Use a projeted volume for mounting secrets

This is a no-op change by itself but paves the way to simplifying how we load secrets in the next few commits.
7oku · Sep 9, 2021 · e553e00 · e553e00
1 parent 8f41c5f
commit e553e00
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 12 deletions.
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
@@ -160,12 +160,27 @@ spec:
           configMap:
             name: {{ include "netbox.fullname" . }}
         - name: secrets
-          secret:
-            {{- if .Values.existingSecret }}
-            secretName: {{ .Values.existingSecret | quote }}
-            {{- else }}
-            secretName: {{ include "netbox.fullname" . }}
-            {{- end }}
+          projected:
+            sources:
+              - secret:
+                  name: {{ .Values.existingSecret | default (include "netbox.fullname" .) | quote }}
+                  items:
+                    # Used by netbox-docker entry scripts
+                    - key: superuser_password
+                      path: superuser_password
+                    - key: superuser_api_token
+                      path: superuser_api_token
+                    # Used by our configuration
+                    - key: email_password
+                      path: email_password
+                    - key: napalm_password
+                      path: napalm_password
+                    - key: secret_key
+                      path: secret_key
+                    {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }}
+                    - key: ldap_bind_password
+                      path: ldap_bind_password
+                    {{- end }}
         - name: netbox-tmp
           emptyDir:
             medium: Memory

diff --git a/templates/worker-deployment.yaml b/templates/worker-deployment.yaml
@@ -119,12 +119,22 @@ spec:
           configMap:
             name: {{ include "netbox.fullname" . }}
         - name: secrets
-          secret:
-            {{- if .Values.existingSecret }}
-            secretName: {{ .Values.existingSecret | quote }}
-            {{- else }}
-            secretName: {{ include "netbox.fullname" . }}
-            {{- end }}
+          projected:
+            sources:
+              - secret:
+                  name: {{ .Values.existingSecret | default (include "netbox.fullname" .) | quote }}
+                  items:
+                    # Used by our configuration
+                    - key: email_password
+                      path: email_password
+                    - key: napalm_password
+                      path: napalm_password
+                    - key: secret_key
+                      path: secret_key
+                    {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }}
+                    - key: ldap_bind_password
+                      path: ldap_bind_password
+                    {{- end }}
         - name: netbox-tmp
           emptyDir:
             medium: Memory