Skip to content

Commit 19c4701

Browse files
davidcollomdavidcollom
authored
Fix issue 314 - Helm chart does not support CA cert configuration (#316)
1 parent 2d8a62a commit 19c4701

File tree

7 files changed

+321
-155
lines changed

7 files changed

+321
-155
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
11
/bin
22
coverage.out
3+
.debug

deploy/charts/version-checker/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@ A Helm chart for version-checker
3131
| ecr.sessionToken | string | `nil` | ECR session token for read access to private registries |
3232
| env | object | `{}` | Can be used to provide custom environment variables e.g. proxy settings |
3333
| existingSecret | string | `""` | Provide an existing Secret within the cluster to use for authentication and configuration of version-checker |
34+
| extraVolumeMounts | list | `[]` | Allow for extra Volume Mounts to version-checkers container |
35+
| extraVolumes | list | `[]` | Allow for extra Volumes to be associated to the pod |
3436
| gcr.token | string | `nil` | Access token for read access to private GCR registries |
3537
| ghcr.token | string | `nil` | Personal Access token for read access to GHCR releases |
3638
| image.imagePullSecret | string | `nil` | Pull secrects - name of existing secret |

deploy/charts/version-checker/templates/_pod_helpers.tpl

Lines changed: 185 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,185 @@
1+
{{- define "version-checker.pod.args" -}}
2+
- "--image-cache-timeout={{.Values.versionChecker.imageCacheTimeout}}"
3+
- "--log-level={{.Values.versionChecker.logLevel}}"
4+
- "--metrics-serving-address={{.Values.versionChecker.metricsServingAddress}}"
5+
- "--test-all-containers={{.Values.versionChecker.testAllContainers}}"
6+
{{- end -}}
7+
8+
{{- define "version-checker.pod.envs.selfhosted" -}}
9+
{{- $chartname := include "version-checker.name" . -}}
10+
{{range $index, $element := .Values.selfhosted }}
11+
# Selfhosted
12+
{{- if $element.host }}
13+
- name: VERSION_CHECKER_SELFHOSTED_HOST_{{ $element.name }}
14+
valueFrom:
15+
secretKeyRef:
16+
name: {{ $chartname }}
17+
key: selfhosted.{{ $element.name }}.host
18+
{{- end -}}
19+
{{- if $element.username }}
20+
- name: VERSION_CHECKER_SELFHOSTED_USERNAME_{{ $element.name }}
21+
valueFrom:
22+
secretKeyRef:
23+
name: {{ $chartname }}
24+
key: selfhosted.{{ $element.name }}.username
25+
{{- end -}}
26+
{{- if $element.password }}
27+
- name: VERSION_CHECKER_SELFHOSTED_PASSWORD_{{ $element.name }}
28+
valueFrom:
29+
secretKeyRef:
30+
name: {{ $chartname }}
31+
key: selfhosted.{{ $element.name }}.password
32+
{{- end -}}
33+
{{- if and (hasKey $element "token") $element.token }}
34+
- name: VERSION_CHECKER_SELFHOSTED_TOKEN_{{ $element.name }}
35+
valueFrom:
36+
secretKeyRef:
37+
name: {{ $chartname }}
38+
key: selfhosted.{{ $element.name }}.token
39+
{{- end -}}
40+
{{- if and (hasKey $element "ca_path") $element.ca_path }}
41+
- name: VERSION_CHECKER_SELFHOSTED_CA_PATH_{{ $element.name }}
42+
valueFrom:
43+
secretKeyRef:
44+
name: {{ $chartname }}
45+
key: selfhosted.{{ $element.name }}.ca_path
46+
{{- end -}}
47+
{{- if and (hasKey $element "insecure") $element.insecure }}
48+
- name: VERSION_CHECKER_SELFHOSTED_INSECURE_{{ $element.name }}
49+
valueFrom:
50+
secretKeyRef:
51+
name: {{ $chartname }}
52+
key: selfhosted.{{ $element.name }}.insecure
53+
{{- end -}}
54+
{{- end }}
55+
{{- end -}}
56+
57+
{{- define "version-checker.pod.envs.docker" -}}
58+
{{- $chartname := include "version-checker.name" . -}}
59+
{{- if .Values.docker.token }}
60+
- name: VERSION_CHECKER_DOCKER_TOKEN
61+
valueFrom:
62+
secretKeyRef:
63+
name: {{ $chartname }}
64+
key: docker.token
65+
{{- end }}
66+
{{- if .Values.docker.username }}
67+
- name: VERSION_CHECKER_DOCKER_USERNAME
68+
valueFrom:
69+
secretKeyRef:
70+
name: {{ $chartname }}
71+
key: docker.username
72+
{{- end }}
73+
{{- if .Values.docker.password }}
74+
- name: VERSION_CHECKER_DOCKER_PASSWORD
75+
valueFrom:
76+
secretKeyRef:
77+
name: {{ $chartname }}
78+
key: docker.password
79+
{{- end -}}
80+
{{- end -}}
81+
82+
{{- define "version-checker.pod.envs.acr" -}}
83+
{{- $chartname := include "version-checker.name" . -}}
84+
{{- if .Values.acr.refreshToken }}
85+
- name: VERSION_CHECKER_ACR_REFRESH_TOKEN
86+
valueFrom:
87+
secretKeyRef:
88+
name: {{ $chartname }}
89+
key: acr.refreshToken
90+
{{- end }}
91+
{{- if .Values.acr.username }}
92+
- name: VERSION_CHECKER_ACR_USERNAME
93+
valueFrom:
94+
secretKeyRef:
95+
name: {{ $chartname }}
96+
key: acr.username
97+
{{- end }}
98+
{{- if .Values.acr.password }}
99+
- name: VERSION_CHECKER_ACR_PASSWORD
100+
valueFrom:
101+
secretKeyRef:
102+
name: {{ $chartname }}
103+
key: acr.password
104+
{{- end }}
105+
{{- end -}}
106+
107+
{{- define "version-checker.pod.envs.ecr" -}}
108+
{{- $chartname := include "version-checker.name" . -}}
109+
{{- if .Values.ecr.iamRoleArn }}
110+
- name: VERSION_CHECKER_ECR_IAM_ROLE_ARN
111+
value: {{ .Values.ecr.iamRoleArn }}
112+
{{- end }}
113+
{{- if .Values.ecr.accessKeyID }}
114+
- name: VERSION_CHECKER_ECR_ACCESS_KEY_ID
115+
valueFrom:
116+
secretKeyRef:
117+
name: {{ $chartname }}
118+
key: ecr.accessKeyID
119+
{{- end -}}
120+
{{- if .Values.ecr.secretAccessKey }}
121+
- name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY
122+
valueFrom:
123+
secretKeyRef:
124+
name: {{ $chartname }}
125+
key: ecr.secretAccessKey
126+
{{- end }}
127+
{{- if .Values.ecr.sessionToken }}
128+
- name: VERSION_CHECKER_ECR_SESSION_TOKEN
129+
valueFrom:
130+
secretKeyRef:
131+
name: {{ $chartname }}
132+
key: ecr.sessionToken
133+
{{- end }}
134+
{{- end -}}
135+
136+
{{- define "version-checker.pod.envs.quay" -}}
137+
{{- $chartname := include "version-checker.name" . -}}
138+
{{- if .Values.quay.token }}
139+
- name: VERSION_CHECKER_QUAY_TOKEN
140+
valueFrom:
141+
secretKeyRef:
142+
name: {{ $chartname }}
143+
key: quay.token
144+
{{- end -}}
145+
{{- end -}}
146+
147+
{{- define "version-checker.pod.envs.ghcr" -}}
148+
{{- $chartname := include "version-checker.name" . -}}
149+
{{- if .Values.ghcr.token }}
150+
# GHCR
151+
- name: VERSION_CHECKER_GHCR_TOKEN
152+
valueFrom:
153+
secretKeyRef:
154+
name: {{ $chartname }}
155+
key: ghcr.token
156+
{{- end -}}
157+
{{- end -}}
158+
159+
{{- define "version-checker.pod.envs.gcr" -}}
160+
{{- $chartname := include "version-checker.name" . -}}
161+
{{- if .Values.gcr.token }}
162+
# GCR
163+
- name: VERSION_CHECKER_GCR_TOKEN
164+
valueFrom:
165+
secretKeyRef:
166+
name: {{ $chartname }}
167+
key: gcr.token
168+
{{- end -}}
169+
{{- end -}}
170+
171+
172+
{{- define "version-checker.pod.volumes" -}}
173+
{{- $secretEnabled := false -}}
174+
{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) -}}
175+
{{- $secretEnabled = true -}}
176+
{{- end -}}
177+
{{- if $secretEnabled -}}
178+
- name: {{ include "version-checker.name" . }}
179+
secret:
180+
secretName: {{ include "version-checker.name" . }}
181+
{{- end }}
182+
{{- if and .Values.extraVolumes (gt (len .Values.extraVolumes) 0) }}
183+
{{ toYaml .Values.extraVolumes -}}
184+
{{- end -}}
185+
{{- end -}}

deploy/charts/version-checker/templates/deployment.yaml

Lines changed: 15 additions & 140 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,3 @@
1-
{{- $secretEnabled := false }}
2-
{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
3-
{{- $secretEnabled = true }}
4-
{{- end }}
51
{{ $chartname := include "version-checker.name" . }}
62
apiVersion: apps/v1
73
kind: Deployment
@@ -48,10 +44,7 @@ spec:
4844
containerPort: 8080
4945
command: ["version-checker"]
5046
args:
51-
- "--image-cache-timeout={{.Values.versionChecker.imageCacheTimeout}}"
52-
- "--log-level={{.Values.versionChecker.logLevel}}"
53-
- "--metrics-serving-address={{.Values.versionChecker.metricsServingAddress}}"
54-
- "--test-all-containers={{.Values.versionChecker.testAllContainers}}"
47+
{{- include "version-checker.pod.args" . | nindent 8 }}
5548
resources:
5649
{{- toYaml .Values.resources | nindent 12 }}
5750
{{- with .Values.securityContext }}
@@ -72,145 +65,27 @@ spec:
7265
name: {{.Values.existingSecret}}
7366
{{- end }}
7467
env:
75-
{{- if .Values.acr.refreshToken }}
76-
# ACR
77-
- name: VERSION_CHECKER_ACR_REFRESH_TOKEN
78-
valueFrom:
79-
secretKeyRef:
80-
name: {{ $chartname }}
81-
key: acr.refreshToken
82-
{{- end }}
83-
{{- if .Values.acr.username }}
84-
- name: VERSION_CHECKER_ACR_USERNAME
85-
valueFrom:
86-
secretKeyRef:
87-
name: {{ $chartname }}
88-
key: acr.username
89-
{{- end }}
90-
{{- if .Values.acr.password }}
91-
- name: VERSION_CHECKER_ACR_PASSWORD
92-
valueFrom:
93-
secretKeyRef:
94-
name: {{ $chartname }}
95-
key: acr.password
96-
{{- end -}}
97-
98-
{{- if .Values.ecr.iamRoleArn }}
99-
# ECR
100-
- name: VERSION_CHECKER_ECR_IAM_ROLE_ARN
101-
value: {{ .Values.ecr.iamRoleArn }}
102-
{{- end }}
103-
{{- if .Values.ecr.accessKeyID }}
104-
- name: VERSION_CHECKER_ECR_ACCESS_KEY_ID
105-
valueFrom:
106-
secretKeyRef:
107-
name: {{ $chartname }}
108-
key: ecr.accessKeyID
109-
{{- end -}}
110-
{{- if .Values.ecr.secretAccessKey }}
111-
- name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY
112-
valueFrom:
113-
secretKeyRef:
114-
name: {{ $chartname }}
115-
key: ecr.secretAccessKey
116-
{{- end }}
117-
{{- if .Values.ecr.sessionToken }}
118-
- name: VERSION_CHECKER_ECR_SESSION_TOKEN
119-
valueFrom:
120-
secretKeyRef:
121-
name: {{ $chartname }}
122-
key: ecr.sessionToken
123-
{{- end -}}
124-
{{- if .Values.docker.token }}
125-
# Docker
126-
- name: VERSION_CHECKER_DOCKER_TOKEN
127-
valueFrom:
128-
secretKeyRef:
129-
name: {{ $chartname }}
130-
key: docker.token
131-
{{- end }}
132-
{{- if .Values.docker.username }}
133-
- name: VERSION_CHECKER_DOCKER_USERNAME
134-
valueFrom:
135-
secretKeyRef:
136-
name: {{ $chartname }}
137-
key: docker.username
138-
{{- end }}
139-
{{- if .Values.docker.password }}
140-
- name: VERSION_CHECKER_DOCKER_PASSWORD
141-
valueFrom:
142-
secretKeyRef:
143-
name: {{ $chartname }}
144-
key: docker.password
145-
{{- end -}}
146-
{{- if .Values.gcr.token }}
147-
# GCR
148-
- name: VERSION_CHECKER_GCR_TOKEN
149-
valueFrom:
150-
secretKeyRef:
151-
name: {{ $chartname }}
152-
key: gcr.token
153-
{{- end -}}
154-
{{- if .Values.ghcr.token }}
155-
# GHCR
156-
- name: VERSION_CHECKER_GHCR_TOKEN
157-
valueFrom:
158-
secretKeyRef:
159-
name: {{ $chartname }}
160-
key: ghcr.token
161-
{{- end -}}
162-
{{- if .Values.quay.token }}
163-
# Quay
164-
- name: VERSION_CHECKER_QUAY_TOKEN
165-
valueFrom:
166-
secretKeyRef:
167-
name: {{ $chartname }}
168-
key: quay.token
169-
{{- end -}}
170-
{{range $index, $element := .Values.selfhosted }}
171-
# Selfhosted
172-
{{- if $element.host }}
173-
- name: VERSION_CHECKER_SELFHOSTED_HOST_{{ $element.name }}
174-
valueFrom:
175-
secretKeyRef:
176-
name: {{ $chartname }}
177-
key: selfhosted.{{ $element.name }}.host
178-
{{- end -}}
179-
{{- if $element.username }}
180-
- name: VERSION_CHECKER_SELFHOSTED_USERNAME_{{ $element.name }}
181-
valueFrom:
182-
secretKeyRef:
183-
name: {{ $chartname }}
184-
key: selfhosted.{{ $element.name }}.username
185-
{{- end -}}
186-
{{- if $element.password }}
187-
- name: VERSION_CHECKER_SELFHOSTED_PASSWORD_{{ $element.name }}
188-
valueFrom:
189-
secretKeyRef:
190-
name: {{ $chartname }}
191-
key: selfhosted.{{ $element.name }}.password
192-
{{- end -}}
193-
{{- if $element.token }}
194-
- name: VERSION_CHECKER_SELFHOSTED_TOKEN_{{ $element.name }}
195-
valueFrom:
196-
secretKeyRef:
197-
name: {{ $chartname }}
198-
key: selfhosted.{{ $element.name }}.token
199-
{{- end -}}
200-
{{- end -}}
68+
{{ include "version-checker.pod.envs.acr" . | nindent 8 }}
69+
{{ include "version-checker.pod.envs.ecr" . | nindent 8 }}
70+
{{ include "version-checker.pod.envs.docker" . | nindent 6 }}
71+
{{- include "version-checker.pod.envs.gcr" . | nindent 8 }}
72+
{{- include "version-checker.pod.envs.ghcr" . | nindent 8 }}
73+
{{- include "version-checker.pod.envs.quay" . | nindent 8 }}
74+
{{- include "version-checker.pod.envs.selfhosted" . | nindent 6 }}
75+
# Extra Envs
20176
{{- if .Values.env }}
20277
{{- toYaml .Values.env | nindent 8 }}
203-
{{- end -}}
78+
{{- end }}
79+
volumeMounts:
80+
{{- with .Values.extraVolumeMounts }}
81+
{{- toYaml . | nindent 10 }}
82+
{{- end }}
20483
{{- with .Values.podSecurityContext }}
20584
securityContext:
20685
{{- toYaml . | nindent 8 }}
20786
{{- end }}
20887
volumes:
209-
{{- if $secretEnabled }}
210-
- name: {{ include "version-checker.name" . }}
211-
secret:
212-
secretName: {{ include "version-checker.name" . }}
213-
{{ end }}
88+
{{- include "version-checker.pod.volumes" . | nindent 8 }}
21489
{{- with .Values.affinity }}
21590
affinity:
21691
{{- toYaml . | nindent 8 }}

0 commit comments

Comments
 (0)