Skip to content

Commit

Permalink
allow stringData and encoded values on secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
emmanuelm41 committed Oct 25, 2023
1 parent 3e8defc commit 6a860ae
Show file tree
Hide file tree
Showing 4 changed files with 78 additions and 45 deletions.
2 changes: 1 addition & 1 deletion application/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ type: application

# Helm chart Version

version: 2.2.9
version: 2.3.0


keywords:
Expand Down
10 changes: 7 additions & 3 deletions application/templates/secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,12 @@ metadata:
{{ toYaml $.Values.secret.annotations | indent 4 }}
{{- end }}
data:
{{- range $key, $value := .data }}
{{- range $key, $value := .data }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}
{{- end }}
{{- with .encodedData }}
{{- toYaml . | nindent 2 }}
{{- end }}
stringData:
{{- toYaml .stringData | nindent 2 }}
{{- end }}
28 changes: 28 additions & 0 deletions application/tests/secret_test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
suite: Secret

templates:
- secret.yaml

tests:
- it: include stringData and data if they are set
set:
secret:
enabled: enable
files:
test:
stringData:
testStringData: testValue
data:
testNoEncodedData: testValue
encodedData:
testEncodedData: dGVzdFZhbHVl
asserts:
- equal:
path: stringData.testStringData
value: testValue
- equal:
path: data.testEncodedData
value: dGVzdFZhbHVl
- equal:
path: data.testNoEncodedData
value: dGVzdFZhbHVl
83 changes: 42 additions & 41 deletions application/values-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ deployment:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%

# Reload deployment if configMap/secret updates
reloadOnChange: true

# Select nodes to deploy which matches the following labels
# Select nodes to deploy which matches the following labels
nodeSelector:
# cloud.google.com/gke-nodepool: default-pool

Expand All @@ -48,7 +48,7 @@ deployment:
# Additional labels for Deployment
additionalLabels:
key: value

# Additional label added on pod which is used in Service's Label Selector
podLabels:
env: prod
Expand All @@ -59,7 +59,7 @@ deployment:
# Additional Pod Annotations added on pod created by this Deployment
additionalPodAnnotations:
key: value

# Annotations for fluentd Configurations
fluentdConfigAnnotations:
fluentd:
Expand Down Expand Up @@ -88,7 +88,7 @@ deployment:
env:
ENVIRONMENT:
value: "dev"

# Volumes to be added to the pod
volumes:
config-volume:
Expand All @@ -106,9 +106,9 @@ deployment:
persistentVolumeClaim:
claimName: claim-name

# Mount path for Volumes
# Mount path for Volumes
volumeMounts:
volume-name:
volume-name:
mountPath: /path1

# Taint tolerations for nodes
Expand Down Expand Up @@ -152,10 +152,11 @@ deployment:
successThreshold: 1
timeoutSeconds: 1
initialDelaySeconds: 10
exec:
exec:
command:
- cat
- tmp/healthy
- tmp/healthy

livenessProbe:
enabled: true
Expand Down Expand Up @@ -198,7 +199,7 @@ deployment:
# Security Context for the pod
securityContext:
# fsGroup: 2000

# Command for primary container
command: []

Expand Down Expand Up @@ -256,7 +257,7 @@ service:
kubernetes.io/ingress.class: external-ingress
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/force-ssl-redirect: "true"
ports:
- port: 8080
name: http
Expand All @@ -273,15 +274,15 @@ ingress:

# Port of the service that serves pods
servicePort: http

#Set pathType: default is ImplementationSpecific; Options: Exact, Prefix
pathType: ImplementationSpecific
pathType: ImplementationSpecific

# List of host addresses to be exposed by this Ingress

hosts:
- host: chart-example.local
paths:
paths:
- path: /
# pathType: ''
# serviceName: ''
Expand Down Expand Up @@ -321,11 +322,11 @@ route:
kubernetes.io/ingress.class: external-ingress
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/force-ssl-redirect: "true"

# Additional labels for this Route
additionalLabels:
key: value

# If no host is added then openshift inserts the default hostname. To Add host explicitly, use host attribute
host:

Expand Down Expand Up @@ -359,7 +360,7 @@ secretProviderClass:
objects: |
- objectName: "MONGO_HOST"
secretPath: "testing/data/mongoDb"
secretKey: "MONGO_HOST"
secretKey: "MONGO_HOST"
secretObjects:
- data:
- key: MONGO_HOST
Expand All @@ -375,19 +376,19 @@ forecastle:
# Add additional labels on Forecastle Custom Resource
additionalLabels:
key: value

# URL of the icon for the custom app
icon: https://raw.githubusercontent.com/stakater/ForecastleIcons/master/stakater-big.png

# Name of the application to be displayed on the Forecastle Dashboard
displayName: "application"

# Group for the custom app (default: .Release.Namespace)
group: ""

# Add properties to Custom Resource
properties:

# Whether app is network restricted or not
networkRestricted: false

Expand All @@ -403,8 +404,8 @@ rbac:
# Additional Labels on service account
additionalLabels:
key: value
# Annotations on service account

# Annotations on service account
annotations:
# key: value

Expand All @@ -427,7 +428,7 @@ rbac:
verbs:
- get

# Additional ConfigMaps
# Additional ConfigMaps
configMap:
enabled: true
additionalLabels:
Expand Down Expand Up @@ -481,7 +482,7 @@ secret:
# Service Monitor to collect Prometheus metrices
serviceMonitor:
enabled: true

# Additional labels
additionalLabels:
key: value
Expand Down Expand Up @@ -527,15 +528,15 @@ autoscaling:

# autoscaling is used for vertical pod autoscaling
vpa:
# enabled is a boolean flag for enabling or disabling vpa
# enabled is a boolean flag for enabling or disabling vpa
enabled: true
# additionalLabels defines additional labels
additionalLabels:
additionalLabels:
# key: value
# annotations defines annotations in key value pair
annotations:
annotations:
# key: value
# container policies for individual containers.
# container policies for individual containers.
# There can be at most one entry for every named container and optionally a single wildcard entry with `containerName = '*'`, which handles all containers that do not have individual policies.
containerPolicies:
- containerName: '*'
Expand All @@ -549,7 +550,7 @@ vpa:
# EndpointMonitor for IMC (https://github.com/stakater/IngressMonitorController)
endpointMonitor:
enabled: true

# Additional labels
additionalLabels:
key: value
Expand All @@ -561,7 +562,7 @@ endpointMonitor:
# Certficate CRD to generate the certificate
certificate:
enabled: false

# Additional labels
additionalLabels:
key: value
Expand Down Expand Up @@ -622,7 +623,7 @@ certificate:
# AlertmanagerConfig object for defining application specific alertmanager configurations
alertmanagerConfig:
enabled: true

# AlertmanagerConfig selectionLabels to specify label to be picked up by Alertmanager to add it to base config. Read more about it at [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.html] under .spec.alertmanagerConfigSelector
selectionLabels:
alertmanagerConfig: "workload"
Expand Down Expand Up @@ -656,7 +657,7 @@ alertmanagerConfig:
# PrometheusRule object for defining application alerting rules
prometheusRule:
enabled: true

# PrometheusRule labels
additionalLabels:
prometheus: stakater-workload-monitoring
Expand All @@ -683,13 +684,13 @@ externalSecret:
#SecretStore defines which SecretStore to use when fetching the secret data
secretStore:
name: example-secret-store
#kind: SecretStore # or ClusterSecretStore
#kind: SecretStore # or ClusterSecretStore

# RefreshInterval is the amount of time before the values reading again from the SecretStore provider
refreshInterval: "1m"
files:
secret-1-name:
#Data defines the connection between the Kubernetes Secret keys and the Provider data
#Data defines the connection between the Kubernetes Secret keys and the Provider data
data:
example-secret-key:
remoteRef:
Expand All @@ -709,7 +710,7 @@ externalSecret:
##########################################################
# Network Policy
##########################################################
networkPolicy:
networkPolicy:
enabled: false
# Additional labels
additionalLabels:
Expand All @@ -718,7 +719,7 @@ networkPolicy:
# Additional annotations
annotations:
# key: value

# Ingress rules
ingress:
- from:
Expand All @@ -735,7 +736,7 @@ networkPolicy:
ports:
- protocol: TCP
port: 6379

# Egress rules
egress:
- to:
Expand Down Expand Up @@ -1257,22 +1258,22 @@ grafanaDashboard:
}
cronJob:
cronJob:
enabled: true
jobs:
db-migration:
schedule: "* * * 8 *"
imagePullSecrets:
- name: nexus-secret
image:
image:
repository: docker.io/nginx
tag: v1.0.0
env:
env:
KEY:
value: VALUE
command: ["/bin/bash"]
args: ["-c","sleep 5000"]
resources:
resources:
requests:
memory: 5Gi
cpu: 1

0 comments on commit 6a860ae

Please sign in to comment.