Skip to content

Fixing compatibility between aws.credentials and deployment.extraVolumes #470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 9, 2023
Merged

Fixing compatibility between aws.credentials and deployment.extraVolumes #470

merged 1 commit into from
Oct 9, 2023

Conversation

ericduranddd
Copy link
Contributor

Issue #, if available:

Description of changes:

{{ toYaml .Values.deployment.extraVolumeMounts | nindent 12 }}
was not aligned with the one created above

{{- if .Values.aws.credentials.secretName -}}
removed some indent on the next line when .Values.aws.credentials.secretName existed

{{ end -}}
let an empty line

Using

aws:
  credentials:
    secretName: "aws-creds"
    secretKey: "credentials-file"
    profile: "default"
  region: "us-east-1"

deployment:
  extraVolumes:
    - name: test-volume
      secret:
        secretName: test-secret
  extraVolumeMounts:
    - name: test-volume-mount
      mountPath: /root/
  extraEnvVars: 
    - name: SOMEVAR
      value: somevalue
    - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: mysecret
          key: password
          optional: false

as a values file I get:

# Source: iam-chart/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ack-iam-controller-iam-chart
  namespace: ack-iam-system
  labels:
    app.kubernetes.io/name: iam-chart
    app.kubernetes.io/instance: ack-iam-controller
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/version: "1.2.6"
    k8s-app: iam-chart
    helm.sh/chart: iam-chart-1.2.6
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: iam-chart
      app.kubernetes.io/instance: ack-iam-controller
  template:
    metadata:
      labels:
        app.kubernetes.io/name: iam-chart
        app.kubernetes.io/instance: ack-iam-controller
        app.kubernetes.io/managed-by: Helm
        k8s-app: iam-chart
    spec:
      serviceAccountName: ack-iam-controller
      containers:
      - command:
        - ./bin/controller
        args:
        - --aws-region
        - "$(AWS_REGION)"
        - --aws-endpoint-url
        - "$(AWS_ENDPOINT_URL)"
        - --log-level
        - "$(ACK_LOG_LEVEL)"
        - --resource-tags
        - "$(ACK_RESOURCE_TAGS)"
        - --watch-namespace
        - "$(ACK_WATCH_NAMESPACE)"
        - --deletion-policy
        - "$(DELETION_POLICY)"
        - --reconcile-default-resync-seconds
        - "$(RECONCILE_DEFAULT_RESYNC_SECONDS)"
        image: public.ecr.aws/aws-controllers-k8s/iam-controller:1.2.6
        imagePullPolicy: IfNotPresent
        name: controller
        ports:
          - name: http
            containerPort: 8080
        resources:
          limits:
            cpu: 100m
            memory: 128Mi
          requests:
            cpu: 50m
            memory: 64Mi
        env:
        - name: ACK_SYSTEM_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: AWS_REGION
          value: us-east-1
        - name: AWS_ENDPOINT_URL
          value: ""
        - name: ACK_WATCH_NAMESPACE
          value:
        - name: DELETION_POLICY
          value: delete
        - name: LEADER_ELECTION_NAMESPACE
          value: ""
        - name: ACK_LOG_LEVEL
          value: "info"
        - name: ACK_RESOURCE_TAGS
          value: "services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION%,services.k8s.aws/namespace=%K8S_NAMESPACE%"
        - name: RECONCILE_DEFAULT_RESYNC_SECONDS
          value: "36000"
        - name: AWS_SHARED_CREDENTIALS_FILE
          value: /var/run/secrets/aws/credentials-file
        - name: AWS_PROFILE
          value: default
        - name: SOMEVAR
          value: somevalue
        - name: PASSWORD
          valueFrom:
            secretKeyRef:
              key: password
              name: mysecret
              optional: false
        volumeMounts:
          - name: aws-creds
            mountPath: /var/run/secrets/aws
            readOnly: true
          - mountPath: /root/
            name: test-volume-mount
        securityContext:
          allowPrivilegeEscalation: false
          privileged: false
          runAsNonRoot: true
          capabilities:
            drop:
              - ALL
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      terminationGracePeriodSeconds: 10
      nodeSelector:
        kubernetes.io/os: linux
      hostIPC: false
      hostPID: false
      hostNetwork: false
      dnsPolicy: ClusterFirst
      volumes:
        - name: aws-creds
          secret:
            secretName: aws-creds
        - name: test-volume
          secret:
            secretName: test-secret

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ack-prow ack-prow bot requested review from a-hilaly and jljaco October 3, 2023 15:27
@ack-prow ack-prow bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Oct 3, 2023
@ack-prow
Copy link

ack-prow bot commented Oct 3, 2023

Hi @ericduranddd. Thanks for your PR.

I'm waiting for a aws-controllers-k8s member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@a-hilaly
Copy link
Member

a-hilaly commented Oct 3, 2023

/ok-to-test

@ack-prow ack-prow bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 3, 2023
a-hilaly
a-hilaly approved these changes Oct 9, 2023
View reviewed changes
Copy link
Member

@a-hilaly a-hilaly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch, thank you @ericduranddd !

@ack-prow ack-prow bot added the approved label Oct 9, 2023
@a-hilaly
Copy link
Member

a-hilaly commented Oct 9, 2023

/test all
/lgtm

@ack-prow ack-prow bot added the lgtm Indicates that a PR is ready to be merged. label Oct 9, 2023
@ack-prow
Copy link

ack-prow bot commented Oct 9, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: a-hilaly, ericduranddd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ack-prow ack-prow bot merged commit ca20603 into aws-controllers-k8s:main Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@a-hilaly a-hilaly a-hilaly approved these changes

@jljaco jljaco Awaiting requested review from jljaco

Assignees

@a-hilaly a-hilaly

Labels
approved lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ericduranddd @a-hilaly