diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d33708..a971133 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## [3.0.0] - 2025-12-30 + +### Added + +- Ability to mount secrets as volumes. I'ts handy when you need to mount encrypted config file + ## [2.7.0] - 2025-12-14 ### Added diff --git a/chart/Chart.yaml b/chart/Chart.yaml index f610da7..1ca8bcc 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.7.0 +version: 3.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. diff --git a/chart/templates/dbsecrets.yaml b/chart/templates/dbsecrets.yaml deleted file mode 100644 index 5b97170..0000000 --- a/chart/templates/dbsecrets.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.database.enabled -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{.Release.Name }}-db - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": before-hook-creation -type: Opaque -data: - login: {{ .Release.Name | trimSuffix "-www" | b64enc | quote }} - password: {{ randAlphaNum 32 | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index bd3675d..e87af5d 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -15,6 +15,7 @@ spec: labels: {{- include "basic.selectorLabels" . | nindent 8 }} spec: + enableServiceLinks: false containers: - name: {{ .Release.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -36,27 +37,31 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.volumes.enabled }} volumeMounts: - {{- if .Values.configMap }} - - name: {{ .Values.configMap.name }} - mountPath: {{ .Values.configMap.mountPath }} - {{- end }} - {{- range .Values.volumes.mountPath }} - {{- $dirmap := regexSplit ":" . -1 }} - {{- $sub_path := slice $dirmap 0 1 | first }} - {{- $mount := slice $dirmap 1 | last }} - {{- if $.Values.volumes.type.pvc }} - {{- $path := $mount }} - - mountPath: {{ $mount | default "/var/www" }} - name: {{ $.Release.Name }}-volume - {{- else }} + {{- if .Values.volumes.nfs }} + {{- range .Values.volumes.nfs.mountPath }} + {{- $dirmap := regexSplit ":" . -1 }} + {{- $sub_path := slice $dirmap 0 1 | first }} + {{- $mount := slice $dirmap 1 | last }} - mountPath: {{ $mount | default "/var/www" }} name: {{ $.Release.Name }}-volume subPath: {{ $sub_path }} + {{- end }} {{- end }} + {{- if .Values.volumes.secret }} + - name: {{ .Values.volumes.secret.secretName }} + mountPath: {{ .Values.volumes.secret.mountPath }} + {{- if .Values.volumes.secret.subPath }} + subPath: {{ .Values.volumes.secret.subPath }} + {{- end}} + {{- end }} + {{- if .Values.volumes.configmap }} + - name: {{ .Values.volumes.configmap.configMap }} + mountPath: {{ .Values.volumes.configmap.mountPath }} + {{- if .Values.volumes.configmap.subPath }} + subPath: {{ .Values.volumes.configmap.subPath }} + {{- end}} {{- end }} - {{- end}} env: {{- with .Values.env }} {{- toYaml . | nindent 12 }} @@ -102,31 +107,30 @@ spec: {{- with .Values.nodeSelector }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.volumes.enabled }} - {{- if .Values.volumes.type.pvc }} - {{- $ownership := regexSplit ":" .Values.volumes.ownership -1 }} - {{- $gid := slice $ownership 0 1 | first }} - securityContext: - fsGroup: {{ $gid | default 0 }} - {{- end}} volumes: - {{- if .Values.configMap }} - - name: {{ .Values.configMap.name }} + {{- if .Values.volumes.configMap }} + - name: {{ .Values.volumes.configMap.name }} configMap: - name: {{ .Values.configMap.name }} - {{- end }} + name: {{ .Values.volumes.configMap.name }} + {{- end }} + {{- if .Values.volumes.nfs }} - name: {{ .Release.Name }}-volume - {{- if .Values.volumes.type.nfs }} nfs: - server: {{ .Values.volumes.type.nfs.server }} - {{- if .Values.volumes.rootDir }} - path: {{ .Values.volumes.type.nfs.path }}/{{ .Values.volumes.rootDir }} - {{- else }} - path: {{ .Values.volumes.type.nfs.path }}/{{ .Release.Name }} - {{- end }} + server: {{ .Values.volumes.nfs.server }} + {{- if .Values.volumes.rootDir }} + path: {{ .Values.volumes.nfs.path }}/{{ .Values.volumes.rootDir }} + {{- else }} + path: {{ .Values.volumes.nfs.path }}/{{ .Release.Name }} + {{- end }} readOnly: false - {{- else }} - persistentVolumeClaim: - claimName: {{ .Release.Name }}-pvc - {{- end }} - {{- end }} + {{- end }} + {{- if .Values.volumes.secret }} + - name: {{ .Values.volumes.secret.secretName }} + secret: + secretName: {{ .Values.volumes.secret.secretName }} + {{- end }} + {{- if .Values.volumes.configmap }} + - name: {{ .Values.volumes.configmap.configMap }} + configMap: + name: {{ .Values.volumes.configmap.configMap }} + {{- end }} diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml index 620da3a..184c3a6 100644 --- a/chart/templates/ingress.yaml +++ b/chart/templates/ingress.yaml @@ -1,12 +1,10 @@ {{- if .Values.ingress.enabled -}} {{- range .Values.ingress.hosts }} -{{- $subdomain := .name | splitList "." | first -}} -{{- $ReleaseName := printf "%s-%s" $.Release.Name $subdomain -}} --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ $ReleaseName }} + name: {{ $.Release.Name}} namespace: {{ $.Release.Namespace }} {{- if $.Values.ingress.ssl }} annotations: @@ -23,12 +21,12 @@ spec: pathType: Prefix backend: service: - name: {{ $ReleaseName }} + name: {{ $.Release.Name }} port: number: {{ .servicePort }} {{- if $.Values.ingress.ssl }} tls: - - secretName: {{ $ReleaseName }}-tls + - secretName: {{ $.Release.Name }}-tls hosts: - {{ .name }} {{- end }} diff --git a/chart/templates/initWebsiteDir.yaml b/chart/templates/initWebsiteDir.yaml deleted file mode 100644 index f58db22..0000000 --- a/chart/templates/initWebsiteDir.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- if .Values.volumes.enabled -}} -{{- if .Values.volumes.type.nfs -}} -{{- $dirs_to_create := "" -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Release.Name }}-init-websitedir" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never - containers: - - name: "{{ .Release.Name }}-init-websitedir" - image: gitea.angrybits.pl/kkrolikowski/toolbox:0.0.1 - env: - - name: WEBSITE_DIRS - {{- range .Values.volumes.mountPath }} - {{- $dirmap := regexSplit ":" . -1 -}} - {{- $dir := slice $dirmap 0 1 | first -}} - {{- if $.Values.volumes.rootDir -}} - {{- $dirs_to_create = printf "%s %s/%s/%s" $dirs_to_create "/storage" $.Values.volumes.rootDir $dir }} - {{- else }} - {{- $dirs_to_create = printf "%s %s/%s/%s" $dirs_to_create "/storage" $.Release.Name $dir }} - {{- end }} - {{- end }} - value: {{ $dirs_to_create }} - - name: OWNERSHIP - value: {{ .Values.volumes.ownership | default "root:root" }} - volumeMounts: - - mountPath: /storage - name: {{ .Release.Name }}-volume - command: ["/bin/sh"] - args: - - -c - - >- - if [! -d $(WEBSITE_DIRS) ]; then - mkdir -p $(WEBSITE_DIRS); - chown -R $(OWNERSHIP) $(WEBSITE_DIRS); - fi - nodeSelector: - {{- with .Values.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: {{ .Release.Name }}-volume - nfs: - server: {{ .Values.volumes.type.nfs.server }} - path: {{ .Values.volumes.type.nfs.path }} -{{- end }} -{{- end }} diff --git a/chart/templates/mattermost-notify.yaml b/chart/templates/mattermost-notify.yaml deleted file mode 100644 index f164b7a..0000000 --- a/chart/templates/mattermost-notify.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if .Values.deployNotifications.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Release.Name }}-mattermost" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never - containers: - - name: "{{ .Release.Name }}-mattermost" - image: {{ .Values.deployNotifications.image }} - env: - - name: MM_USERNAME - valueFrom: - secretKeyRef: - name: cron-secrets - key: mm_usernane - - name: MM_BOT_TOKEN - valueFrom: - secretKeyRef: - name: cron-secrets - key: mm_bot_token - - name: MM_CHAT - valueFrom: - secretKeyRef: - name: cron-secrets - key: mm_chat - - name: APP_NAME - value: {{ .Release.Name }} - - name: APP_VERSION - value: {{ .Values.image.tag }} -{{- end }} \ No newline at end of file diff --git a/chart/templates/mysqlDBhelper.yaml b/chart/templates/mysqlDBhelper.yaml deleted file mode 100644 index d5354e9..0000000 --- a/chart/templates/mysqlDBhelper.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.database.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Release.Name }}-dbserver" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never - containers: - - name: mysqldb-helper - image: gitea.angrybits.pl/kkrolikowski/mysql-initdb:0.0.1 - env: - - name: DB_ADMIN_LOGIN - valueFrom: - secretKeyRef: - name: dbadmin - key: login - - name: DB_ADMIN_PASS - valueFrom: - secretKeyRef: - name: dbadmin - key: password - - name: APPDB_NAME - value: {{ .Release.Name | trimSuffix "-www" }} - - name: APPDB_LOGIN - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-db - key: login - - name: APPDB_PASS - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-db - key: password - - name: DB_HOST - value: srv-db2.lan - nodeSelector: - {{- with .Values.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/chart/templates/service.yaml b/chart/templates/service.yaml index abd3f66..9d98632 100644 --- a/chart/templates/service.yaml +++ b/chart/templates/service.yaml @@ -5,7 +5,7 @@ apiVersion: v1 kind: Service metadata: - name: "{{ $.Release.Name }}-{{ .name }}" + name: "{{ .name }}" namespace: {{ $.Release.Namespace }} spec: type: {{ .type }} diff --git a/chart/test_values.yaml b/chart/test_values.yaml index 0474745..bafcb81 100644 --- a/chart/test_values.yaml +++ b/chart/test_values.yaml @@ -19,12 +19,19 @@ resources: # enabled: false volumes: enabled: true - mountPath: - - storage:/storage - type: - nfs: - server: lab-storage.lan - path: /volume1/storagelab + nfs: + server: lab-storage.lan + path: /volume1/storagelab + mountPath: + - storage:/ + secret: + secretName: app-secret + mountPath: /app/secret.json + subPath: secret.json + configmap: + configMap: app-config + mountPath: /conf/config.ini + subPath: config.ini nodeSelector: kubernetes.io/arch: arm64 services: diff --git a/chart/values.yaml b/chart/values.yaml index feafaad..5250f50 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,8 +1,6 @@ replicaCount: 1 autoscaling: enabled: false -database: - enabled: false image: imagePolicy: false repository: "" @@ -24,16 +22,6 @@ ingress: enabled: false hosts: [] tls: {} -volumes: - enabled: false - mountPath: [] - ownership: "" - type: - nfs: - server: lab-storage.lan - path: /volume1/storagelab -deployNotifications: - enabled: false - image: "" +volumes: {} nodeSelector: {} -configMap: {} \ No newline at end of file +configMap: {}