natsBox: only create contents secret if used

Signed-off-by: Caleb Lloyd <caleb@synadia.com>
nats-io · May 2, 2023 · ae1f727 · ae1f727
1 parent df73e11
commit ae1f727
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 18 deletions.
diff --git a/helm/charts/nats/files/nats-box/deployment/container.yaml b/helm/charts/nats/files/nats-box/deployment/container.yaml
@@ -28,8 +28,10 @@ args:
 volumeMounts:
 - name: contexts
   mountPath: /etc/nats-contexts
+{{- if .hasContentsSecret }}
 - name: contents
   mountPath: /etc/nats-contents
+{{- end }}
 {{- range (include "natsBox.secretNames" $ | fromJson).secretNames }}
 - name: {{ .name | quote }}
   mountPath: {{ .dir | quote }}

diff --git a/helm/charts/nats/files/nats-box/deployment/pod-template.yaml b/helm/charts/nats/files/nats-box/deployment/pod-template.yaml
@@ -22,9 +22,11 @@ spec:
     secret:
       secretName: {{ .Values.natsBox.contextsSecret.name }}
   # contents secret
+  {{- if .hasContentsSecret }}
   - name: contents
     secret:
       secretName: {{ .Values.natsBox.contentsSecret.name }}
+  {{- end }}
   # secrets
   {{- range (include "natsBox.secretNames" $ | fromJson).secretNames }}
   - name: {{ .name | quote }}

diff --git a/helm/charts/nats/templates/_helpers.tpl b/helm/charts/nats/templates/_helpers.tpl
@@ -55,14 +55,19 @@ Set default values.
   {{- $values := get (include "tplYaml" (dict "doc" .Values "ctx" $) | fromJson) "doc" }}
   {{- $_ := set . "Values" $values }}
 
+  {{- $hasContentsSecret := false }}
   {{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }}
-  {{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }}
-    {{- $secret := get $ctxVal $secretKey }}
-    {{- if $secret }}
-    {{- $_ := set $secret "dir" ($secret.dir | default (printf "/etc/%s/%s" $secretVal $ctxKey)) }}
+    {{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }}
+      {{- $secret := get $ctxVal $secretKey }}
+      {{- if $secret }}
+        {{- $_ := set $secret "dir" ($secret.dir | default (printf "/etc/%s/%s" $secretVal $ctxKey)) }}
+        {{- if $secret.contents }}
+          {{- $hasContentsSecret = true }}
+        {{- end }}
+      {{- end }}
     {{- end }}
   {{- end }}
-  {{- end }}
+  {{- $_ := set $ "hasContentsSecret" $hasContentsSecret }}
 
   {{- with .Values.config }}
   {{- $config := include "nats.loadMergePatch" (merge (dict "file" "config/config.yaml" "ctx" $) .) | fromYaml }}

diff --git a/helm/charts/nats/templates/nats-box/contents-secret.yaml b/helm/charts/nats/templates/nats-box/contents-secret.yaml
@@ -1,8 +1,10 @@
 {{- include "nats.defaultValues" . }}
+{{- if .hasContentsSecret }}
 {{- with .Values.natsBox }}
 {{- if .enabled }}
 {{- with .contentsSecret}}
 {{- include "nats.loadMergePatch" (merge (dict "file" "nats-box/contents-secret.yaml" "ctx" $) .) }}
 {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}
diff --git a/helm/charts/nats/test/defaults_test.go b/helm/charts/nats/test/defaults_test.go
@@ -215,7 +215,7 @@ func DefaultResources(t *testing.T, test *Test) *Resources {
 		},
 		NatsBoxContentsSecret: Resource[corev1.Secret]{
 			ID:       dr.NatsBoxContentsSecret.ID,
-			HasValue: true,
+			HasValue: false,
 			Value: corev1.Secret{
 				TypeMeta: v1.TypeMeta{
 					Kind:       "Secret",
@@ -299,10 +299,6 @@ exec sh -ec "$0"
 											MountPath: "/etc/nats-contexts",
 											Name:      "contexts",
 										},
-										{
-											MountPath: "/etc/nats-contents",
-											Name:      "contents",
-										},
 									},
 								},
 							},
@@ -316,14 +312,6 @@ exec sh -ec "$0"
 										},
 									},
 								},
-								{
-									Name: "contents",
-									VolumeSource: corev1.VolumeSource{
-										Secret: &corev1.SecretVolumeSource{
-											SecretName: "nats-box-contents",
-										},
-									},
-								},
 							},
 						},
 					},

diff --git a/helm/charts/nats/test/resources_test.go b/helm/charts/nats/test/resources_test.go
@@ -195,6 +195,10 @@ natsBox:
 	nbCtr.Image = "docker.io/" + nbCtr.Image
 	nbCtr.ImagePullPolicy = "Always"
 	nbCtr.VolumeMounts = append(nbCtr.VolumeMounts,
+		corev1.VolumeMount{
+			MountPath: "/etc/nats-contents",
+			Name:      "contents",
+		},
 		corev1.VolumeMount{
 			Name:      "ctx-loadedSecret-creds",
 			MountPath: "/etc/nats-creds/loadedSecret",
@@ -212,6 +216,14 @@ natsBox:
 
 	nbVol := expected.NatsBoxDeployment.Value.Spec.Template.Spec.Volumes
 	nbVol = append(nbVol,
+		corev1.Volume{
+			Name: "contents",
+			VolumeSource: corev1.VolumeSource{
+				Secret: &corev1.SecretVolumeSource{
+					SecretName: "nats-box-contents",
+				},
+			},
+		},
 		corev1.Volume{
 			Name: "ctx-loadedSecret-creds",
 			VolumeSource: corev1.VolumeSource{
@@ -261,6 +273,7 @@ natsBox:
 }
 `
 
+	expected.NatsBoxContentsSecret.HasValue = true
 	expected.NatsBoxContentsSecret.Value.ObjectMeta.Labels["global"] = "global"
 	expected.NatsBoxContentsSecret.Value.StringData = map[string]string{
 		"loadedContents.creds": "aabbcc",