update secrets storage chart

SwissDataScienceCenter · Apr 16, 2024 · 9414269 · 9414269
1 parent 6de8adb
commit 9414269
Show file tree

Hide file tree

Showing 3 changed files with 105 additions and 95 deletions.
diff --git a/helm-chart/renku/templates/secrets-storage/deployment.yaml b/helm-chart/renku/templates/secrets-storage/deployment.yaml
@@ -0,0 +1,96 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "renku.fullname" . }}-secrets-storage
+  labels:
+    app: renku-secrets-storage
+    chart: {{ template "renku.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  {{- if not .Values.secretsStorage.autoscaling.enabled }}
+  replicas: {{ .Values.secretsStorage.replicaCount }}
+  {{- end }}
+  strategy: 
+    {{- toYaml .Values.secretsStorage.updateStrategy | nindent 4 }}
+  selector:
+    matchLabels:
+      app: renku-secrets-storage
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: renku-secrets-storage
+        release: {{ .Release.Name }}
+      {{- with .Values.secretsStorage.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      automountServiceAccountToken: {{ .Values.global.debug }}
+      initContainers:
+        {{- include "certificates.initContainer" . | nindent 8 }}
+      containers:
+        - name: secrets-storage
+          image: "{{ .Values.secretsStorage.image.repository }}:{{ .Values.secretsStorage.image.tag }}"
+          imagePullPolicy: {{ .Values.secretsStorage.image.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: VERSION
+              value: {{ .Values.secretsStorage.image.tag | quote }}
+            - name: DB_HOST
+              value: {{ template "postgresql.fullname" . }}
+            - name: DB_USER
+              value: {{ .Values.global.db.common.username }}
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.db.common.passwordSecretName }}
+                  key: password
+            - name: SECRET_SERVICE_PUBLIC_KEY_PATH
+              value: /secrets/publicKey
+          livenessProbe:
+            httpGet:
+              path: /api/secret/version
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            failureThreshold: 6
+          readinessProbe:
+            httpGet:
+              path: /api/secret/version
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 2
+            failureThreshold: 2
+          startupProbe:
+            httpGet:
+              path: /api/secret/version
+              port: http
+            periodSeconds: 5
+            failureThreshold: 60
+          resources:
+            {{ toYaml .Values.secretsStorage.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: "/secrets/privateKey"
+              subpath: privateKey
+              name: secret-service-private-key
+              readOnly: true
+            {{- include "certificates.volumeMounts.system" . | nindent 12 }}
+      volumes:
+        - name: secret-service-private-key
+          secret:
+            secretName: {{ template "renku.fullname" . }}-secret-service-private-key
+        {{- include "certificates.volumes" . | nindent 8 }}
+    {{- with .Values.secretsStorage.nodeSelector }}
+      nodeSelector:
+        {{ toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "renku.fullname" . }}-secrets-storage
diff --git a/helm-chart/renku/templates/secrets-storage/deployment.yaml.bak b/helm-chart/renku/templates/secrets-storage/deployment.yaml.bak
diff --git a/helm-chart/renku/templates/setup-job-platform-init.yaml b/helm-chart/renku/templates/setup-job-platform-init.yaml
@@ -47,6 +47,9 @@ metadata:
     chart: {{ template "renku.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "-5"
 rules:
   - apiGroups:
       - ""
@@ -67,6 +70,9 @@ metadata:
     chart: {{ template "renku.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "-5"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -77,6 +83,9 @@ metadata:
     chart: {{ template "renku.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "-5"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role