Merge pull request #148 from rahulshinde26/master

mounting datastore_crypto_key for scheduler deployment

Author: arm4b

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## In Development
+* Fix a bug when datastore encrypted keys didn't work in scheduled rules. datastore_crypto_key is now shared with the ``st2scheduler`` pods (#148) (by @rahulshinde26)
+
 ## v0.31.0
 * Fix chart compatibility with Helm versions >= `2.16.8` by downgrading `mongodb-replicaset` from `3.14.0` to `3.12.0` (#137) (by @AbhyudayaSharma)
 * Allow injection of datastore key in cluster (#115) (by @AngryDeveloper)

templates/deployments.yaml

@@ -707,6 +707,7 @@ spec:
         heritage: {{ .Release.Service }}
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }}
+        checksum/datastore-key: {{ include (print $.Template.BasePath "/secrets_datastore_crypto_key.yaml") . | sha256sum }}
     spec:
       {{- if .Values.enterprise.enabled }}
       imagePullSecrets:
@@ -729,12 +730,25 @@ spec:
         - name: st2-config-vol
           mountPath: /etc/st2/st2.user.conf
           subPath: st2.user.conf
+        {{- if .Values.secrets.st2.datastore_crypto_key }}
+        - name: st2-encryption-key-vol
+          mountPath: /etc/st2/keys
+          readOnly: true
+        {{- end }}
         resources:
 {{ toYaml .Values.st2scheduler.resources | indent 10 }}
     {{- if .Values.st2scheduler.serviceAccount.attach }}
       serviceAccountName: {{ template "stackstorm-ha.serviceAccountName" . }}
     {{- end }}
       volumes:
+        {{- if .Values.secrets.st2.datastore_crypto_key }}
+        - name: st2-encryption-key-vol
+          secret:
+            secretName: {{ .Release.Name }}-st2-datastore-crypto-key
+            items:
+            - key: datastore_crypto_key
+              path: datastore_key.json
+        {{- end }}
         - name: st2-config-vol
           configMap:
             name: {{ .Release.Name }}-st2-config