Skip to content

Commit

Permalink
Add initContainer volume permission support
Browse files Browse the repository at this point in the history
  • Loading branch information
firmansyahn authored Jun 8, 2022
1 parent d614692 commit aaccf73
Show file tree
Hide file tree
Showing 3 changed files with 286 additions and 244 deletions.
42 changes: 24 additions & 18 deletions charts/freeradius/templates/Deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,24 +67,31 @@ spec:
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.initContainers }}
initContainers:
- name: take-data-dir-ownership
image: busybox:latest
command:
- sh
- -c
- |-
whoami
ls -liah /startechnica/freeradius/mods-enabled
ls -liah /startechnica/freeradius/sites-enabled
sleep 2
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: {{ include "freeradius.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
args:
- -ec
- |
mkdir -p /etc/freeradius
chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" /etc/freeradius
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: freeradius-mods
mountPath: /startechnica/freeradius/mods-enabled
- name: freeradius-sites
mountPath: /startechnica/freeradius/sites-enabled
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
- name: raddb
mountPath: /etc/freeradius
{{- end }}
{{- end }}
containers:
- name: freeradius
Expand Down Expand Up @@ -268,5 +275,4 @@ spec:
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
---
{{- end }}
38 changes: 18 additions & 20 deletions charts/freeradius/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -10,30 +10,35 @@ If release name contains chart name it will be used as a full name.
*/}}
{{- define "freeradius.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end -}}

{{/* Create chart name and version as used by the chart label. */}}
{{- define "freeradius.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end -}}

{{/* Return the proper FreeRADIUS image name */}}
{{- define "freeradius.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}

{{/* Return the proper image name (for the init container volume-permissions image) */}}
{{- define "freeradius.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}

{{/* Return the proper Docker Image Registry Secret Names */}}
{{- define "freeradius.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
{{- end -}}

{{/* Common labels */}}
Expand Down Expand Up @@ -61,20 +66,16 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- end }}

{{/*
Return the path to the cert file.
*/}}
{{/* Return the path to the cert file. */}}
{{- define "freeradius.tlsCert" -}}
{{- if and .Values.tls.enabled .Values.tls.autoGenerated }}
{{- printf "/startechnica/freeradius/certs/tls.crt" -}}
{{- printf "/startechnica/freeradius/certs/tls.crt" -}}
{{- else -}}
{{- printf "/startechnica/freeradius/certs/%s" .Values.tls.certFilename -}}
{{- printf "/startechnica/freeradius/certs/%s" .Values.tls.certFilename -}}
{{- end -}}
{{- end -}}

{{/*
Return the path to the cert key file.
*/}}
{{/* Return the path to the cert key file. */}}
{{- define "freeradius.tlsCertKey" -}}
{{- if and .Values.tls.enabled .Values.tls.autoGenerated }}
{{- printf "/startechnica/freeradius/certs/tls.key" -}}
Expand All @@ -83,9 +84,7 @@ Return the path to the cert key file.
{{- end -}}
{{- end -}}

{{/*
Return the path to the CA cert file.
*/}}
{{/* Return the path to the CA cert file. */}}
{{- define "freeradius.tlsCACert" -}}
{{- if and .Values.tls.enabled .Values.tls.autoGenerated }}
{{- printf "/startechnica/freeradius/certs/ca.crt" -}}
Expand Down Expand Up @@ -120,8 +119,7 @@ freeradius: tls.enabled
{{- end }}
{{- end -}}

{{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}}
{{- define "freeradius.mariadb.fullname" -}}
{{- include "common.names.dependency.fullname" (dict "chartName" "mariadb" "chartValues" .Values.mariadb "context" $) -}}
{{- end -}}
Expand Down
Loading

0 comments on commit aaccf73

Please sign in to comment.