From 7456164df03469f0e7eeb338d4dc75dd4b2bebf1 Mon Sep 17 00:00:00 2001 From: Benjamin Runnels Date: Sun, 21 Jan 2024 06:39:13 -0600 Subject: [PATCH] feat: add pre-defined secrets to csi-driver-smb addon (#1215) * added ability to use pre-defined secrets * renamed variables to existing_secret_name and existing_secret_namespace --- .github/tests/addons.yaml | 28 ++++++++++++++++++- .../csi-driver-smb/app/secrets.sops.yaml.j2 | 2 ++ .../csi-driver-smb/app/storageclass.yaml.j2 | 6 +++- bootstrap/vars/addons.sample.yaml | 2 ++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/.github/tests/addons.yaml b/.github/tests/addons.yaml index c1b44a1ba9d..8bb8cedcb28 100644 --- a/.github/tests/addons.yaml +++ b/.github/tests/addons.yaml @@ -26,7 +26,32 @@ csi_driver_nfs: csi_driver_smb: enabled: true storage_class: - - name: fake + - name: fake1 + source: //localhost/fake + username: fake + password: fake + file_mode: 0755 + dir_mode: 0644 + uid: 100 + gid: 100 + - name: fake2 + source: //localhost/fake + file_mode: 0755 + dir_mode: 0644 + uid: 100 + gid: 100 + existing_secret_name: fake + existing_secret_namespace: fake + - name: fake3 + source: //localhost/fake + username: fake + password: fake + file_mode: 0755 + dir_mode: 0644 + uid: 100 + gid: 100 + existing_secret_name: fake + - name: fake4 source: //localhost/fake username: fake password: fake @@ -34,6 +59,7 @@ csi_driver_smb: dir_mode: 0644 uid: 100 gid: 100 + existing_secret_namespace: fake system_upgrade_controller: enabled: true diff --git a/bootstrap/templates/kubernetes/apps/storage/csi-driver-smb/app/secrets.sops.yaml.j2 b/bootstrap/templates/kubernetes/apps/storage/csi-driver-smb/app/secrets.sops.yaml.j2 index ce71f8ef29c..3051d646745 100644 --- a/bootstrap/templates/kubernetes/apps/storage/csi-driver-smb/app/secrets.sops.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/storage/csi-driver-smb/app/secrets.sops.yaml.j2 @@ -1,5 +1,6 @@ #% if csi_driver_smb|default({}) and csi_driver_smb.enabled|default(false) %# #% for item in csi_driver_smb.storage_class %# +#% if not item.existing_secret_name %# --- apiVersion: v1 kind: Secret @@ -8,5 +9,6 @@ metadata: stringData: username: "#{ item.username }#" password: "#{ item.password }#" +#% endif %# #% endfor %# #% endif %# diff --git a/bootstrap/templates/kubernetes/apps/storage/csi-driver-smb/app/storageclass.yaml.j2 b/bootstrap/templates/kubernetes/apps/storage/csi-driver-smb/app/storageclass.yaml.j2 index 44ee343231f..8060d742e35 100644 --- a/bootstrap/templates/kubernetes/apps/storage/csi-driver-smb/app/storageclass.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/storage/csi-driver-smb/app/storageclass.yaml.j2 @@ -8,8 +8,12 @@ metadata: provisioner: smb.csi.k8s.io parameters: source: "#{ item.source }#" - csi.storage.k8s.io/node-stage-secret-name: "#{ item.name }#-secret" + csi.storage.k8s.io/node-stage-secret-name: "#{ item.existing_secret_name|default(item.name+"-secret") }#" + #% if item.existing_secret_name and item.existing_secret_namespace %# + csi.storage.k8s.io/node-stage-secret-namespace: "#{ item.existing_secret_namespace }#" + #% else %# csi.storage.k8s.io/node-stage-secret-namespace: "storage" + #% endif %# createSubDir: "false" reclaimPolicy: Retain volumeBindingMode: Immediate diff --git a/bootstrap/vars/addons.sample.yaml b/bootstrap/vars/addons.sample.yaml index c2ff7ed215d..80314fe48dc 100644 --- a/bootstrap/vars/addons.sample.yaml +++ b/bootstrap/vars/addons.sample.yaml @@ -48,6 +48,8 @@ csi_driver_smb: # file_mode: # default 0666 # uid: # default 1000 # gid: # default 1000 + # existing_secret_name: # If this is defined the username and password are ignored and the secret is not created + # existing_secret_namespace: # default storage. Ignored if existing_secret_name is not set # ... # https://github.com/rancher/system-upgrade-controller