feat(pod-inject)

2020-05-31 11:41:08 +02:00 · 2020-05-31 11:41:08 +02:00 · fa0aa58adf
parent 55371156bc
commit fa0aa58adf
4 changed files with 39 additions and 24 deletions
--- a/charts/heqet/templates/_helpers.tpl
+++ b/charts/heqet/templates/_helpers.tpl
@ -20,3 +20,30 @@ ingress:
      hosts:
        - {{ .vhost | quote }}
 {{- end }}
+{{- /*
+  Read value files for every application
+*/ -}}
+{{- define "app.values" }}
+  {{- $values := .Files.Glob "values.d/*.yaml" }}
+{{- ($values)| indent 8 }}
+{{ end }}
+
+{{- /*
+  Inject vault-injector into pods
+*/ -}}
+{{- define "vault.injection" }}
+annotations:
+  heqet.gnu.one/app: "true"
+{{- if not .novault }}
+  vault.hashicorp.com/agent-inject: "true"
+  vault.hashicorp.com/role: "{{ .name }}-vault-ro"
+  {{- if .secret }}
+    {{- $appname := .name }}
+    {{- range .secrets }}
+  vault.hashicorp.com/agent-inject-secret-{{ .path }}: "heqet/apps/{{ $appname }}/{{ .name }}"
+    {{- end }}
+  {{- end }}
+spec:
+  serviceAccountName: "{{ .name }}-vault-ro"
+{{- end }}
+{{- end }}
--- a/charts/heqet/templates/heqet-apps.yaml
+++ b/charts/heqet/templates/heqet-apps.yaml
@ -41,21 +41,29 @@ spec:
          value: {{ .value | quote }}
         {{- end }}
        {{- end }}
-      {{- end -}}
+      {{- end }}

-      {{- if or (and $.Values.ingress.enabled .vhost) .values }}
      values: |
+      {{- if or (and $.Values.ingress.enabled .vhost) .values }}
        {{- if and $.Values.ingress.enabled .vhost }}
          {{- $shift := empty .ingress_prefix -}}
          {{- $indent := ternary 8 10 $shift -}}
          {{- if .ingress_prefix }}
 {{ .ingress_prefix | indent 8 }}:
-          {{- end }}
+          {{- end -}}
          {{- include "heqet.ingress" . | indent $indent -}}
+
        {{- end }}
 {{- if .values }}
 {{ toYaml .values | default "" | indent 8 -}}
 {{- end }}
+          {{- $shift := empty .pod_spec_prefix -}}
+          {{- $indent := ternary 8 10 $shift -}}
+          {{- if .pod_spec_ingress_prefix }}
+{{ .pod_spec_prefix | indent 8 }}:
+          {{- end }}
+          {{- include "vault.injection" . | indent $indent -}}
+
      {{- end -}}
    {{- end }}
  syncPolicy:
--- a/charts/heqet/templates/heqet-podpreset.yaml
+++ b/charts/heqet/templates/heqet-podpreset.yaml
@ -1,21 +0,0 @@
-{{- range .Values.apps }}
---
-kind: PodPreset
-apiVersion: settings.k8s.io/v1alpha1
-metadata:
-  annotations:
-    heqet.gnu.one/app: "true"
-  {{- if not .novault }}
-    vault.hashicorp.com/agent-inject: "true"
-    vault.hashicorp.com/role: "{{ .name }}-vault-ro"
-    {{- if .secret }}
-      {{- $appname := .name }}
-      {{- range .secrets }}
-    vault.hashicorp.com/agent-inject-secret-{{ .path }}: "heqet/apps/{{ $appname }}/{{ .name }}"
-      {{- end }}
-    {{- end }}
-  namespace: {{ .namespace | default .name }}
-spec:
-  serviceAccountName: "{{ .name }}-vault-ro"
-  {{- end }}
-{{- end }}
--- a/charts/heqet/values.yaml
+++ b/charts/heqet/values.yaml
@ -35,6 +35,7 @@ apps:
    path: charts/argo-cd
    vhost: argocd.heqet.gnu.one
    ingress_prefix: server
+    pod_spec_prefix: server
    parameters:
      - name: server.debug
        value: "true"