath' | tee /dev/stderr)
[ "${actual}" = "null" ] [ "${actual}" = "/usr/local/libexec/vault" ]
local actual=$(echo $object |
yq -r '.secret.secretName' | tee /dev/stderr)
[ "${actual}" = "foo" ]
# Test that it mounts it
local object=$(helm template \
--show-only templates/csi-daemonset.yaml \
--set 'csi.enabled=true' \
--set 'csi.extraVolumes[0].type=configMap' \
--set 'csi.extraVolumes[0].name=foo' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "userconfig-foo")' | tee /dev/stderr)
local actual=$(echo $object | local actual=$(echo $object |
yq -r '.readOnly' | tee /dev/stderr) yq -r '.readOnly' | tee /dev/stderr)
[ "${actual}" = "true" ] [ "${actual}" = "true" ]
local actual=$(echo $object |
yq -r '.mountPath' | tee /dev/stderr)
[ "${actual}" = "/vault/userconfig/foo" ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------

23
values.yaml
View file

@ -320,6 +320,7 @@ server:
# secretName: vault # secretName: vault
# secretKey: AWS_SECRET_ACCESS_KEY # secretKey: AWS_SECRET_ACCESS_KEY
# Deprecated: please use 'volumes' instead.
# extraVolumes is a list of extra volumes to mount. These will be exposed # extraVolumes is a list of extra volumes to mount. These will be exposed
# to Vault in the path `/vault/userconfig/<name>/`. The value below is # to Vault in the path `/vault/userconfig/<name>/`. The value below is
# an array of objects, examples are shown below. # an array of objects, examples are shown below.
@ -656,13 +657,21 @@ csi:
tag: "0.1.0" tag: "0.1.0"
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# extraVolumes is a list of extra volumes to mount. These will be exposed # volumes is a list of volumes made available to all containers. These are rendered
# to Vault in the path `/vault/userconfig/<name>/`. The value below is # via toYaml rather than pre-processed like the extraVolumes value.
# an array of objects, examples are shown below. # The purpose is to make it easy to share volumes between containers.
extraVolumes: [] volumes: null
# - type: secret (or "configMap") # - name: tls
# name: my-secret # secret:
# path: null # default is `/vault/userconfig` # secretName: vault-tls
# volumeMounts is a list of volumeMounts for the main server container. These are rendered
# via toYaml rather than pre-processed like the extraVolumes value.
# The purpose is to make it easy to share volumes between containers.
volumeMounts: null
# - name: tls
# mountPath: "/vault/tls"
# readOnly: true
resources: {} resources: {}
# resources: # resources: