From c7147a616c4654b8c755080b6526f5fa82f5dc66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20Mart=C3=ADn=20Garc=C3=ADa?= Date: Thu, 28 Sep 2023 17:52:32 +0200 Subject: [PATCH] feat: range for secrets and cm --- charts/steampipe/Chart.yaml | 2 +- charts/steampipe/templates/configmap.yaml | 9 +- charts/steampipe/templates/deployment.yaml | 20 ---- charts/steampipe/templates/secret.yaml | 8 +- charts/steampipe/values.yaml | 110 +++++++++++++-------- 5 files changed, 79 insertions(+), 70 deletions(-) diff --git a/charts/steampipe/Chart.yaml b/charts/steampipe/Chart.yaml index 47ca03f..be426c3 100644 --- a/charts/steampipe/Chart.yaml +++ b/charts/steampipe/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: steampipe description: A Helm chart for Kubernetes to deploy Steampipe type: application -version: 1.1.0 +version: 1.2.0 appVersion: "0.20.12" home: https://github.com/devops-ia/helm-charts/tree/main/charts/steampipe sources: diff --git a/charts/steampipe/templates/configmap.yaml b/charts/steampipe/templates/configmap.yaml index 4098284..8e50d70 100644 --- a/charts/steampipe/templates/configmap.yaml +++ b/charts/steampipe/templates/configmap.yaml @@ -1,14 +1,15 @@ {{- if .Values.extraConfig.configMaps.enabled }} +{{ range $secrets := .Values.extraConfig.configMaps.config }} --- apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "steampipe.fullname" . }}-config - labels: - {{- include "steampipe.labels" . | nindent 4 }} + name: {{ .name }} data: -{{- range $key, $value := .Values.extraConfig.configMaps.data }} +{{- range $key, $value := $secrets.data }} {{ $key }}: |- {{ tpl $value $| indent 4 }} +{{- end }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/steampipe/templates/deployment.yaml b/charts/steampipe/templates/deployment.yaml index 5641f9d..4fca3bc 100644 --- a/charts/steampipe/templates/deployment.yaml +++ b/charts/steampipe/templates/deployment.yaml @@ -145,16 +145,6 @@ spec: - name: workspace mountPath: /workspace {{- end }} - {{- if .Values.extraConfig.secrets.enabled }} - - name: secrets - mountPath: /home/steampipe/.steampipe/config/azure.spc - subPath: azure.spc - {{- end }} - {{- if .Values.extraConfig.configMaps.enabled }} - - name: configmaps - mountPath: /home/steampipe/.steampipe/config/azure.spc - subPath: azure.spc - {{- end }} {{- with .Values.extraVolumeMount }} {{- toYaml . | nindent 12 }} {{- end }} @@ -195,16 +185,6 @@ spec: - name: workspace emptyDir: {} {{- end }} - {{- if .Values.extraConfig.secrets.enabled }} - - name: secrets - secret: - secretName: {{ template "steampipe.fullname" . }}-secrets - {{- end }} - {{- if .Values.extraConfig.configMaps.enabled }} - - name: configmaps - configMap: - name: {{ template "steampipe.fullname" . }}-config - {{- end }} {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} \ No newline at end of file diff --git a/charts/steampipe/templates/secret.yaml b/charts/steampipe/templates/secret.yaml index 3c0fa9d..f59f3c6 100644 --- a/charts/steampipe/templates/secret.yaml +++ b/charts/steampipe/templates/secret.yaml @@ -1,15 +1,15 @@ {{- if .Values.extraConfig.secrets.enabled }} +{{ range $secrets := .Values.extraConfig.secrets.config }} --- apiVersion: v1 kind: Secret metadata: - name: {{ template "steampipe.fullname" . }}-secrets - labels: - {{- include "steampipe.labels" . | nindent 4 }} + name: {{ .name }} data: -{{- range $key, $value := .Values.extraConfig.secrets.data }} +{{- range $key, $value := $secrets.data }} {{ $key }}: |- {{ tpl $value $ | b64enc | indent 4 }} +{{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/steampipe/values.yaml b/charts/steampipe/values.yaml index 68ef63f..e528ee2 100644 --- a/charts/steampipe/values.yaml +++ b/charts/steampipe/values.yaml @@ -120,20 +120,26 @@ tolerations: [] affinity: {} extraVolumes: [] -# - name: configmap +# - name: openshift-connection # configMap: -# name: steampipe-config -# - name: secret +# name: openshift-connection +# - name: openshift-kubeconfig # secret: -# secretname: steampipe-secret - +# secretName: openshift-kubeconfig +# - name: azure-connection +# secret: +# secretName: azure-connection -extraVolumeMount: -# - name: configmap -# mountPath: "/home/steampipe/.steampipe/config/azure.spc" -# subPath: azure.spc +extraVolumeMount: [] +# - name: openshift-connection +# mountPath: "/home/steampipe/.steampipe/config/openshift.spc" +# subPath: openshift.spc +# readOnly: true +# - name: openshift-kubeconfig +# mountPath: "/home/steampipe/.kube/config" +# subPath: config # readOnly: true -# - name: secret +# - name: azure-connection # mountPath: "/home/steampipe/.steampipe/config/azure.spc" # readOnly: true # subPath: azure.spc @@ -141,34 +147,51 @@ extraVolumeMount: extraConfig: configMaps: enabled: false - data: - # conections.spc: | - # connection "azure_all" { - # type = "aggregator" - # plugin = "azure" - # connections = ["azure_*"] - # } - # connection "azure_sub_1" { - # plugin = "azure" - # subscription_id = "azure_01" - # } - # connection "azure_sub_2" { - # plugin = "azure" - # subscription_id = "azure_02" - # } + config: + - name: openshift-connection + data: + openshift.spc: | + connection "openshift" { + plugin = "openshift" + config_path = "~/.kube/config" + } secrets: enabled: false - data: - # azure.spc: | - # connection "azure" { - # plugin = "azure" - # environment = "AZUREPUBLICCLOUD" - # tenant_id = "00000000-0000-0000-0000-000000000000" - # subscription_id = "00000000-0000-0000-0000-000000000000" - # client_id = "00000000-0000-0000-0000-000000000000" - # client_secret = "~dummy@3password" - # } + config: + - name: azure-connection + data: + azure.spc: | + connection "azure" { + plugin = "azure" + environment = "AZUREPUBLICCLOUD" + tenant_id = "00000000-0000-0000-0000-000000000000" + subscription_id = "00000000-0000-0000-0000-000000000000" + client_id = "00000000-0000-0000-0000-000000000000" + client_secret = "~dummy@3password" + } + - name: openshift-kubeconfig + data: + config: | + current-context: federal-context + apiVersion: v1 + clusters: + - cluster: + certificate-authority: path/to/my/cafile + server: https://horse.org:4443 + name: horse-cluster + contexts: + - context: + cluster: horse-cluster + namespace: chisel-ns + user: green-user + name: federal-context + kind: Config + users: + - name: green-user + user: + client-certificate: path/to/my/client/cert + client-key: path/to/my/client/key initContainer: image: @@ -181,20 +204,25 @@ initContainer: runAsNonRoot: true runAsUser: 9193 - # Ref: https://hub.steampipe.io/plugins plugins: [] + ## Ref: https://hub.steampipe.io/plugins # - "azure" # - "azuread" + # - "openshift" + # - "terraform" - # Ref: https://hub.steampipe.io/mods mods: [] + ## Ref: https://hub.steampipe.io/mods # - "github.com/turbot/steampipe-mod-azure-insights" + # - "github.com/turbot/steampipe-mod-azure-compliance" + # - "github.com/turbot/steampipe-mod-azure-tags" + # - "github.com/turbot/steampipe-mod-terraform-azure-compliance" resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi