[TT-9291] Add extraVolume and extraVolumeMounts (#638)

* Add extra volume and volumeMounts to helm Signed-off-by: Burak Sekili <[email protected]> * add extraVolume and extraVolumeMounts options to helm Signed-off-by: Burak Sekili <[email protected]> * Fix indentation issue Signed-off-by: Burak Sekili <[email protected]> * Update CHANGELOG.md --------- Signed-off-by: Burak Sekili <[email protected]>
TykTechnologies · Jul 13, 2023 · 2692ac2 · 2692ac2
1 parent 1a97ec4
commit 2692ac2
Show file tree

Hide file tree

Showing 7 changed files with 75 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@
 - Added `disabled` feature in `validate_json` field of APIDefinition. 
 - Added a new Status resource called `latestTransaction` to the APIDefinition CRD which holds information about 
 last reconciliation. Now, any error can be observed there instead of checking Tyk Operator logs.
+- Added `extraVolume` and `extraVolumeMounts` options to the helm chart. So, extra volumes can be mounted in Tyk Operator's manager pod, e.g., self-signed certificates.
 
 **Fixed**
 - Check if certificate already exists on tyk before uploading

diff --git a/config/helm/kustomization.yaml b/config/helm/kustomization.yaml
@@ -39,6 +39,10 @@ patchesStrategicMerge:
   - manager_env_vars_patch.yaml
   # add custom node selector
   - manager_node_selector_patch.yaml
+  # add extraVolume for manager pod
+  - manager_extra_volume.yaml
+  # add extraVolumeMounts for manager pod
+  - manager_extra_volumemounts.yaml
 
   # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
   # crd/kustomization.yaml

diff --git a/config/helm/manager_extra_volume.yaml b/config/helm/manager_extra_volume.yaml
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      volumes:
+        - name: CONTROLLER_MANAGER_EXTRA_VOLUME
diff --git a/config/helm/manager_extra_volumemounts.yaml b/config/helm/manager_extra_volumemounts.yaml
@@ -0,0 +1,13 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: manager
+          volumeMounts:
+            - mountPath: CONTROLLER_MANAGER_EXTRA_VOLUMEMOUNTS
+
diff --git a/hack/helm/pre_helm.go b/hack/helm/pre_helm.go
@@ -22,6 +22,8 @@ func main() {
 		{securityContext, securityContextTPL},
 		{imageRBAC, imageRBACTPL},
 		{nodeSelector, nodeSelectorTPL},
+		{extraVolume, extraVolumeTPL},
+		{extraVolumeMounts, extraVolumeMountsTPL},
 
 		{"OPERATOR_FULLNAME", `{{ include "tyk-operator-helm.fullname" . }}`},
 		{"RELEASE_NAMESPACE", "{{ .Release.Namespace }}"},
@@ -127,3 +129,15 @@ const nodeSelectorTPL = `{{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
 {{- end }}`
+
+const extraVolume = `- name: CONTROLLER_MANAGER_EXTRA_VOLUME`
+
+const extraVolumeTPL = `{{ if .Values.extraVolumes }}
+       {{ toYaml .Values.extraVolumes | nindent 6 }}
+        {{ end }}`
+
+const extraVolumeMounts = `- mountPath: CONTROLLER_MANAGER_EXTRA_VOLUMEMOUNTS`
+
+const extraVolumeMountsTPL = `{{ if .Values.extraVolumeMounts }}
+            {{ toYaml .Values.extraVolumeMounts | nindent 8}}
+          {{ end }}`
diff --git a/helm/templates/all.yaml b/helm/templates/all.yaml
@@ -459,6 +459,9 @@ spec:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
+        {{ if .Values.extraVolumeMounts }}
+            {{ toYaml .Values.extraVolumeMounts | nindent 8}}
+          {{ end }}
         - mountPath: /controller_manager_config.yaml
           name: manager-config
           subPath: controller_manager_config.yaml
@@ -491,6 +494,9 @@ spec:
         secret:
           defaultMode: 420
           secretName: webhook-server-cert
+      {{ if .Values.extraVolumes }}
+       {{ toYaml .Values.extraVolumes | nindent 6 }}
+        {{ end }}
       - configMap:
           name: {{ include "tyk-operator-helm.fullname" . }}-manager-config
         name: manager-config

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -1,4 +1,5 @@
 replicaCount: 1
+
 # loads environment variables to the operator.
 envFrom:
   - secretRef:
@@ -12,22 +13,46 @@ image:
   repository: tykio/tyk-operator
   pullPolicy: IfNotPresent
   tag: "v0.14.2"
-imagePullSecrets: []
+
 nameOverride: ""
 fullnameOverride: ""
+
+# extraVolumes is a list of volumes to be added to the pod
+# extraVolumes:
+#   - name: ca-certs
+#     secret:
+#       secretName: ca-certs
+#   - name: ca-certs
+#     configMap:
+#       name: custom-ca-configmap
+extraVolumes: []
+
+# extraVolumeMounts is a list of volume mounts to be added to the pod
+# extraVolumeMounts:
+#   - name: ca-certs
+#     mountPath: /etc/ssl/certs/your-cert.pem
+#     subPath: your-cert.pem
+#     readOnly: false
+extraVolumeMounts: []
+
 # healthProbePort identifies the port the Controller Manager will listen on. Used by liveness and readiness probes
 healthProbePort: 8081
+
 # metricsPort identifies the port on which Tyk Operator metrics are served
 metricsPort: 8080
+
 # webhookPort identifies the port on which webhooks are handled
 webhookPort: 9443
+
 annotations: {}
 podAnnotations: {}
 podSecurityContext:
   allowPrivilegeEscalation: false
 resources: {}
 nodeSelector: {}
-#specify necessary resources for kube-rbac-proxy container
+hostNetwork: false
+
+# rbac specifies necessary resources for kube-rbac-proxy container
 rbac:
   resources: {}
   # specify custom/internal repo name for kube-rbac-proxy container