feat: experimental support for container secrets interface

s3proxy-distro · Feb 2, 2024 · 11ca3f9 · 11ca3f9
1 parent 97c9f2a
commit 11ca3f9
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/charts/s3proxy/templates/_secret.tpl b/charts/s3proxy/templates/_secret.tpl
@@ -1,5 +1,5 @@
 {{- define "s3proxy.properties" -}}
-{{- if not .Values.existingPropertiesSecret }}
+{{- if and (not .Values.existingPropertiesSecret) (not .Values.csiSecret.enabled) }}
 LOG_LEVEL={{ .Values.logLevel | default "info" }}
 #General config
 s3proxy.authorization={{ .Values.config.s3proxy.authorization }}

diff --git a/charts/s3proxy/templates/deployment.yaml b/charts/s3proxy/templates/deployment.yaml
@@ -94,12 +94,20 @@ spec:
           sizeLimit: {{ .Values.config.jclouds.filesystem.tmpSize }}
       {{- end }}
       - name: secret-volume
+        {{- if .Values.csiSecret.enabled }}
+        csi:
+          driver: {{ .Values.csiSecret.driver | default "secrets-store.csi.k8s.io" }}
+          readOnly: {{ .Values.csiSecret.readOnly | default true }}
+          volumeAttributes:
+            secretProviderClass: {{ .Values.csiSecret.class }}
+        {{ else }}
         secret:
       {{- if .Values.existingPropertiesSecret }}
           secretName: {{ .Values.existingPropertiesSecret }}
       {{ else }}
           secretName: {{ include "s3proxy.fullname" . }}
       {{- end }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/s3proxy/values.yaml b/charts/s3proxy/values.yaml
@@ -20,6 +20,7 @@ args:
   - --properties
   - /etc/s3proxy/s3proxy.properties
 
+csiSecret: {}
 config:
   env: []
   s3proxy: