Browse Source

chart: move gitconfig to secrets

- update docs
- add tests
Benjamin Ash 3 months ago
parent
commit
f6b982d255

+ 3
- 0
chart/flux/README.md View File

@@ -213,6 +213,9 @@ The following tables lists the configurable parameters of the Weave Flux chart a
213 213
 | `git.pollInterval`                                | `5m`                                                 | Period at which to poll git repo for new commits
214 214
 | `git.timeout`                                     | `20s`                                                | Duration after which git operations time out
215 215
 | `git.secretName`                                  | `None`                                               | Kubernetes secret with the SSH private key. Superceded by `helmOperator.git.secretName` if set.
216
+| `git.config.enabled`                              | `false`                                              | Mount `$HOME/.gitconfig` via Secret into the Flux and HelmOperator Pods, allowing for custom global Git configuration
217
+| `git.config.secretName`                           | `Computed`                                           | Kubernetes secret with the global Git configuration
218
+| `git.config.data`                                 | `None`                                               | Global Git configuration per [git-config](https://git-scm.com/docs/git-config)
216 219
 | `gpgKeys.secretName`                              | `None`                                               | Kubernetes secret with GPG keys the Flux daemon should import
217 220
 | `ssh.known_hosts`                                 | `None`                                               | The contents of an SSH `known_hosts` file, if you need to supply host key(s)
218 221
 | `registry.pollInterval`                           | `5m`                                                 | Period at which to check for updated images

+ 13
- 0
chart/flux/templates/_helpers.tpl View File

@@ -60,3 +60,16 @@ repositories:
60 60
   username: "{{ .username | default "" }}"
61 61
 {{- end }}
62 62
 {{- end -}}
63
+
64
+{{/*
65
+Create the name of the Git config Secret.
66
+*/}}
67
+{{- define "git.config.secretName" -}}
68
+{{- if .Values.git.config.enabled }}
69
+    {{- if .Values.git.config.secretName -}}
70
+        {{ default "default" .Values.git.config.secretName }}
71
+    {{- else -}}
72
+        {{ default (printf "%s-git-config" (include "flux.fullname" .)) }}
73
+{{- end -}}
74
+{{- end }}
75
+{{- end }}

+ 8
- 7
chart/flux/templates/deployment.yaml View File

@@ -41,10 +41,11 @@ spec:
41 41
           name: {{ template "flux.fullname" . }}-ssh-config
42 42
           defaultMode: 0600
43 43
       {{- end }}
44
-      {{- if .Values.git.config }}
45
-      - name: gitconfig
46
-        configMap:
47
-          name: {{ template "flux.fullname" . }}-gitconfig
44
+      {{- if .Values.git.config.enabled }}
45
+      - name: git-config
46
+        secret:
47
+          secretName: {{ include "git.config.secretName" . }}
48
+          defaultMode: 0400
48 49
       {{- end }}
49 50
       - name: git-key
50 51
         secret:
@@ -100,10 +101,10 @@ spec:
100 101
             mountPath: /root/.ssh
101 102
             readOnly: true
102 103
           {{- end }}
103
-          {{- if .Values.git.config }}
104
-          - name: gitconfig
104
+          {{- if .Values.git.config.enabled }}
105
+          - name: git-config
105 106
             mountPath: /root/.gitconfig
106
-            subPath: .gitconfig
107
+            subPath: gitconfig
107 108
             readOnly: true
108 109
           {{- end }}
109 110
           - name: git-key

+ 5
- 11
chart/flux/templates/gitconfig.yaml View File

@@ -1,15 +1,9 @@
1
-{{- if .Values.git.config -}}
1
+{{- if .Values.git.config.enabled -}}
2 2
 apiVersion: v1
3
-kind: ConfigMap
3
+kind: Secret
4 4
 metadata:
5
-  name: {{ template "flux.fullname" . }}-gitconfig
5
+  name: {{ include "git.config.secretName" . }}
6
+type: Opaque
6 7
 data:
7
-  .gitconfig: |
8
-    {{- if contains "\n" .Values.git.config }}
9
-      {{- range $value := .Values.git.config | splitList "\n" }}
10
-        {{ print $value }}
11
-      {{- end }}
12
-    {{- else }}
13
-      {{ .Values.git.config }}
14
-    {{- end }}
8
+  gitconfig: {{ .Values.git.config.data | b64enc }}
15 9
 {{- end -}}

+ 8
- 7
chart/flux/templates/helm-operator-deployment.yaml View File

@@ -41,10 +41,11 @@ spec:
41 41
           name: {{ template "flux.fullname" . }}-ssh-config
42 42
           defaultMode: 0600
43 43
       {{- end }}
44
-      {{- if .Values.git.config }}
45
-      - name: gitconfig
46
-        configMap:
47
-          name: {{ template "flux.fullname" . }}-gitconfig
44
+      {{- if .Values.git.config.enabled }}
45
+      - name: git-config
46
+        secret:
47
+          secretName: {{ include "git.config.secretName" . }}
48
+          defaultMode: 0400
48 49
       {{- end }}
49 50
       - name: git-key
50 51
         secret:
@@ -89,10 +90,10 @@ spec:
89 90
           subPath: known_hosts
90 91
           readOnly: true
91 92
         {{- end }}
92
-        {{- if .Values.git.config }}
93
-        - name: gitconfig
93
+        {{- if .Values.git.config.enabled }}
94
+        - name: git-config
94 95
           mountPath: /root/.gitconfig
95
-          subPath: .gitconfig
96
+          subPath: gitconfig
96 97
           readOnly: true
97 98
         {{- end }}
98 99
         - name: git-key

+ 7
- 4
chart/flux/values.yaml View File

@@ -138,10 +138,13 @@ git:
138 138
   # set the secret name (flux-ssh) below
139 139
   secretName: ""
140 140
   # Global Git configuration See https://git-scm.com/docs/git-config for more details.
141
-  config: ""
142
-  # config: |
143
-  #   [credential "https://github.com"]
144
-  #           username = foo
141
+  config:
142
+    enabled: false
143
+    secretName: ""
144
+    data: ""
145
+    # data: |
146
+    #   [credential "https://github.com"]
147
+    #           username = foo
145 148
 
146 149
 registry:
147 150
   # Period at which to check for updated images

+ 27
- 1
test/e2e/e2e-flux-chart.sh View File

@@ -5,6 +5,7 @@ set -o errexit
5 5
 export KUBECONFIG="$(kind get kubeconfig-path --name="kind")"
6 6
 REPO_ROOT=$(git rev-parse --show-toplevel)
7 7
 KNOWN_HOSTS=$(cat ${REPO_ROOT}/test/e2e/known_hosts)
8
+GITCONFIG=$(cat ${REPO_ROOT}/test/e2e/gitconfig)
8 9
 
9 10
 echo ">>> Loading $(docker/image-tag) into the cluster"
10 11
 kind load docker-image "docker.io/weaveworks/flux:$(docker/image-tag)"
@@ -17,6 +18,9 @@ helm install --name flux --wait \
17 18
 --set git.url=ssh://git@gitsrv/git-server/repos/cluster.git \
18 19
 --set git.secretName=ssh-git \
19 20
 --set git.pollInterval=30s \
21
+--set git.config.secretName=gitconfig \
22
+--set git.config.enabled=true \
23
+--set-string git.config.data="${GITCONFIG}" \
20 24
 --set helmOperator.tag=$(docker/image-tag) \
21 25
 --set helmOperator.create=true \
22 26
 --set helmOperator.createCRD=true \
@@ -25,10 +29,32 @@ helm install --name flux --wait \
25 29
 --set-string ssh.known_hosts="${KNOWN_HOSTS}" \
26 30
 ${REPO_ROOT}/chart/flux
27 31
 
28
-echo '>>> Waiting for namespace demo'
32
+echo '>>> Waiting for gitconfig secret'
29 33
 retries=12
30 34
 count=0
31 35
 ok=false
36
+until ${ok}; do
37
+    actual=$(kubectl get secrets -n flux gitconfig -ojsonpath={..data.gitconfig} | base64 -d)
38
+    if [ "${actual}" == "${GITCONFIG}" ]; then
39
+        echo -e "Expected Git configuration deployed\n"
40
+        kubectl get secrets -n flux gitconfig && echo
41
+        ok=true
42
+    else
43
+        ok=false
44
+        sleep 10
45
+    fi
46
+    count=$(($count + 1))
47
+    if [[ ${count} -eq ${retries} ]]; then
48
+        kubectl -n flux get secrets
49
+        echo "No more retries left"
50
+        exit 1
51
+    fi
52
+done
53
+
54
+echo '>>> Waiting for namespace demo'
55
+retries=12
56
+count=1
57
+ok=false
32 58
 until ${ok}; do
33 59
     kubectl describe ns/demo && ok=true || ok=false
34 60
     sleep 10

+ 2
- 0
test/e2e/gitconfig View File

@@ -0,0 +1,2 @@
1
+[core]
2
+    editor = vim

Loading…
Cancel
Save