Add secrets mount to Payload Apps (#107)

* adding secrets mount to payload app and correcting variable names * adding spacefx secrets generation * setting up dedicate secrets mount for platform-deployment * moving divider
microsoft · Aug 4, 2024 · dd6a88a · dd6a88a
1 parent db1fe2c
commit dd6a88a
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 5 deletions.
diff --git a/chart/templates/_secrets.tpl b/chart/templates/_secrets.tpl
@@ -4,7 +4,6 @@
 {{- $globalValues := .globalValues }}
 {{- $payloadAppValues := .payloadAppValues }}
 {{- $fileServerValues := .fileServerValues }}
----
 apiVersion: v1
 kind: Secret
 metadata:

diff --git a/chart/templates/_service.tpl b/chart/templates/_service.tpl
@@ -6,6 +6,7 @@
 {{- $payloadAppValues := .payloadAppValues }}
 ---
 {{- include "spacefx.appsettings.json" (dict "globalValues" $globalValues "serviceValues" $serviceValues) }}
+---
 {{- include "spacefx.secrets" (dict "globalValues" $globalValues "serviceValues" $serviceValues "fileServerValues" $fileServerValues "payloadAppValues" .payloadAppValues "buildServiceValues" $buildServiceValues) }}
 {{- $imgName := printf "%s/%s:%s" (include "spacefx.servicePrefixCalc" (dict "globalValues" $globalValues)) $serviceValues.repository (include "spacefx.serviceVersionCalc" (dict "globalValues" $globalValues "serviceValues" $serviceValues)) }}
 ---
@@ -147,8 +148,8 @@ spec:
       volumes:
 {{- $appSettingsVolume := printf "%s" (include "spacefx.appsettings.json.volume" (dict "globalValues" $globalValues "serviceValues" $serviceValues) | nindent 2 | trim) }}
 {{- printf "- %s" $appSettingsVolume | nindent 8 }}
-{{- $secretsMount := (include "spacefx.secrets.volume" (dict "globalValues" $globalValues "serviceValues" $serviceValues) | nindent 2 | trim) }}
-{{- printf "- %s" $secretsMount | nindent 8 }}
+{{- $secretsVolume := (include "spacefx.secrets.volume" (dict "globalValues" $globalValues "serviceValues" $serviceValues) | nindent 2 | trim) }}
+{{- printf "- %s" $secretsVolume | nindent 8 }}
 {{- range $volumeKey, $volumeName := $globalValues.xferVolumes }}
 {{- $fileServerVolume := printf "%s" (include "spacefx.fileserver.clientapp.volume" (dict "globalValues" $globalValues "serviceValues" $serviceValues "volumeName" $volumeName) | nindent 2 | trim) }}
 {{- printf "- %s" $fileServerVolume | nindent 8 }}

diff --git a/chart/templates/payload_app_template.yaml b/chart/templates/payload_app_template.yaml
@@ -6,6 +6,10 @@
 {{- if $serviceValues.appsettings.enabled }}
 {{- include "spacefx.appsettings.json" (dict "globalValues" $globalValues "serviceValues" $serviceValues) }}
 {{- end }}
+# Secrets
+{{- if $serviceValues.secrets.enabled }}
+{{- include "spacefx.secrets" (dict "globalValues" $globalValues "serviceValues" $serviceValues "fileServerValues" $allServices.core.fileserver "payloadAppValues" $serviceValues "buildServiceValues" $allServices.core.buildservice) }}
+{{- end }}
 # Annotations
 {{- if $serviceValues.annotations.enabled }}
 {{- include "spacefx.payloadappTemplate.annotations" (dict "serviceValues" $serviceValues "globalValues" $globalValues) }}
@@ -27,6 +31,8 @@
 volumeMounts:
 {{- $appSettingsMount := printf "%s" (include "spacefx.appsettings.json.volumemount" (dict "globalValues" $globalValues "serviceValues" $serviceValues) | nindent 2 | trim) }}
 {{- printf "- %s" $appSettingsMount | nindent 2 }}
+{{- $secretsMount := printf "%s" (include "spacefx.secrets.volumemount" (dict "globalValues" $globalValues "serviceValues" $serviceValues) | nindent 2 | trim) }}
+{{- printf "- %s" $secretsMount | nindent 2 }}
 {{- range $volumeKey, $volumeName := $globalValues.xferVolumes }}
 {{- $fileServerVolumeMount := printf "%s" (include "spacefx.fileserver.clientapp.volumemount" (dict "globalValues" $globalValues "serviceValues" $serviceValues "volumeName" $volumeName) | nindent 2 | trim) }}
 {{- printf "- %s" $fileServerVolumeMount | nindent 2 }}
@@ -49,8 +55,8 @@ volumeMounts:
 volumes:
 {{- $appSettingsVolume := printf "%s" (include "spacefx.appsettings.json.volume" (dict "globalValues" $globalValues "serviceValues" $serviceValues) | nindent 2 | trim) }}
 {{- printf "- %s" $appSettingsVolume | nindent 2 }}
-{{- $secretsMount := (include "spacefx.secrets.volume" (dict "globalValues" $globalValues "serviceValues" $serviceValues) | nindent 2 | trim) }}
-{{- printf "- %s" $secretsMount | nindent 2 }}
+{{- $secretsVolume := (include "spacefx.secrets.volume" (dict "globalValues" $globalValues "serviceValues" $serviceValues) | nindent 2 | trim) }}
+{{- printf "- %s" $secretsVolume | nindent 2 }}
 {{- range $volumeKey, $volumeName := $globalValues.xferVolumes }}
 {{- $fileServerVolume := printf "%s" (include "spacefx.fileserver.clientapp.volume" (dict "globalValues" $globalValues "serviceValues" $serviceValues "volumeName" $volumeName) | nindent 2 | trim) }}
 {{- printf "- %s" $fileServerVolume | nindent 2 }}

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -399,6 +399,8 @@ services:
       annotations:
         enabled: false
         daprEnabled: false
+      secrets:
+        enabled: false
       appsettings:
         enabled: false
       environmentVariables: