feat(snapshotAgent): allow extraVolumeMounts & Environment (#136)

Author: OdyX

CHANGELOG.md

@@ -1,5 +1,9 @@
 ## Unreleased
 
+## 0.24.1
+
+- fix(snapshotAgent): allow setting extraVolumeMounts, extraEnvironmentVars & extraSecretEnvironmentVars
+
 ## 0.24.0
 
 - feat: add support for gateway-api httproute

charts/openbao/Chart.yaml

@@ -3,7 +3,7 @@
 
 apiVersion: v2
 name: openbao
-version: 0.24.0
+version: 0.24.1
 appVersion: v2.4.4
 kubeVersion: ">= 1.30.0-0"
 description: Official OpenBao Chart
@@ -28,7 +28,7 @@ annotations:
   artifacthub.io/changes: |
     - kind: added
       description: |
-        feat: add support for gateway-api httproute
+        fix(snapshotAgent): allow setting extraEnvironmentVars and extraVolumeMounts
 
 maintainers:
   - name: OpenBao

charts/openbao/README.md

@@ -1,6 +1,6 @@
 # openbao
 
-![Version: 0.24.0](https://img.shields.io/badge/Version-0.24.0-informational?style=flat-square) ![AppVersion: v2.4.4](https://img.shields.io/badge/AppVersion-v2.4.4-informational?style=flat-square)
+![Version: 0.24.1](https://img.shields.io/badge/Version-0.24.1-informational?style=flat-square) ![AppVersion: v2.4.4](https://img.shields.io/badge/AppVersion-v2.4.4-informational?style=flat-square)
 
 Official OpenBao Chart
 
@@ -326,6 +326,9 @@ Kubernetes: `>= 1.30.0-0`
 | snapshotAgent.config.s3Uri | string | `"s3://openbao-snapshots"` |  |
 | snapshotAgent.config.s3cmdExtraFlag | string | `"-v"` |  |
 | snapshotAgent.enabled | bool | `false` |  |
+| snapshotAgent.extraEnvironmentVars | object | `{}` | Map of extra environment variables to set in the snapshot-agent cronjob |
+| snapshotAgent.extraSecretEnvironmentVars | list | `[]` | List of extra environment variables to set in the snapshot-agent cronjob These variables take value from existing Secret objects. |
+| snapshotAgent.extraVolumeMounts | list | `[]` | List of additional volumeMounts for the snapshot cronjob container. These are rendered via toYaml rather than pre-processed like the extraVolumes value. |
 | snapshotAgent.extraVolumes | object | `{}` |  |
 | snapshotAgent.image.repository | string | `"ghcr.io/openbao/openbao-snapshot-agent"` |  |
 | snapshotAgent.image.tag | string | `"0.2.4"` |  |

charts/openbao/templates/snapshotagent-cronjob.yaml

@@ -45,12 +45,17 @@ spec:
                 secretKeyRef:
                   key: AWS_ACCESS_KEY_ID
                   name: {{ .Values.snapshotAgent.s3CredentialsSecret }}
+            {{- include "openbao.extraSecretEnvironmentVars" .Values.snapshotAgent | nindent 12 }}
+            {{- include "openbao.extraEnvironmentVars" .Values.snapshotAgent | nindent 12 }}
             image: {{ .Values.snapshotAgent.image.repository }}:{{ .Values.snapshotAgent.image.tag }}
             {{ template "openbao.snapshotAgent.resources". }}
             {{ template "snapshotAgent.securityContext.container" .}}
             volumeMounts:
               - name: snapshot-dir
                 mountPath: /bao-snapshots
+              {{- with .Values.snapshotAgent.extraVolumeMounts }}
+              {{- toYaml . | nindent 14 }}
+              {{- end }}
             imagePullPolicy: IfNotPresent
           volumes:
           - name: snapshot-dir

charts/openbao/values.yaml

@@ -1515,6 +1515,14 @@ snapshotAgent:
   # extraVolumes for the snapshot agent cronjob
   extraVolumes: {}
 
+  # -- List of additional volumeMounts for the snapshot cronjob container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  extraVolumeMounts: []
+  #   - mountPath: /openbao/tls/ca.crt
+  #     name: openbao-tls
+  #     readOnly: true
+  #     subPath: ca.crt
+
   # s3CredentialsSecret to use
   s3CredentialsSecret: "my-s3-credentials"
 
@@ -1531,6 +1539,17 @@ snapshotAgent:
   # configuration of the CronJobs resources
   resources: {}
 
+  # -- Map of extra environment variables to set in the snapshot-agent cronjob
+  extraEnvironmentVars: {}
+    # BAO_CACERT: /openbao/tls/ca.crt
+
+  # --  List of extra environment variables to set in the snapshot-agent cronjob
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+    # - envName: AWS_SECRET_ACCESS_KEY
+    #   secretName: openbao
+    #   secretKey: AWS_SECRET_ACCESS_KEY
+
   # Security context for the pod template and the snapshotAgent container
   # The default pod securityContext is:
   #   runAsNonRoot: true

test/unit/snapshotagent.bats

@@ -263,6 +263,83 @@ load _helpers
   [ "${actual}" = "https://bao.example.com" ]
 }
 
+#--------------------------------------------------------------------
+# extraEnvironmentVars
+
+@test "snapshot/cronjob: specify extraEnvironmentVar" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/snapshotagent-cronjob.yaml \
+      --set 'snapshotAgent.enabled=true' \
+      --set 'snapshotAgent.extraEnvironmentVars.BAO_FOO=bar' \
+      . | tee /dev/stderr |
+      yq -r '.spec.jobTemplate.spec.template.spec.containers[0].env' | tee /dev/stderr )
+
+  local actual=$(echo $object |
+     yq -r '.[2].name' | tee /dev/stderr)
+  [ "${actual}" = "BAO_FOO" ]
+
+  local actual=$(echo $object |
+      yq -r '.[2].value' | tee /dev/stderr)
+  [ "${actual}" = "bar" ]
+}
+
+#--------------------------------------------------------------------
+# extraSecretEnvironmentVars
+
+@test "snapshot/cronjob: set extraSecretEnvironmentVars" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/snapshotagent-cronjob.yaml  \
+      --set 'snapshotAgent.enabled=true' \
+      --set 'snapshotAgent.extraSecretEnvironmentVars[0].envName=ENV_FOO_0' \
+      --set 'snapshotAgent.extraSecretEnvironmentVars[0].secretName=secret_name_0' \
+      --set 'snapshotAgent.extraSecretEnvironmentVars[0].secretKey=secret_key_0' \
+      --set 'snapshotAgent.extraSecretEnvironmentVars[1].envName=ENV_FOO_1' \
+      --set 'snapshotAgent.extraSecretEnvironmentVars[1].secretName=secret_name_1' \
+      --set 'snapshotAgent.extraSecretEnvironmentVars[1].secretKey=secret_key_1' \
+      . | tee /dev/stderr |
+      yq -r '.spec.jobTemplate.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="ENV_FOO_0")) | .[] .valueFrom.secretKeyRef.name' | tee /dev/stderr)
+  [ "${value}" = "secret_name_0" ]
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="ENV_FOO_0")) | .[] .valueFrom.secretKeyRef.key' | tee /dev/stderr)
+  [ "${value}" = "secret_key_0" ]
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="ENV_FOO_1")) | .[] .valueFrom.secretKeyRef.name' | tee /dev/stderr)
+  [ "${value}" = "secret_name_1" ]
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="ENV_FOO_1")) | .[] .valueFrom.secretKeyRef.key' | tee /dev/stderr)
+  [ "${value}" = "secret_key_1" ]
+}
+
+#--------------------------------------------------------------------
+# extraVolumeMounts
+
+@test "snapshot/cronjob: specify extraVolumeMounts" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/snapshotagent-cronjob.yaml \
+      --set 'snapshotAgent.enabled=true' \
+      --set 'snapshotAgent.extraVolumeMounts[0].mountPath=/mnt' \
+      --set 'snapshotAgent.extraVolumeMounts[0].name=secret' \
+      . | tee /dev/stderr |
+      yq -r '.spec.jobTemplate.spec.template.spec.containers[0].volumeMounts' | tee /dev/stderr )
+
+  local actual=$(echo $object |
+     yq -r '.[1].mountPath' | tee /dev/stderr)
+  [ "${actual}" = "/mnt" ]
+
+  local actual=$(echo $object |
+      yq -r '.[1].name' | tee /dev/stderr)
+  [ "${actual}" = "secret" ]
+}
+
 #--------------------------------------------------------------------
 # securityContext