@@ -204,9 +204,11 @@ spec:
204204 name : {{ .Release.Name }}-st2-urls
205205 volumeMounts :
206206 {{- include "st2-config-volume-mounts" . | nindent 8 }}
207+ {{- if .Values.st2.datastore_crypto_key }}
207208 - name : st2-encryption-key-vol
208209 mountPath : /etc/st2/keys
209210 readOnly : true
211+ {{- end }}
210212 {{- include "packs-volume-mounts" . | nindent 8 }}
211213 {{- if .Values.st2.packs.volumes.enabled }}
212214 {{- include "pack-configs-volume-mount" . | nindent 8 }}
@@ -226,12 +228,14 @@ spec:
226228 serviceAccountName : {{ template "stackstorm-ha.serviceAccountName" . }}
227229 {{- end }}
228230 volumes :
231+ {{- if .Values.st2.datastore_crypto_key }}
229232 - name : st2-encryption-key-vol
230233 secret :
231234 secretName : {{ .Release.Name }}-st2-datastore-crypto-key
232235 items :
233236 - key : datastore_crypto_key
234237 path : datastore_key.json
238+ {{- end }}
235239 {{- include "st2-config-volume" . | nindent 8 }}
236240 {{- include "packs-volumes" . | nindent 8 }}
237241 {{- if .Values.st2.packs.volumes.enabled }}
@@ -561,9 +565,11 @@ spec:
561565 name : {{ .Release.Name }}-st2-urls
562566 volumeMounts :
563567 {{- include "st2-config-volume-mounts" . | nindent 8 }}
568+ {{- if .Values.st2.datastore_crypto_key }}
564569 - name : st2-encryption-key-vol
565570 mountPath : /etc/st2/keys
566571 readOnly : true
572+ {{- end }}
567573 {{- if .Values.st2rulesengine.postStartScript }}
568574 - name : st2-post-start-script-vol
569575 mountPath : /post-start.sh
@@ -580,12 +586,14 @@ spec:
580586 {{- end }}
581587 volumes :
582588 {{- include "st2-config-volume" . | nindent 8 }}
589+ {{- if .Values.st2.datastore_crypto_key }}
583590 - name : st2-encryption-key-vol
584591 secret :
585592 secretName : {{ .Release.Name }}-st2-datastore-crypto-key
586593 items :
587594 - key : datastore_crypto_key
588595 path : datastore_key.json
596+ {{- end }}
589597 {{- if .Values.st2rulesengine.postStartScript }}
590598 - name : st2-post-start-script-vol
591599 configMap :
@@ -772,9 +780,11 @@ spec:
772780 name : {{ .Release.Name }}-st2-urls
773781 volumeMounts :
774782 {{- include "st2-config-volume-mounts" . | nindent 8 }}
783+ {{- if .Values.st2.datastore_crypto_key }}
775784 - name : st2-encryption-key-vol
776785 mountPath : /etc/st2/keys
777786 readOnly : true
787+ {{- end }}
778788 {{- range .Values.st2workflowengine.extra_volumes }}
779789 - name : {{ required "Each volume must have a 'name' in st2workflowengine.extra_volumes" .name }}
780790 {{- tpl (required "Each volume must have a 'mount' definition in st2workflowengine.extra_volumes" .mount | toYaml) $ | nindent 10 }}
@@ -795,12 +805,14 @@ spec:
795805 {{- end }}
796806 volumes :
797807 {{- include "st2-config-volume" . | nindent 8 }}
808+ {{- if .Values.st2.datastore_crypto_key }}
798809 - name : st2-encryption-key-vol
799810 secret :
800811 secretName : {{ .Release.Name }}-st2-datastore-crypto-key
801812 items :
802813 - key : datastore_crypto_key
803814 path : datastore_key.json
815+ {{- end }}
804816 {{- range .Values.st2workflowengine.extra_volumes }}
805817 - name : {{ required "Each volume must have a 'name' in st2workflowengine.extra_volumes" .name }}
806818 {{- tpl (required "Each volume must have a 'volume' definition in st2workflowengine.extra_volumes" .volume | toYaml) $ | nindent 10 }}
@@ -889,9 +901,11 @@ spec:
889901 name : {{ .Release.Name }}-st2-urls
890902 volumeMounts :
891903 {{- include "st2-config-volume-mounts" . | nindent 8 }}
904+ {{- if .Values.st2.datastore_crypto_key }}
892905 - name : st2-encryption-key-vol
893906 mountPath : /etc/st2/keys
894907 readOnly : true
908+ {{- end }}
895909 {{- if .Values.st2scheduler.postStartScript }}
896910 - name : st2-post-start-script-vol
897911 mountPath : /post-start.sh
@@ -907,12 +921,14 @@ spec:
907921 serviceAccountName : {{ template "stackstorm-ha.serviceAccountName" . }}
908922 {{- end }}
909923 volumes :
924+ {{- if .Values.st2.datastore_crypto_key }}
910925 - name : st2-encryption-key-vol
911926 secret :
912927 secretName : {{ .Release.Name }}-st2-datastore-crypto-key
913928 items :
914929 - key : datastore_crypto_key
915930 path : datastore_key.json
931+ {{- end }}
916932 {{- include "st2-config-volume" . | nindent 8 }}
917933 {{- if .Values.st2scheduler.postStartScript }}
918934 - name : st2-post-start-script-vol
@@ -1145,9 +1161,11 @@ spec:
11451161 volumeMounts :
11461162 {{- include "st2-config-volume-mounts" $ | nindent 8 }}
11471163 {{- include "packs-volume-mounts" $ | nindent 8 }}
1164+ {{- if $.Values.st2.datastore_crypto_key }}
11481165 - name : st2-encryption-key-vol
11491166 mountPath : /etc/st2/keys
11501167 readOnly : true
1168+ {{- end }}
11511169 {{- range $sensor.extra_volumes }}
11521170 - name : {{ required "Each volume must have a 'name' in $sensor.extra_volumes" .name }}
11531171 {{- tpl (required "Each volume must have a 'mount' definition in $sensor.extra_volumes" .mount | toYaml) $ | nindent 10 }}
@@ -1167,12 +1185,14 @@ spec:
11671185 serviceAccountName : {{ template "stackstorm-ha.serviceAccountName" $ }}
11681186 {{- end }}
11691187 volumes :
1188+ {{- if $.Values.st2.datastore_crypto_key }}
11701189 - name : st2-encryption-key-vol
11711190 secret :
11721191 secretName : {{ $.Release.Name }}-st2-datastore-crypto-key
11731192 items :
11741193 - key : datastore_crypto_key
11751194 path : datastore_key.json
1195+ {{- end }}
11761196 {{- include "st2-config-volume" $ | nindent 8 }}
11771197 {{- include "packs-volumes" $ | nindent 8 }}
11781198 {{- range $sensor.extra_volumes }}
@@ -1283,9 +1303,11 @@ spec:
12831303 {{- include "st2-config-volume-mounts" . | nindent 8 }}
12841304 - name : st2-ssh-key-vol
12851305 mountPath : {{ tpl .Values.st2.system_user.ssh_key_file . | dir | dir }}/.ssh-key-vol/
1306+ {{- if .Values.st2.datastore_crypto_key }}
12861307 - name : st2-encryption-key-vol
12871308 mountPath : /etc/st2/keys
12881309 readOnly : true
1310+ {{- end }}
12891311 {{- include "packs-volume-mounts" . | nindent 8 }}
12901312 {{- if .Values.st2.packs.volumes.enabled }}
12911313 {{- include "pack-configs-volume-mount" . | nindent 8 }}
@@ -1307,12 +1329,14 @@ spec:
13071329 serviceAccountName : {{ template "stackstorm-ha.serviceAccountName" . }}
13081330 {{- end }}
13091331 volumes :
1332+ {{- if .Values.st2.datastore_crypto_key }}
13101333 - name : st2-encryption-key-vol
13111334 secret :
13121335 secretName : {{ .Release.Name }}-st2-datastore-crypto-key
13131336 items :
13141337 - key : datastore_crypto_key
13151338 path : datastore_key.json
1339+ {{- end }}
13161340 {{- include "st2-config-volume" . | nindent 8 }}
13171341 - name : st2-ssh-key-vol
13181342 secret :
@@ -1557,9 +1581,11 @@ spec:
15571581 mountPath : /root/.st2/
15581582 - name : st2-ssh-key-vol
15591583 mountPath : {{ tpl .Values.st2.system_user.ssh_key_file . | dir | dir }}/.ssh-key-vol/
1584+ {{- if .Values.st2.datastore_crypto_key }}
15601585 - name : st2-encryption-key-vol
15611586 mountPath : /etc/st2/keys
15621587 readOnly : true
1588+ {{- end }}
15631589 {{- include "packs-volume-mounts" . | nindent 8 }}
15641590 {{- include "pack-configs-volume-mount" . | nindent 8 }}
15651591 {{- range .Values.st2client.extra_volumes }}
@@ -1582,12 +1608,14 @@ spec:
15821608 memory : " 5Mi"
15831609 cpu : " 5m"
15841610 volumes :
1611+ {{- if .Values.st2.datastore_crypto_key }}
15851612 - name : st2-encryption-key-vol
15861613 secret :
15871614 secretName : {{ .Release.Name }}-st2-datastore-crypto-key
15881615 items :
15891616 - key : datastore_crypto_key
15901617 path : datastore_key.json
1618+ {{- end }}
15911619 {{- include "st2-config-volume" . | nindent 8 }}
15921620 {{- if .Values.st2.rbac.enabled }}
15931621 - name : st2-rbac-roles-vol
0 commit comments