Skip to content

Commit

Permalink
Backport customizable vault-agent config
Browse files Browse the repository at this point in the history
  • Loading branch information
@glrf @simu
glrf authored and simu committed Apr 22, 2022
1 parent 9561c23 commit d847bca
Showing 1 changed file with 37 additions and 29 deletions.
66 changes: 37 additions & 29 deletions component/repo-server.jsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,24 +10,32 @@ local deployment = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_
local service = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/repo-server/argocd-repo-server-service.yaml'));
local vault_agent_config = kube.ConfigMap('vault-agent-config') {
data: {
'vault-agent-config.hcl': |||
exit_after_auth = false
auto_auth {
method "kubernetes" {
config = {
role = "%s"
token_path = "/var/run/secrets/syn/token"
}
}
sink "file" {
config = {
path = "/home/vault/.vault-token"
mode = 0644
}
}
}
||| % inv.parameters.secret_management.vault_role,
'vault-agent-config.json': std.manifestJson({
exit_after_auth: false,
auto_auth: {
method: [
{
type: 'kubernetes',
[if std.objectHas(inv.parameters.secret_management, 'vault_auth_mount_path') then 'mount_path']: inv.parameters.secret_management.vault_auth_mount_path,
config: {
role: inv.parameters.secret_management.vault_role,
token_path: '/var/run/secrets/syn/token',
},
},
],
sinks: [
{
sink: {
type: 'file',
config: {
path: '/home/vault/.vault-token',
mode: std.parseOctal('0644'),
},
},
},
],
},
}),
},
};
local objects = [
Expand All @@ -36,7 +44,7 @@ local objects = [
spec+: {
template+: {
spec+: {
initContainers+: [{
initContainers+: [ {
name: 'install-kapitan',
image: params.images.kapitan.image + ':' + params.images.kapitan.tag,
imagePullPolicy: 'Always',
Expand All @@ -46,12 +54,12 @@ local objects = [
'/usr/local/bin/kapitan',
'/custom-tools/',
],
volumeMounts: [{
volumeMounts: [ {
name: 'kapitan-bin',
mountPath: '/custom-tools',
}],
}],
containers: [deployment.spec.template.spec.containers[0] {
} ],
} ],
containers: [ deployment.spec.template.spec.containers[0] {
image: image,
imagePullPolicy: 'IfNotPresent',
command: [
Expand All @@ -63,14 +71,14 @@ local objects = [
env+: com.envList(com.proxyVars {
HOME: '/home/argocd',
}),
volumeMounts+: [{
volumeMounts+: [ {
name: 'kapitan-bin',
mountPath: '/usr/local/bin/kapitan',
subPath: 'kapitan',
}, {
name: 'vault-token',
mountPath: '/home/argocd/',
}],
} ],
}, kube.Container('vault-agent') {
name: 'vault-agent',
image: params.images.vault_agent.image + ':' + params.images.vault_agent.tag,
Expand All @@ -97,8 +105,8 @@ local objects = [
mountPath: '/var/run/secrets/syn/',
},
},
}],
volumes+: [{
} ],
volumes+: [ {
name: 'kapitan-bin',
emptyDir: {},
}, {
Expand All @@ -116,7 +124,7 @@ local objects = [
secret: {
secretName: 'steward',
},
}],
} ],
},
},
},
Expand All @@ -125,7 +133,7 @@ local objects = [
];

{
['%s' % [std.asciiLower(obj.kind)]]: obj {
['%s' % [ std.asciiLower(obj.kind) ]]: obj {
metadata+: {
namespace: params.namespace,
},
Expand Down

0 comments on commit d847bca

Please sign in to comment.