Read hcloud secret from vault secrets
This commit is contained in:
parent
12d08adc1a
commit
ab6a0e1de1
|
@ -0,0 +1,73 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "template.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "template.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "template.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "template.labels" -}}
|
||||
helm.sh/chart: {{ include "template.chart" . }}
|
||||
{{ include "template.selectorLabels" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "template.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "template.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "template.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "template.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- /*
|
||||
template.util.merge will merge two YAML templates and output the result.
|
||||
This takes an array of three values:
|
||||
- the top context
|
||||
- the template name of the overrides (destination)
|
||||
- the template name of the base (source)
|
||||
*/}}
|
||||
{{- define "template.util.merge" -}}
|
||||
{{- $top := first . -}}
|
||||
{{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) -}}
|
||||
{{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) -}}
|
||||
{{- toYaml (merge $overrides $tpl) -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,19 @@
|
|||
{{- if .Values.vault.enabled }}
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: HCPVaultSecretsApp
|
||||
metadata:
|
||||
name: {{ include "template.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "template.labels" . | nindent 4 }}
|
||||
spec:
|
||||
appName: {{ .Values.vault.applicationName }}
|
||||
hcpAuthRef: {{ .Values.vault.operatorNamespace | default "vault-secrets-operator-system" }}/hcp-auth
|
||||
destination:
|
||||
create: true
|
||||
labels:
|
||||
{{- include "template.labels" . | nindent 6 }}
|
||||
hvs: "true"
|
||||
name: {{ include "template.fullname" . }}
|
||||
refreshAfter: 1h
|
||||
{{- end }}
|
|
@ -0,0 +1,13 @@
|
|||
hcloud-csi:
|
||||
storageClasses:
|
||||
- name: hcloud-volumes
|
||||
defaultStorageClass: true
|
||||
reclaimPolicy: Retain
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
namespace: observability
|
||||
vault:
|
||||
enabled: true
|
||||
applicationName: hcloud
|
|
@ -0,0 +1 @@
|
|||
../templates
|
|
@ -1,10 +0,0 @@
|
|||
hcloud-csi:
|
||||
storageClasses:
|
||||
- name: hcloud-volumes
|
||||
defaultStorageClass: true
|
||||
reclaimPolicy: Retain
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
namespace: observability
|
|
@ -0,0 +1 @@
|
|||
../values.yaml
|
|
@ -0,0 +1,4 @@
|
|||
vault:
|
||||
enabled: false
|
||||
applicationName: ""
|
||||
operatorNamespace: ""
|
|
@ -0,0 +1 @@
|
|||
# only there for correct syntax highlighting in IDE
|
|
@ -0,0 +1,73 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "template.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "template.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "template.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "template.labels" -}}
|
||||
helm.sh/chart: {{ include "template.chart" . }}
|
||||
{{ include "template.selectorLabels" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "template.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "template.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "template.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "template.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- /*
|
||||
template.util.merge will merge two YAML templates and output the result.
|
||||
This takes an array of three values:
|
||||
- the top context
|
||||
- the template name of the overrides (destination)
|
||||
- the template name of the base (source)
|
||||
*/}}
|
||||
{{- define "template.util.merge" -}}
|
||||
{{- $top := first . -}}
|
||||
{{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) -}}
|
||||
{{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) -}}
|
||||
{{- toYaml (merge $overrides $tpl) -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,19 @@
|
|||
{{- if .Values.vault.enabled }}
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: HCPVaultSecretsApp
|
||||
metadata:
|
||||
name: {{ include "template.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "template.labels" . | nindent 4 }}
|
||||
spec:
|
||||
appName: {{ .Values.vault.applicationName }}
|
||||
hcpAuthRef: {{ .Values.vault.operatorNamespace | default "vault-secrets-operator-system" }}/hcp-auth
|
||||
destination:
|
||||
create: true
|
||||
labels:
|
||||
{{- include "template.labels" . | nindent 6 }}
|
||||
hvs: "true"
|
||||
name: {{ include "template.fullname" . }}
|
||||
refreshAfter: 1h
|
||||
{{- end }}
|
|
@ -0,0 +1 @@
|
|||
../templates
|
|
@ -0,0 +1 @@
|
|||
../values.yaml
|
|
@ -0,0 +1,4 @@
|
|||
vault:
|
||||
enabled: false
|
||||
applicationName: ""
|
||||
operatorNamespace: ""
|
Loading…
Reference in New Issue