diff --git a/deploy/charts/x509-certificate-exporter/README.md b/deploy/charts/x509-certificate-exporter/README.md index 6b3d304..0c2df20 100644 --- a/deploy/charts/x509-certificate-exporter/README.md +++ b/deploy/charts/x509-certificate-exporter/README.md @@ -332,6 +332,8 @@ in the container namespace. | secretsExporter.podAnnotations | object | `{}` | Annotations added to Pods of the TLS Secrets exporter | | secretsExporter.podSecurityContext | object | `{}` | PodSecurityContext for Pods of the TLS Secrets exporter | | secretsExporter.securityContext | object | check `values.yaml` | SecurityContext for containers of the TLS Secrets exporter | +| secretsExporter.extraVolumes | list | `[]` | Additionnal volumes added to Pods of the TLS Secrets exporter (combined with global `extraVolumes`) | +| secretsExporter.extraVolumeMounts | list | `[]` | Additionnal volume mounts added to Pod containers of the TLS Secrets exporter (combined with global `extraVolumeMounts`) | | secretsExporter.secretTypes | list | check `values.yaml` | Which type of Secrets should be watched ; "key" is the map key in the secret data | | secretsExporter.includeNamespaces | list | `[]` | Restrict the list of namespaces the TLS Secrets exporter should scan for certificates to watch (all namespaces if empty) | | secretsExporter.excludeNamespaces | list | `[]` | Exclude namespaces from being scanned by the TLS Secrets exporter (evaluated after `includeNamespaces`) | @@ -350,6 +352,8 @@ in the container namespace. | hostPathsExporter.podAnnotations | object | `{}` | Annotations added to Pods of hostPath exporters (default for all hostPathsExporter.daemonSets) | | hostPathsExporter.podSecurityContext | object | `{}` | PodSecurityContext for Pods of hostPath exporters (default for all hostPathsExporter.daemonSets) | | hostPathsExporter.securityContext | object | check `values.yaml` | SecurityContext for containers of hostPath exporters (default for all hostPathsExporter.daemonSets) | +| hostPathsExporter.extraVolumes | list | `[]` | Additionnal volumes added to Pods of hostPath exporters (default for all hostPathsExporter.daemonSets ; combined with global `extraVolumes`) | +| hostPathsExporter.extraVolumeMounts | list | `[]` | Additionnal volume mounts added to Pod containers of hostPath exporters (default for all hostPathsExporter.daemonSets ; combined with global `extraVolumes`) | | hostPathsExporter.watchDirectories | list | `[]` | [SEE README] List of directory paths of the host to scan for PEM encoded certificate files to be watched and exported as metrics (one level deep) | | hostPathsExporter.watchFiles | list | `[]` | [SEE README] List of file paths of the host for PEM encoded certificates to be watched and exported as metrics (one level deep) | | hostPathsExporter.watchKubeconfFiles | list | `[]` | [SEE README] List of Kubeconf file paths of the host to scan for embedded certificates to export metrics about | @@ -388,6 +392,8 @@ in the container namespace. | extraLabels | object | `{}` | Additional labels added to all chart objects | | podExtraLabels | object | `{}` | Additional labels added to all Pods | | podAnnotations | object | `{}` | Annotations added to all Pods | +| extraVolumes | list | `[]` | Additionnal volumes added to all Pods (see also the `secretsExporter` and `hostPathsExporter` variants) | +| extraVolumeMounts | list | `[]` | Additionnal volume mounts added to all Pod containers (see also the `secretsExporter` and `hostPathsExporter` variants) | | psp.create | bool | `false` | Should Pod Security Policy objects be created | | rbac.create | bool | `true` | Should RBAC objects be created | | rbac.secretsExporter.serviceAccountName | string | `nil` | Name of the ServiceAccount for the Secrets exporter (required if `rbac.create=false`) | diff --git a/deploy/charts/x509-certificate-exporter/templates/daemonset.yaml b/deploy/charts/x509-certificate-exporter/templates/daemonset.yaml index aa8b677..1e2574f 100644 --- a/deploy/charts/x509-certificate-exporter/templates/daemonset.yaml +++ b/deploy/charts/x509-certificate-exporter/templates/daemonset.yaml @@ -1,5 +1,7 @@ {{- with .Values.hostPathsExporter.daemonSets }} {{- range $dsName, $dsDef := . }} +{{- $extraVolumes := concat ( default $.Values.hostPathsExporter.extraVolumes $dsDef.extraVolumes ) $.Values.extraVolumes }} +{{- $extraVolumeMounts := concat ( default $.Values.hostPathsExporter.extraVolumeMounts $dsDef.extraVolumeMounts ) $.Values.extraVolumeMounts }} --- apiVersion: apps/v1 kind: DaemonSet @@ -115,6 +117,9 @@ spec: #subPath: {{ . | base }} readOnly: true {{- end }} + {{- range $extraVolumeMounts }} + - {{ tpl (. | toYaml) $ | indent 10 | trim }} + {{- end }} {{- if not $.Values.rbacProxy.enabled }} ports: - name: metrics @@ -165,5 +170,8 @@ spec: path: {{ . | clean | dir }} type: Directory {{- end }} + {{- range $extraVolumes }} + - {{ tpl (. | toYaml) $ | indent 8 | trim }} + {{- end }} {{- end }} {{- end }} diff --git a/deploy/charts/x509-certificate-exporter/templates/deployment.yaml b/deploy/charts/x509-certificate-exporter/templates/deployment.yaml index fff7db1..6d09fb7 100644 --- a/deploy/charts/x509-certificate-exporter/templates/deployment.yaml +++ b/deploy/charts/x509-certificate-exporter/templates/deployment.yaml @@ -1,3 +1,5 @@ +{{- $extraVolumes := concat .Values.secretsExporter.extraVolumes .Values.extraVolumes }} +{{- $extraVolumeMounts := concat .Values.secretsExporter.extraVolumeMounts .Values.extraVolumeMounts }} {{- if .Values.secretsExporter.enabled }} apiVersion: {{ include "capabilities.deployment.apiVersion" . }} kind: Deployment @@ -70,6 +72,12 @@ spec: {{- end }} image: {{ include "x509-certificate-exporter.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with $extraVolumeMounts }} + volumeMounts: + {{- range $extraVolumeMounts }} + - {{ tpl (. | toYaml) $ | indent 10 | trim }} + {{- end }} + {{- end }} args: {{- if .Values.secretsExporter.debugMode }} - --debug @@ -136,4 +144,10 @@ spec: {{- . | toYaml | trim | nindent 10 }} {{- end }} {{- end }} + {{- with $extraVolumes }} + volumes: + {{- range $extraVolumes }} + - {{ tpl (. | toYaml) $ | indent 8 | trim }} + {{- end }} + {{- end }} {{- end }} diff --git a/deploy/charts/x509-certificate-exporter/values.yaml b/deploy/charts/x509-certificate-exporter/values.yaml index d4463a1..9aec1a3 100644 --- a/deploy/charts/x509-certificate-exporter/values.yaml +++ b/deploy/charts/x509-certificate-exporter/values.yaml @@ -83,6 +83,11 @@ secretsExporter: capabilities: drop: - ALL + # -- Additionnal volumes added to Pods of the TLS Secrets exporter (combined with global `extraVolumes`) + extraVolumes: [] + # -- Additionnal volume mounts added to Pod containers of the TLS Secrets exporter (combined with global `extraVolumeMounts`) + extraVolumeMounts: [] + # -- Which type of Secrets should be watched ; "key" is the map key in the secret data # @default -- check `values.yaml` @@ -142,6 +147,10 @@ hostPathsExporter: capabilities: drop: - ALL + # -- Additionnal volumes added to Pods of hostPath exporters (default for all hostPathsExporter.daemonSets ; combined with global `extraVolumes`) + extraVolumes: [] + # -- Additionnal volume mounts added to Pod containers of hostPath exporters (default for all hostPathsExporter.daemonSets ; combined with global `extraVolumes`) + extraVolumeMounts: [] # -- [SEE README] List of directory paths of the host to scan for PEM encoded certificate files to be watched and exported as metrics (one level deep) watchDirectories: [] @@ -246,6 +255,11 @@ podAnnotations: {} # prometheus.io/port: "9793" # prometheus.io/scrape: "true" +# -- Additionnal volumes added to all Pods (see also the `secretsExporter` and `hostPathsExporter` variants) +extraVolumes: [] +# -- Additionnal volume mounts added to all Pod containers (see also the `secretsExporter` and `hostPathsExporter` variants) +extraVolumeMounts: [] + psp: # -- Should Pod Security Policy objects be created create: false