From 20f5c747df735d4c1f73cfbc338f35770f54c05d Mon Sep 17 00:00:00 2001 From: PseudoResonance Date: Wed, 3 Apr 2024 03:52:11 -0700 Subject: [PATCH] Add support for crypto store PVC to helm chart Signed-off-by: PseudoResonance --- helm/hookshot/README.md | 1 + helm/hookshot/templates/_pod.tpl | 9 +++++++++ helm/hookshot/templates/pvc.yaml | 21 +++++++++++++++++++++ helm/hookshot/values.yaml | 9 +++++++++ 4 files changed, 40 insertions(+) create mode 100644 helm/hookshot/templates/pvc.yaml diff --git a/helm/hookshot/README.md b/helm/hookshot/README.md index 53445c0d3..abedef867 100644 --- a/helm/hookshot/README.md +++ b/helm/hookshot/README.md @@ -105,6 +105,7 @@ You'll need to configure your Ingress connectivity according to your environment | podSecurityContext | object | `{}` | Pod security context settings | | replicaCount | int | `1` | Number of replicas to deploy. Consequences of using multiple Hookshot replicas currently unknown. | | resources | object | `{}` | Pod resource requests / limits | +| persistence | object | `{}` | Config for persistent encryption store in /persistent | | securityContext | object | `{}` | Security context settings | | service.annotations | object | `{}` | Extra annotations for service | | service.appservice.port | int | `9002` | Appservice port as configured in container | diff --git a/helm/hookshot/templates/_pod.tpl b/helm/hookshot/templates/_pod.tpl index 09879a1c1..fb6516562 100644 --- a/helm/hookshot/templates/_pod.tpl +++ b/helm/hookshot/templates/_pod.tpl @@ -47,6 +47,8 @@ containers: - name: config mountPath: "/data" {{- end }} + - name: data + mountPath: "/persistent" ports: - name: webhook containerPort: 9000 @@ -120,6 +122,13 @@ volumes: items: {{ toYaml .items | nindent 6 }} {{- end }} {{- end }} + - name: data +{{- if or .Values.persistence.enabled .Values.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "hookshot.fullname" .) }} +{{- else }} + emptyDir: {} +{{- end }} {{- range .Values.extraSecretMounts }} {{- if .secretName }} diff --git a/helm/hookshot/templates/pvc.yaml b/helm/hookshot/templates/pvc.yaml new file mode 100644 index 000000000..516e8d8c6 --- /dev/null +++ b/helm/hookshot/templates/pvc.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "hookshot.fullname" . }} + labels: + {{- include "hookshot.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} +{{- end }} +{{- end -}} diff --git a/helm/hookshot/values.yaml b/helm/hookshot/values.yaml index 6a8e0c21b..a4dcd9557 100644 --- a/helm/hookshot/values.yaml +++ b/helm/hookshot/values.yaml @@ -92,6 +92,15 @@ resources: {} # cpu: 100m # memory: 128Mi +# Persistent volume for encryption store, mounted in the pod as /persistent. +# Can be disabled if encryption is not used. +persistence: + enabled: true + # existingClaim: hookshot + # storageClass: "-" + accessMode: ReadWriteOnce + size: 8Gi + autoscaling: enabled: false # -- Node selector parameters