diff --git a/pkg/deploy/deployment.go b/pkg/deploy/deployment.go index e7d093f618..404e145ce3 100644 --- a/pkg/deploy/deployment.go +++ b/pkg/deploy/deployment.go @@ -283,7 +283,7 @@ func MountSecrets(specDeployment *appsv1.Deployment, deployContext *chetypes.Dep for _, secretObj := range secrets.Items { switch secretObj.Annotations[constants.CheEclipseOrgMountAs] { case "file": - voluseSource := corev1.VolumeSource{ + volumeSource := corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: secretObj.Name, }, @@ -291,17 +291,42 @@ func MountSecrets(specDeployment *appsv1.Deployment, deployContext *chetypes.Dep volume := corev1.Volume{ Name: secretObj.Name, - VolumeSource: voluseSource, + VolumeSource: volumeSource, } + specDeployment.Spec.Template.Spec.Volumes = append(specDeployment.Spec.Template.Spec.Volumes, volume) volumeMount := corev1.VolumeMount{ Name: secretObj.Name, MountPath: secretObj.Annotations[constants.CheEclipseOrgMountPath], } + container.VolumeMounts = append(container.VolumeMounts, volumeMount) + case "subpath": + volumeSource := corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: secretObj.Name, + }, + } + volume := corev1.Volume{ + Name: secretObj.Name, + VolumeSource: volumeSource, + } specDeployment.Spec.Template.Spec.Volumes = append(specDeployment.Spec.Template.Spec.Volumes, volume) - container.VolumeMounts = append(container.VolumeMounts, volumeMount) + for fileName, _ := range secretObj.Data { + mountPath := secretObj.Annotations[constants.CheEclipseOrgMountPath] + if strings.HasSuffix(mountPath, "/") { + mountPath += fileName + } else { + mountPath += "/" + fileName + } + volumeMount := corev1.VolumeMount{ + Name: secretObj.Name, + MountPath: mountPath, + SubPath: fileName, + } + container.VolumeMounts = append(container.VolumeMounts, volumeMount) + } case "env": secret := &corev1.Secret{} exists, err := GetNamespacedObject(deployContext, secretObj.Name, secret) diff --git a/pkg/deploy/deployment_test.go b/pkg/deploy/deployment_test.go index ba874a1035..cb06a2a008 100644 --- a/pkg/deploy/deployment_test.go +++ b/pkg/deploy/deployment_test.go @@ -146,7 +146,79 @@ func TestMountSecret(t *testing.T) { }, }, { - name: "Mount env variable", + name: "Mount secret as subpath", + initDeployment: &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "che", + ResourceVersion: "0", + }, + Spec: appsv1.DeploymentSpec{ + Template: corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Containers: []corev1.Container{{}}, + }, + }, + }, + }, + expectedDeployment: &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "che", + ResourceVersion: "0", + }, + Spec: appsv1.DeploymentSpec{ + Template: corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + { + Name: "test-volume", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "test-volume", + }, + }, + }, + }, + Containers: []corev1.Container{ + { + VolumeMounts: []corev1.VolumeMount{ + { + Name: "test-volume", + MountPath: "/test-path/key", + SubPath: "key", + }, + }, + }, + }, + }, + }, + }, + }, + initObjects: []runtime.Object{ + &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test-volume", + Namespace: "eclipse-che", + Labels: map[string]string{ + constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg, + constants.KubernetesComponentLabelKey: "che-secret", // corresponds to deployment name + }, + Annotations: map[string]string{ + constants.CheEclipseOrgMountAs: "subpath", + constants.CheEclipseOrgMountPath: "/test-path", + }, + }, + Data: map[string][]byte{ + "key": []byte("key-data"), + }, + }, + }, + }, + { + name: "Mount secret as env variable", initDeployment: &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: "che",