Skip to content

feat: mounting secrets as volumes #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kkrolikowski wants to merge 24 commits into
base: main
Choose a base branch
from
Open

feat: mounting secrets as volumes #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
bf5da46
feat: mounting secrets as volumes
kkrolikowski Dec 30, 2025
340f039
refactor: change secret volume configuration
kkrolikowski Dec 31, 2025
954b1c9
fix: changing condition
kkrolikowski Dec 31, 2025
20988d4
fix: first letter lowercase
kkrolikowski Dec 31, 2025
59d8b6b
fix: remove default nfs configuration
kkrolikowski Dec 31, 2025
03e5721
feat: adding option to mount single file
kkrolikowski Dec 31, 2025
8397237
refactor: renaming configmap volume name for consistency
kkrolikowski Feb 24, 2026
bcd5ee1
feat: maintaining mounting configMap and secret
kkrolikowski Feb 24, 2026
0889d82
fix: secret object fields update
kkrolikowski Feb 24, 2026
3315f78
fix: mounts handling
kkrolikowski Feb 25, 2026
abd9084
removing initdir hook
kkrolikowski Feb 25, 2026
8419b30
removing dbhelper hook
kkrolikowski Feb 25, 2026
2bc9ecd
bumping version
kkrolikowski Feb 25, 2026
746b756
obsolete database option
kkrolikowski Feb 25, 2026
84e02b9
adding secrets and configmaps support
kkrolikowski Feb 25, 2026
ac04e95
manual service name
kkrolikowski Feb 25, 2026
28ec01d
removing notifications hook changed default volumes value
kkrolikowski Feb 25, 2026
f2590a3
removing values.volume.type key
kkrolikowski Feb 25, 2026
728bc3b
removing volume.type obsolete option
kkrolikowski Feb 25, 2026
5e3d8c3
fixing configmap configuration
kkrolikowski Feb 25, 2026
0c1cfe3
obsolete database option
kkrolikowski Feb 25, 2026
b68ac50
changing ingress config
kkrolikowski Feb 25, 2026
42ad5fc
adding enable servicelinks option
kkrolikowski Feb 25, 2026
b24f020
set enableServiceLinks to false by default
kkrolikowski Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Changelog

## [3.0.0] - 2025-12-30

### Added

- Ability to mount secrets as volumes. I'ts handy when you need to mount encrypted config file

## [2.7.0] - 2025-12-14

### Added
Expand Down
2 changes: 1 addition & 1 deletion chart/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 2.7.0
version: 3.0.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
Expand Down
14 changes: 0 additions & 14 deletions chart/templates/dbsecrets.yaml
View file
Open in desktop

This file was deleted.

80 changes: 42 additions & 38 deletions chart/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ spec:
labels:
{{- include "basic.selectorLabels" . | nindent 8 }}
spec:
enableServiceLinks: false
containers:
- name: {{ .Release.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
Expand All @@ -36,27 +37,31 @@ spec:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.volumes.enabled }}
volumeMounts:
{{- if .Values.configMap }}
- name: {{ .Values.configMap.name }}
mountPath: {{ .Values.configMap.mountPath }}
{{- end }}
{{- range .Values.volumes.mountPath }}
{{- $dirmap := regexSplit ":" . -1 }}
{{- $sub_path := slice $dirmap 0 1 | first }}
{{- $mount := slice $dirmap 1 | last }}
{{- if $.Values.volumes.type.pvc }}
{{- $path := $mount }}
- mountPath: {{ $mount | default "/var/www" }}
name: {{ $.Release.Name }}-volume
{{- else }}
{{- if .Values.volumes.nfs }}
{{- range .Values.volumes.nfs.mountPath }}
{{- $dirmap := regexSplit ":" . -1 }}
{{- $sub_path := slice $dirmap 0 1 | first }}
{{- $mount := slice $dirmap 1 | last }}
- mountPath: {{ $mount | default "/var/www" }}
name: {{ $.Release.Name }}-volume
subPath: {{ $sub_path }}
{{- end }}
{{- end }}
{{- if .Values.volumes.secret }}
- name: {{ .Values.volumes.secret.secretName }}
mountPath: {{ .Values.volumes.secret.mountPath }}
{{- if .Values.volumes.secret.subPath }}
subPath: {{ .Values.volumes.secret.subPath }}
{{- end}}
{{- end }}
{{- if .Values.volumes.configmap }}
- name: {{ .Values.volumes.configmap.configMap }}
mountPath: {{ .Values.volumes.configmap.mountPath }}
{{- if .Values.volumes.configmap.subPath }}
subPath: {{ .Values.volumes.configmap.subPath }}
{{- end}}
{{- end }}
{{- end}}
env:
{{- with .Values.env }}
{{- toYaml . | nindent 12 }}
Expand Down Expand Up @@ -102,31 +107,30 @@ spec:
{{- with .Values.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.volumes.enabled }}
{{- if .Values.volumes.type.pvc }}
{{- $ownership := regexSplit ":" .Values.volumes.ownership -1 }}
{{- $gid := slice $ownership 0 1 | first }}
securityContext:
fsGroup: {{ $gid | default 0 }}
{{- end}}
volumes:
{{- if .Values.configMap }}
- name: {{ .Values.configMap.name }}
{{- if .Values.volumes.configMap }}
- name: {{ .Values.volumes.configMap.name }}
configMap:
name: {{ .Values.configMap.name }}
{{- end }}
name: {{ .Values.volumes.configMap.name }}
{{- end }}
{{- if .Values.volumes.nfs }}
- name: {{ .Release.Name }}-volume
{{- if .Values.volumes.type.nfs }}
nfs:
server: {{ .Values.volumes.type.nfs.server }}
{{- if .Values.volumes.rootDir }}
path: {{ .Values.volumes.type.nfs.path }}/{{ .Values.volumes.rootDir }}
{{- else }}
path: {{ .Values.volumes.type.nfs.path }}/{{ .Release.Name }}
{{- end }}
server: {{ .Values.volumes.nfs.server }}
{{- if .Values.volumes.rootDir }}
path: {{ .Values.volumes.nfs.path }}/{{ .Values.volumes.rootDir }}
{{- else }}
path: {{ .Values.volumes.nfs.path }}/{{ .Release.Name }}
{{- end }}
readOnly: false
{{- else }}
persistentVolumeClaim:
claimName: {{ .Release.Name }}-pvc
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.volumes.secret }}
- name: {{ .Values.volumes.secret.secretName }}
secret:
secretName: {{ .Values.volumes.secret.secretName }}
{{- end }}
{{- if .Values.volumes.configmap }}
- name: {{ .Values.volumes.configmap.configMap }}
configMap:
name: {{ .Values.volumes.configmap.configMap }}
{{- end }}
8 changes: 3 additions & 5 deletions chart/templates/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
{{- if .Values.ingress.enabled -}}
{{- range .Values.ingress.hosts }}
{{- $subdomain := .name | splitList "." | first -}}
{{- $ReleaseName := printf "%s-%s" $.Release.Name $subdomain -}}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $ReleaseName }}
name: {{ $.Release.Name}}
namespace: {{ $.Release.Namespace }}
{{- if $.Values.ingress.ssl }}
annotations:
Expand All @@ -23,12 +21,12 @@ spec:
pathType: Prefix
backend:
service:
name: {{ $ReleaseName }}
name: {{ $.Release.Name }}
port:
number: {{ .servicePort }}
{{- if $.Values.ingress.ssl }}
tls:
- secretName: {{ $ReleaseName }}-tls
- secretName: {{ $.Release.Name }}-tls
hosts:
- {{ .name }}
{{- end }}
Expand Down
65 changes: 0 additions & 65 deletions chart/templates/initWebsiteDir.yaml
View file
Open in desktop

This file was deleted.

48 changes: 0 additions & 48 deletions chart/templates/mattermost-notify.yaml
View file
Open in desktop

This file was deleted.

57 changes: 0 additions & 57 deletions chart/templates/mysqlDBhelper.yaml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion chart/templates/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ $.Release.Name }}-{{ .name }}"
name: "{{ .name }}"
namespace: {{ $.Release.Namespace }}
spec:
type: {{ .type }}
Expand Down
19 changes: 13 additions & 6 deletions chart/test_values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,19 @@ resources:
# enabled: false
volumes:
enabled: true
mountPath:
- storage:/storage
type:
nfs:
server: lab-storage.lan
path: /volume1/storagelab
nfs:
server: lab-storage.lan
path: /volume1/storagelab
mountPath:
- storage:/
secret:
secretName: app-secret
mountPath: /app/secret.json
subPath: secret.json
configmap:
configMap: app-config
mountPath: /conf/config.ini
subPath: config.ini
nodeSelector:
kubernetes.io/arch: arm64
services:
Expand Down
Loading