Enable Extra Volumes in Jobs

Author: bmarick

CHANGELOG.md

@@ -10,6 +10,7 @@
 * Add ability to create custom labels for service account.(#327)(by @SuganJoe)
 * Fix bug that would not set the appropriate redis connection string when using `redis.password` and `redis.usePassword` (#325) (by @rebrowning)
 * New Feature: Add `existingConfigSecret`.  If this is defined, the `st2.secrets.conf` key within this secret will be written as /etc/st2/st2.secrets.conf and added to the end of the command line arguments of all pods. (#289) (by @eric-al/@ericreeves)
+* New Feature: Add `extra_volumes` to all python-based st2 jobs. (by @bmarick)
 
 ## v0.100.0
 * Switch st2 to `v3.7` as a new default stable version (#274)

templates/jobs.yaml

@@ -58,6 +58,10 @@ spec:
           mountPath: /opt/stackstorm/rbac/assignments/
         - name: st2-rbac-mappings-vol
           mountPath: /opt/stackstorm/rbac/mappings/
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
         # TODO: Find out default resource limits for this specific service (#5)
         #resources:
       volumes:
@@ -71,6 +75,10 @@ spec:
         - name: st2-rbac-mappings-vol
           configMap:
             name: {{ .Release.Name }}-st2-rbac-mappings
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'volume' definition in jobs.extra_volumes" .volume | toYaml) $ | nindent 10 }}
+        {{- end }}
       restartPolicy: OnFailure
     {{- if .Values.dnsPolicy }}
       dnsPolicy: {{ .Values.dnsPolicy }}
@@ -156,6 +164,10 @@ spec:
         volumeMounts:
         - name: st2client-config-vol
           mountPath: /root/.st2/
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
         # `st2 login` doesn't exit on failure correctly, use old methods instead. See bug: https://github.com/StackStorm/st2/issues/4338
         command:
           - 'sh'
@@ -192,6 +204,10 @@ spec:
         - name: st2-apikeys-vol
           mountPath: /etc/st2/apikeys.yaml
           subPath: apikeys.yaml
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
         # TODO: Find out default resource limits for this specific service (#5)
         #resources:
       volumes:
@@ -201,6 +217,10 @@ spec:
         - name: st2-apikeys-vol
           secret:
             secretName: {{ .Release.Name }}-st2-apikeys
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'volume' definition in jobs.extra_volumes" .volume | toYaml) $ | nindent 10 }}
+        {{- end }}
       restartPolicy: OnFailure
     {{- if .Values.dnsPolicy }}
       dnsPolicy: {{ .Values.dnsPolicy }}
@@ -274,6 +294,10 @@ spec:
         volumeMounts:
         - name: st2client-config-vol
           mountPath: /root/.st2/
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
         # `st2 login` doesn't exit on failure correctly, use old methods instead. See bug: https://github.com/StackStorm/st2/issues/4338
         command:
           - 'sh'
@@ -312,6 +336,10 @@ spec:
         - name: st2-kv-vol
           mountPath: /etc/st2/st2kv.yaml
           subPath: st2kv.yaml
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
         # TODO: Find out default resource limits for this specific service (#5)
         #resources:
       volumes:
@@ -322,6 +350,10 @@ spec:
         - name: st2-kv-vol
           secret:
             secretName: {{ .Release.Name }}-st2-kv
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
       restartPolicy: OnFailure
     {{- if .Values.dnsPolicy }}
       dnsPolicy: {{ .Values.dnsPolicy }}
@@ -396,6 +428,10 @@ spec:
         {{- include "stackstorm-ha.st2-config-volume-mounts" . | nindent 8 }}
         {{- include "stackstorm-ha.pack-configs-volume-mount" . | nindent 8 }}
         {{- include "stackstorm-ha.packs-volume-mounts-for-register-job" . | nindent 8 }}
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
       {{ end }}
       containers:
       - name: st2-register-content
@@ -424,13 +460,21 @@ spec:
         {{- include "stackstorm-ha.st2-config-volume-mounts" . | nindent 8 }}
         {{- include "stackstorm-ha.packs-volume-mounts-for-register-job" . | nindent 8 }}
         {{- include "stackstorm-ha.pack-configs-volume-mount" . | nindent 8 }}
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
         # TODO: Find out default resource limits for this specific service (#5)
         #resources:
       volumes:
         {{- include "stackstorm-ha.overrides-configs" . | nindent 8 }}
         {{- include "stackstorm-ha.st2-config-volume" . | nindent 8 }}
         {{- include "stackstorm-ha.packs-volumes" . | nindent 8 }}
         {{- include "stackstorm-ha.pack-configs-volume" . | nindent 8 }}
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
       restartPolicy: OnFailure
     {{- if .Values.dnsPolicy }}
       dnsPolicy: {{ .Values.dnsPolicy }}
@@ -511,6 +555,10 @@ spec:
         volumeMounts:
         - name: st2client-config-vol
           mountPath: /root/.st2/
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
         # `st2 login` doesn't exit on failure correctly, use old methods instead. See bug: https://github.com/StackStorm/st2/issues/4338
         command:
           - 'sh'
@@ -548,6 +596,10 @@ spec:
         {{- include "stackstorm-ha.st2-config-volume-mounts" $ | nindent 8 }}
         {{- include "stackstorm-ha.packs-volume-mounts-for-register-job" $ | nindent 8 }}
         {{- include "stackstorm-ha.pack-configs-volume-mount" $ | nindent 8 }}
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
         {{- if .resources }}
         resources: {{- toYaml .resources | nindent 10 }}
         {{- end }}
@@ -559,6 +611,10 @@ spec:
         {{- include "stackstorm-ha.st2-config-volume" $ | nindent 8 }}
         {{- include "stackstorm-ha.packs-volumes" $ | nindent 8 }}
         {{- include "stackstorm-ha.pack-configs-volume" $ | nindent 8 }}
+        {{- range .Values.jobs.extra_volumes }}
+        - name: {{ required "Each volume must have a 'name' in jobs.extra_volumes" .name }}
+          {{- tpl (required "Each volume must have a 'mount' definition in jobs.extra_volumes" .mount | toYaml) $ | nindent 10 }}
+        {{- end }}
       restartPolicy: OnFailure
     {{- if $.Values.dnsPolicy }}
       dnsPolicy: {{ $.Values.dnsPolicy }}

values.yaml

@@ -88,7 +88,7 @@ st2:
 
 
   # Custom StackStorm config (st2.secrets.conf) which will be created from the key 'st2.secrets.conf' within this secret.
-  # If this is defined, '--config-file=/etc/st2/st2.secrets.conf' will be added to the end of the command line arguments 
+  # If this is defined, '--config-file=/etc/st2/st2.secrets.conf' will be added to the end of the command line arguments
   # for all pods, superseding all other configuration values.
   # This secret must be populated outside of this chart.
   # existingConfigSecret: stackstorm-config-secret
@@ -919,6 +919,10 @@ jobs:
   # HTTP_PROXY: http://proxy:1234
   ## These named secrets (managed outside this chart) will be added to envFrom.
   envFromSecrets: []
+  # mount extra volumes on the st2web pod(s) (primarily useful for k8s-provisioned secrets)
+  ## Note that Helm templating is supported in 'mount' and 'volume'
+  extra_volumes: []
+    # see examples under st2actionrunner.extra_volumes
   #
   # Advanced controls to skip creating jobs.
   # This is useful in targeted upgrades with `--set`. Do not set this in values files.