Skip to content

Commit

Permalink
feat: Allow to mount secrets into che containers as subpath
Browse files Browse the repository at this point in the history 
Signed-off-by: Anatolii Bazko <[email protected]>
  • Loading branch information
@tolusha
tolusha committed Nov 21, 2023
1 parent 14eed75 commit 887d43b
Show file tree
Hide file tree
Showing 2 changed files with 101 additions and 4 deletions.
31 changes: 28 additions & 3 deletions pkg/deploy/deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,25 +283,50 @@ func MountSecrets(specDeployment *appsv1.Deployment, deployContext *chetypes.Dep
for _, secretObj := range secrets.Items {
switch secretObj.Annotations[constants.CheEclipseOrgMountAs] {
case "file":
voluseSource := corev1.VolumeSource{
volumeSource := corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: secretObj.Name,
},
}

volume := corev1.Volume{
Name: secretObj.Name,
VolumeSource: voluseSource,
VolumeSource: volumeSource,
}
specDeployment.Spec.Template.Spec.Volumes = append(specDeployment.Spec.Template.Spec.Volumes, volume)

volumeMount := corev1.VolumeMount{
Name: secretObj.Name,
MountPath: secretObj.Annotations[constants.CheEclipseOrgMountPath],
}
container.VolumeMounts = append(container.VolumeMounts, volumeMount)
case "subpath":
volumeSource := corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: secretObj.Name,
},
}

volume := corev1.Volume{
Name: secretObj.Name,
VolumeSource: volumeSource,
}
specDeployment.Spec.Template.Spec.Volumes = append(specDeployment.Spec.Template.Spec.Volumes, volume)
container.VolumeMounts = append(container.VolumeMounts, volumeMount)

for fileName, _ := range secretObj.Data {
mountPath := secretObj.Annotations[constants.CheEclipseOrgMountPath]
if strings.HasSuffix(mountPath, "/") {
mountPath += fileName
} else {
mountPath += "/" + fileName
}
volumeMount := corev1.VolumeMount{
Name: secretObj.Name,
MountPath: mountPath,
SubPath: fileName,
}
container.VolumeMounts = append(container.VolumeMounts, volumeMount)
}
case "env":
secret := &corev1.Secret{}
exists, err := GetNamespacedObject(deployContext, secretObj.Name, secret)
Expand Down
74 changes: 73 additions & 1 deletion pkg/deploy/deployment_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,79 @@ func TestMountSecret(t *testing.T) {
},
},
{
name: "Mount env variable",
name: "Mount secret as subpath",
initDeployment: &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Name: "che",
ResourceVersion: "0",
},
Spec: appsv1.DeploymentSpec{
Template: corev1.PodTemplateSpec{
Spec: corev1.PodSpec{
Containers: []corev1.Container{{}},
},
},
},
},
expectedDeployment: &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Name: "che",
ResourceVersion: "0",
},
Spec: appsv1.DeploymentSpec{
Template: corev1.PodTemplateSpec{
Spec: corev1.PodSpec{
Volumes: []corev1.Volume{
{
Name: "test-volume",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: "test-volume",
},
},
},
},
Containers: []corev1.Container{
{
VolumeMounts: []corev1.VolumeMount{
{
Name: "test-volume",
MountPath: "/test-path/key",
SubPath: "key",
},
},
},
},
},
},
},
},
initObjects: []runtime.Object{
&corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: "test-volume",
Namespace: "eclipse-che",
Labels: map[string]string{
constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg,
constants.KubernetesComponentLabelKey: "che-secret", // corresponds to deployment name
},
Annotations: map[string]string{
constants.CheEclipseOrgMountAs: "subpath",
constants.CheEclipseOrgMountPath: "/test-path",
},
},
Data: map[string][]byte{
"key": []byte("key-data"),
},
},
},
},
{
name: "Mount secret as env variable",
initDeployment: &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Name: "che",
Expand Down

0 comments on commit 887d43b

Please sign in to comment.