Mount minio configured cert inside pod using secret

916fd6e6 · Waqar Ahmed · 31530457 · 916fd6e6 · 916fd6e6 · 916fd6e6
Commit 916fd6e6 authored Feb 08, 2021 by Waqar Ahmed
4 changed files
--- a/test/minio/1.2.0/templates/_cert.tpl
+++ b/test/minio/1.2.0/templates/_cert.tpl
+{{/*
+Formats volumeMount for Minio tls keys and trusted certs
+*/}}
+{{- define "minio.tlsKeysVolumeMount" -}}
+{{- if eq (include "minio.certAvailable" .) "true" -}}
+- name: cert-secret-volume
+  mountPath: "/etc/minio/certs"
+{{- end }}
+{{- end -}}
+{{/*
+Formats volume for Minio tls keys and trusted certs
+*/}}
+{{- define "minio.tlsKeysVolume" -}}
+{{- if eq (include "minio.certAvailable" .) "true" -}}
+- name: cert-secret-volume
+  secret:
+    secretName: {{ include "minio.secretName" . }}
+    items:
+    - key: certPublicKey
+      path: public.crt
+    - key: certPrivateKey
+      path: private.key
+{{- end }}
+{{- end -}}
--- a/test/minio/1.2.0/templates/_helpers.tpl
+++ b/test/minio/1.2.0/templates/_helpers.tpl
@@ -11,7 +11,7 @@ Retrieve true/false if minio certificate is configured
 */}}
 {{- define "minio.certAvailable" -}}
 {{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.certificate) -}}
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
 {{- template "common.resources.cert_present" $values -}}
 {{- end -}}
@@ -21,7 +21,7 @@ Retrieve public key of minio certificate
 */}}
 {{- define "minio.cert.publicKey" -}}
 {{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.certificate "publicKey" true) -}}
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
 {{ include "common.resources.cert" $values }}
 {{- end -}}
@@ -31,6 +31,6 @@ Retrieve private key of minio certificate
 */}}
 {{- define "minio.cert.privateKey" -}}
 {{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.certificate) -}}
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
 {{ include "common.resources.cert" $values }}
 {{- end -}}
--- a/test/minio/1.2.0/templates/deployment.yaml
+++ b/test/minio/1.2.0/templates/deployment.yaml
-{{ $scheme := "http" }}
 apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
@@ -29,13 +28,14 @@ spec:
      containers:
        - name: {{ .Chart.Name }}
          {{ include "common.containers.imageConfig" .Values.image | nindent 10 }}
-          {{ include "common.storage.allContainerVolumeMounts" .Values | nindent 10 }}
+          volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
+          {{- include "minio.tlsKeysVolumeMount" . | nindent 12 }}
          command:
            - "/bin/sh"
            - "-ce"
            - "/usr/bin/docker-entrypoint.sh minio server /export {{ (.Values.extraArgs | default list) | join " " }}"
          ports:
-            - name: {{ $scheme }}
+            - name: http
              containerPort: 9000
          env:
            {{ $secretName := (include "minio.secretName" .) }}
@@ -44,3 +44,4 @@ spec:
            {{ $envList = mustAppend $envList (dict "name" "MINIO_SECRET_KEY" "valueFromSecret" true "secretName" $secretName "secretKey" "secretkey") }}
            {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }}
 {{ include "common.storage.allAppVolumes" .Values | nindent 6 }}
+{{- include "minio.tlsKeysVolume" . | nindent 8 }}
--- a/test/minio/1.2.0/templates/secrets.yaml
+++ b/test/minio/1.2.0/templates/secrets.yaml
@@ -7,7 +7,7 @@ type: Opaque
 data:
  accesskey: {{ if .Values.accessKey }}{{ .Values.accessKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }}
  secretkey: {{ if .Values.secretKey }}{{ .Values.secretKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }}
-  {{- if eq (include "minio.certAvailable" .) true -}}
+  {{ if eq (include "minio.certAvailable" .) "true" }}
-  certPublicKey: {{ template "minio.cert.publicKey" . }}
+  certPublicKey: {{ (include "minio.cert.publicKey" .) | toString | b64enc | quote }}
-  certPrivateKey: {{ template "minio.cert.privateKey" . }}
+  certPrivateKey: {{ (include "minio.cert.privateKey" .) | toString | b64enc | quote }}
-  {{- end -}}
+  {{ end }}