Skip to content

Commit 13d9633

Browse files
eamansoureamansour
authored
fix: Mount encryption key secret into resource monitor pods so that resource managers can decrypt credentials (#104)
Signed-off-by: Eamonn Mansour <47121388+eamansour@users.noreply.github.com>
1 parent 24a2383 commit 13d9633

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

charts/ecosystem/templates/custom-resource-monitor.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,8 @@ spec:
7373
secretKeyRef:
7474
name: {{ .Release.Name }}-couchdb-secret
7575
key: GALASA_RAS_TOKEN
76+
- name: GALASA_ENCRYPTION_KEYS_PATH
77+
value: {{ include "ecosystem.encryption.keys.path" . }}
7678
{{- if .Values.cleanupMonitor.stream }}
7779
- name: GALASA_MONITOR_STREAM
7880
value: "{{ .Values.cleanupMonitor.stream }}"
@@ -103,6 +105,9 @@ spec:
103105
initialDelaySeconds: 5
104106
periodSeconds: 10
105107
volumeMounts:
108+
- name: encryption-keys
109+
mountPath: {{ include "ecosystem.encryption.keys.directory" . }}
110+
readOnly: true
106111
- name: log4j2-config
107112
mountPath: /log4j2.properties
108113
subPath: log4j2.properties
@@ -119,6 +124,9 @@ spec:
119124
readOnly: true
120125
{{- end }}
121126
volumes:
127+
- name: encryption-keys
128+
secret:
129+
secretName: {{ include "ecosystem.encryption.keys.secret.name" . }}
122130
- name: log4j2-config
123131
configMap:
124132
name: {{ .Release.Name }}-log4j2-config

charts/ecosystem/templates/resource-monitor.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,8 @@ spec:
108108
secretKeyRef:
109109
name: {{ .Release.Name }}-couchdb-secret
110110
key: GALASA_RAS_TOKEN
111+
- name: GALASA_ENCRYPTION_KEYS_PATH
112+
value: {{ include "ecosystem.encryption.keys.path" . }}
111113
- name: GALASA_MONITOR_INCLUDES_GLOB_PATTERNS
112114
value: "{{ join "," .Values.resourceMonitor.includes }}"
113115
- name: GALASA_MONITOR_EXCLUDES_GLOB_PATTERNS
@@ -134,6 +136,9 @@ spec:
134136
initialDelaySeconds: 5
135137
periodSeconds: 10
136138
volumeMounts:
139+
- name: encryption-keys
140+
mountPath: {{ include "ecosystem.encryption.keys.directory" . }}
141+
readOnly: true
137142
- name: log4j2-config
138143
mountPath: /log4j2.properties
139144
subPath: log4j2.properties
@@ -150,6 +155,9 @@ spec:
150155
readOnly: true
151156
{{- end }}
152157
volumes:
158+
- name: encryption-keys
159+
secret:
160+
secretName: {{ include "ecosystem.encryption.keys.secret.name" . }}
153161
- name: log4j2-config
154162
configMap:
155163
name: {{ .Release.Name }}-log4j2-config

0 commit comments

Comments
 (0)