Merge pull request #50 from finleap-connect/FCLOUD-5058

christianhuening · web-flow · commit 7017b635159e · 2022-07-08T14:32:42.000+02:00
make external kubeconfig configurable to connect to a different cluster
diff --git a/.gitignore b/.gitignore
@@ -26,3 +26,4 @@ testbin/*
 cover.out
 .vscode
 .coverprofile
+.dccache
diff --git a/charts/vault-operator/templates/deployment.yaml b/charts/vault-operator/templates/deployment.yaml
@@ -40,6 +40,11 @@ spec:
             name: vault-operator-env
         - secretRef:
             name: {{ required "A valid .Values.vault.credentials.secretName is required!" .Values.vault.credentials.secretName }}
+        {{- if .Values.kubeconfig.secretName }}
+        env:
+        - name: KUBECONFIG
+          value: /opt/kube/kubeconfig
+        {{- end }}
         ports:
         - containerPort: 443
           name: webhook-server
@@ -56,6 +61,11 @@ spec:
           mountPath: /etc/ssl/certs/
           readOnly: true
         {{- end }}
+        {{- if .Values.kubeconfig.secretName }}
+        - name: kubeconfig
+          mountPath: /opt/kube
+          readonly: true
+        {{- end }}
         resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -81,5 +91,13 @@ spec:
         secret:
           secretName: {{ required "A valid .Values.vault.tls.secretName is required!" .Values.vault.tls.secretName }}
       {{- end }}
-
-
+      {{- if .Values.kubeconfig.secretName }}
+      - name: kubeconfig                                                                                                                                                                                                 │
+│       secret:                                                                                                                                                                                                          │
+│         defaultMode: 420                                                                                                                                                                                               │
+│         items:                                                                                                                                                                                                         │
+│         - key: kubeconfig                                                                                                                                                                                              │
+│           mode: 256                                                                                                                                                                                                    │
+│           path: kubeconfig                                                                                                                                                                                             │
+│         secretName: {{ .Values.kubeconfig.secretName }}
+      {{- end }}
diff --git a/charts/vault-operator/values.yaml b/charts/vault-operator/values.yaml
@@ -45,6 +45,9 @@ vault:
     secretName: "" # Required secret containing AppRole credentials as fields VAULT_ROLE_ID and VAULT_SECRET_ID, see https://www.vaultproject.io/docs/auth/approle
   namespace: "" # Optional Vault namespace to connect to
 
+kubeconfig:
+  secretName: ""
+
 # Set which secret engines are allowed to access namespaced
 allowedSecretEngines:
   - app
