feat(helm): mount of additional volumes

enix · Dec 19, 2022 · c3430d4 · c3430d4
1 parent 4566656
commit c3430d4
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 0 deletions.
diff --git a/deploy/charts/x509-certificate-exporter/README.md b/deploy/charts/x509-certificate-exporter/README.md
@@ -332,6 +332,8 @@ in the container namespace.
 | secretsExporter.podAnnotations | object | `{}` | Annotations added to Pods of the TLS Secrets exporter |
 | secretsExporter.podSecurityContext | object | `{}` | PodSecurityContext for Pods of the TLS Secrets exporter |
 | secretsExporter.securityContext | object | check `values.yaml` | SecurityContext for containers of the TLS Secrets exporter |
+| secretsExporter.extraVolumes | list | `[]` | Additionnal volumes added to Pods of the TLS Secrets exporter (combined with global `extraVolumes`) |
+| secretsExporter.extraVolumeMounts | list | `[]` | Additionnal volume mounts added to Pod containers of the TLS Secrets exporter (combined with global `extraVolumeMounts`) |
 | secretsExporter.secretTypes | list | check `values.yaml` | Which type of Secrets should be watched ; "key" is the map key in the secret data |
 | secretsExporter.includeNamespaces | list | `[]` | Restrict the list of namespaces the TLS Secrets exporter should scan for certificates to watch (all namespaces if empty) |
 | secretsExporter.excludeNamespaces | list | `[]` | Exclude namespaces from being scanned by the TLS Secrets exporter (evaluated after `includeNamespaces`) |
@@ -350,6 +352,8 @@ in the container namespace.
 | hostPathsExporter.podAnnotations | object | `{}` | Annotations added to Pods of hostPath exporters (default for all hostPathsExporter.daemonSets) |
 | hostPathsExporter.podSecurityContext | object | `{}` | PodSecurityContext for Pods of hostPath exporters (default for all hostPathsExporter.daemonSets) |
 | hostPathsExporter.securityContext | object | check `values.yaml` | SecurityContext for containers of hostPath exporters (default for all hostPathsExporter.daemonSets) |
+| hostPathsExporter.extraVolumes | list | `[]` | Additionnal volumes added to Pods of hostPath exporters (default for all hostPathsExporter.daemonSets ; combined with global `extraVolumes`) |
+| hostPathsExporter.extraVolumeMounts | list | `[]` | Additionnal volume mounts added to Pod containers of hostPath exporters (default for all hostPathsExporter.daemonSets ; combined with global `extraVolumes`) |
 | hostPathsExporter.watchDirectories | list | `[]` | [SEE README] List of directory paths of the host to scan for PEM encoded certificate files to be watched and exported as metrics (one level deep) |
 | hostPathsExporter.watchFiles | list | `[]` | [SEE README] List of file paths of the host for PEM encoded certificates to be watched and exported as metrics (one level deep) |
 | hostPathsExporter.watchKubeconfFiles | list | `[]` | [SEE README] List of Kubeconf file paths of the host to scan for embedded certificates to export metrics about |
@@ -388,6 +392,8 @@ in the container namespace.
 | extraLabels | object | `{}` | Additional labels added to all chart objects |
 | podExtraLabels | object | `{}` | Additional labels added to all Pods |
 | podAnnotations | object | `{}` | Annotations added to all Pods |
+| extraVolumes | list | `[]` | Additionnal volumes added to all Pods (see also the `secretsExporter` and `hostPathsExporter` variants) |
+| extraVolumeMounts | list | `[]` | Additionnal volume mounts added to all Pod containers (see also the `secretsExporter` and `hostPathsExporter` variants) |
 | psp.create | bool | `false` | Should Pod Security Policy objects be created |
 | rbac.create | bool | `true` | Should RBAC objects be created |
 | rbac.secretsExporter.serviceAccountName | string | `nil` | Name of the ServiceAccount for the Secrets exporter (required if `rbac.create=false`) |

diff --git a/deploy/charts/x509-certificate-exporter/templates/daemonset.yaml b/deploy/charts/x509-certificate-exporter/templates/daemonset.yaml
@@ -1,5 +1,7 @@
 {{- with .Values.hostPathsExporter.daemonSets }}
 {{- range $dsName, $dsDef := . }}
+{{- $extraVolumes := concat ( default $.Values.hostPathsExporter.extraVolumes $dsDef.extraVolumes ) $.Values.extraVolumes }}
+{{- $extraVolumeMounts := concat ( default $.Values.hostPathsExporter.extraVolumeMounts $dsDef.extraVolumeMounts ) $.Values.extraVolumeMounts }}
 ---
 apiVersion: apps/v1
 kind: DaemonSet
@@ -115,6 +117,9 @@ spec:
           #subPath: {{ . | base }}
           readOnly: true
         {{- end }}
+        {{- range $extraVolumeMounts }}
+        - {{ tpl (. | toYaml) $ | indent 10 | trim }}
+        {{- end }}
       {{- if not $.Values.rbacProxy.enabled }}
         ports:
         - name: metrics
@@ -165,5 +170,8 @@ spec:
           path: {{ . | clean | dir }}
           type: Directory
       {{- end }}
+      {{- range $extraVolumes }}
+      - {{ tpl (. | toYaml) $ | indent 8 | trim }}
+      {{- end }}
 {{- end }}
 {{- end }}
diff --git a/deploy/charts/x509-certificate-exporter/templates/deployment.yaml b/deploy/charts/x509-certificate-exporter/templates/deployment.yaml
@@ -1,3 +1,5 @@
+{{- $extraVolumes := concat .Values.secretsExporter.extraVolumes .Values.extraVolumes }}
+{{- $extraVolumeMounts := concat .Values.secretsExporter.extraVolumeMounts .Values.extraVolumeMounts }}
 {{- if .Values.secretsExporter.enabled }}
 apiVersion: {{ include "capabilities.deployment.apiVersion" . }}
 kind: Deployment
@@ -70,6 +72,12 @@ spec:
         {{- end }}
         image: {{ include "x509-certificate-exporter.image" . }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
+        {{- with $extraVolumeMounts }}
+        volumeMounts:
+        {{- range $extraVolumeMounts }}
+        - {{ tpl (. | toYaml) $ | indent 10 | trim }}
+        {{- end }}
+        {{- end }}
         args:
         {{- if .Values.secretsExporter.debugMode }}
         - --debug
@@ -136,4 +144,10 @@ spec:
         {{- . | toYaml | trim | nindent 10 }}
         {{- end }}
       {{- end }}
+      {{- with $extraVolumes }}
+      volumes:
+      {{- range $extraVolumes }}
+      - {{ tpl (. | toYaml) $ | indent 8 | trim }}
+      {{- end }}
+      {{- end }}
 {{- end }}
diff --git a/deploy/charts/x509-certificate-exporter/values.yaml b/deploy/charts/x509-certificate-exporter/values.yaml
@@ -83,6 +83,11 @@ secretsExporter:
     capabilities:
       drop:
       - ALL
+  # -- Additionnal volumes added to Pods of the TLS Secrets exporter (combined with global `extraVolumes`)
+  extraVolumes: []
+  # -- Additionnal volume mounts added to Pod containers of the TLS Secrets exporter (combined with global `extraVolumeMounts`)
+  extraVolumeMounts: []
+
 
   # -- Which type of Secrets should be watched ; "key" is the map key in the secret data
   # @default -- check `values.yaml`
@@ -142,6 +147,10 @@ hostPathsExporter:
     capabilities:
       drop:
       - ALL
+  # -- Additionnal volumes added to Pods of hostPath exporters (default for all hostPathsExporter.daemonSets ; combined with global `extraVolumes`)
+  extraVolumes: []
+  # -- Additionnal volume mounts added to Pod containers of hostPath exporters (default for all hostPathsExporter.daemonSets ; combined with global `extraVolumes`)
+  extraVolumeMounts: []
 
   # -- [SEE README] List of directory paths of the host to scan for PEM encoded certificate files to be watched and exported as metrics (one level deep)
   watchDirectories: []
@@ -246,6 +255,11 @@ podAnnotations: {}
 #  prometheus.io/port: "9793"
 #  prometheus.io/scrape: "true"
 
+# -- Additionnal volumes added to all Pods (see also the `secretsExporter` and `hostPathsExporter` variants)
+extraVolumes: []
+# -- Additionnal volume mounts added to all Pod containers (see also the `secretsExporter` and `hostPathsExporter` variants)
+extraVolumeMounts: []
+
 psp:
   # -- Should Pod Security Policy objects be created
   create: false