feat(pod-inject)

drone
nold 2 years ago
parent 55371156bc
commit fa0aa58adf
  1. 27
      charts/heqet/templates/_helpers.tpl
  2. 14
      charts/heqet/templates/heqet-apps.yaml
  3. 21
      charts/heqet/templates/heqet-podpreset.yaml
  4. 1
      charts/heqet/values.yaml

@ -20,3 +20,30 @@ ingress:
hosts:
- {{ .vhost | quote }}
{{- end }}
{{- /*
Read value files for every application
*/ -}}
{{- define "app.values" }}
{{- $values := .Files.Glob "values.d/*.yaml" }}
{{- ($values)| indent 8 }}
{{ end }}
{{- /*
Inject vault-injector into pods
*/ -}}
{{- define "vault.injection" }}
annotations:
heqet.gnu.one/app: "true"
{{- if not .novault }}
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "{{ .name }}-vault-ro"
{{- if .secret }}
{{- $appname := .name }}
{{- range .secrets }}
vault.hashicorp.com/agent-inject-secret-{{ .path }}: "heqet/apps/{{ $appname }}/{{ .name }}"
{{- end }}
{{- end }}
spec:
serviceAccountName: "{{ .name }}-vault-ro"
{{- end }}
{{- end }}

@ -41,21 +41,29 @@ spec:
value: {{ .value | quote }}
{{- end }}
{{- end }}
{{- end -}}
{{- end }}
{{- if or (and $.Values.ingress.enabled .vhost) .values }}
values: |
{{- if or (and $.Values.ingress.enabled .vhost) .values }}
{{- if and $.Values.ingress.enabled .vhost }}
{{- $shift := empty .ingress_prefix -}}
{{- $indent := ternary 8 10 $shift -}}
{{- if .ingress_prefix }}
{{ .ingress_prefix | indent 8 }}:
{{- end }}
{{- end -}}
{{- include "heqet.ingress" . | indent $indent -}}
{{- end }}
{{- if .values }}
{{ toYaml .values | default "" | indent 8 -}}
{{- end }}
{{- $shift := empty .pod_spec_prefix -}}
{{- $indent := ternary 8 10 $shift -}}
{{- if .pod_spec_ingress_prefix }}
{{ .pod_spec_prefix | indent 8 }}:
{{- end }}
{{- include "vault.injection" . | indent $indent -}}
{{- end -}}
{{- end }}
syncPolicy:

@ -1,21 +0,0 @@
{{- range .Values.apps }}
---
kind: PodPreset
apiVersion: settings.k8s.io/v1alpha1
metadata:
annotations:
heqet.gnu.one/app: "true"
{{- if not .novault }}
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "{{ .name }}-vault-ro"
{{- if .secret }}
{{- $appname := .name }}
{{- range .secrets }}
vault.hashicorp.com/agent-inject-secret-{{ .path }}: "heqet/apps/{{ $appname }}/{{ .name }}"
{{- end }}
{{- end }}
namespace: {{ .namespace | default .name }}
spec:
serviceAccountName: "{{ .name }}-vault-ro"
{{- end }}
{{- end }}

@ -35,6 +35,7 @@ apps:
path: charts/argo-cd
vhost: argocd.heqet.gnu.one
ingress_prefix: server
pod_spec_prefix: server
parameters:
- name: server.debug
value: "true"

Loading…
Cancel
Save