feat: range for secrets and cm (#32)

devops-ia · Sep 28, 2023 · d0727a8 · d0727a8
1 parent a2752bd
commit d0727a8
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 70 deletions.
diff --git a/charts/steampipe/Chart.yaml b/charts/steampipe/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: steampipe
 description: A Helm chart for Kubernetes to deploy Steampipe
 type: application
-version: 1.1.0
+version: 1.2.0
 appVersion: "0.20.12"
 home: https://github.com/devops-ia/helm-charts/tree/main/charts/steampipe
 sources:

diff --git a/charts/steampipe/templates/configmap.yaml b/charts/steampipe/templates/configmap.yaml
@@ -1,14 +1,15 @@
 {{- if .Values.extraConfig.configMaps.enabled }}
+{{ range $secrets := .Values.extraConfig.configMaps.config }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "steampipe.fullname" . }}-config
-  labels:
-    {{- include "steampipe.labels" . | nindent 4 }}
+  name: {{ .name }}
 data:
-{{- range $key, $value := .Values.extraConfig.configMaps.data }}
+{{- range $key, $value := $secrets.data }}
   {{ $key }}: |-
 {{ tpl $value $| indent 4 }}
+{{- end }}
+
 {{- end }}
 {{- end }}
diff --git a/charts/steampipe/templates/deployment.yaml b/charts/steampipe/templates/deployment.yaml
@@ -145,16 +145,6 @@ spec:
             - name: workspace
               mountPath: /workspace
           {{- end }}
-          {{- if .Values.extraConfig.secrets.enabled }}
-            - name: secrets
-              mountPath: /home/steampipe/.steampipe/config/azure.spc
-              subPath: azure.spc
-          {{- end }}
-          {{- if .Values.extraConfig.configMaps.enabled }}
-            - name: configmaps
-              mountPath: /home/steampipe/.steampipe/config/azure.spc
-              subPath: azure.spc
-          {{- end }}
           {{- with .Values.extraVolumeMount }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
@@ -195,16 +185,6 @@ spec:
         - name: workspace
           emptyDir: {}
       {{- end }}
-      {{- if .Values.extraConfig.secrets.enabled }}
-        - name: secrets
-          secret:
-            secretName: {{ template "steampipe.fullname" . }}-secrets
-      {{- end }}
-      {{- if .Values.extraConfig.configMaps.enabled }}
-        - name: configmaps
-          configMap:
-            name: {{ template "steampipe.fullname" . }}-config
-      {{- end }}
       {{- with .Values.extraVolumes }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
diff --git a/charts/steampipe/templates/secret.yaml b/charts/steampipe/templates/secret.yaml
@@ -1,15 +1,15 @@
 {{- if .Values.extraConfig.secrets.enabled }}
+{{ range $secrets := .Values.extraConfig.secrets.config }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ template "steampipe.fullname" . }}-secrets
-  labels:
-    {{- include "steampipe.labels" . | nindent 4 }}
+  name: {{ .name }}
 data:
-{{- range $key, $value := .Values.extraConfig.secrets.data }}
+{{- range $key, $value := $secrets.data }}
   {{ $key }}: |-
 {{ tpl $value $ | b64enc | indent 4 }}
+{{- end }}
 
 {{- end }}
 {{- end }}
diff --git a/charts/steampipe/values.yaml b/charts/steampipe/values.yaml
@@ -120,55 +120,78 @@ tolerations: []
 affinity: {}
 
 extraVolumes: []
-#  - name: configmap
+#  - name: openshift-connection
 #    configMap:
-#      name: steampipe-config
-#  - name: secret
+#      name: openshift-connection
+#  - name: openshift-kubeconfig
 #    secret:
-#      secretname: steampipe-secret
-
+#      secretName: openshift-kubeconfig
+#  - name: azure-connection
+#    secret:
+#      secretName: azure-connection
 
-extraVolumeMount:
-#  - name: configmap
-#    mountPath: "/home/steampipe/.steampipe/config/azure.spc"
-#    subPath: azure.spc
+extraVolumeMount: []
+#  - name: openshift-connection
+#    mountPath: "/home/steampipe/.steampipe/config/openshift.spc"
+#    subPath: openshift.spc
+#    readOnly: true
+#  - name: openshift-kubeconfig
+#    mountPath: "/home/steampipe/.kube/config"
+#    subPath: config
 #    readOnly: true
-#  - name: secret
+#  - name: azure-connection
 #    mountPath: "/home/steampipe/.steampipe/config/azure.spc"
 #    readOnly: true
 #    subPath: azure.spc
 
 extraConfig:
   configMaps:
     enabled: false
-    data:
-      # conections.spc: |
-      #   connection "azure_all" {
-      #     type        = "aggregator"
-      #     plugin      = "azure"
-      #     connections = ["azure_*"]
-      #   }
-      #   connection "azure_sub_1" {
-      #     plugin          = "azure"
-      #     subscription_id = "azure_01"
-      #   }
-      #   connection "azure_sub_2" {
-      #     plugin          = "azure"
-      #     subscription_id = "azure_02"
-      #   }
+    config:
+    - name: openshift-connection
+      data:
+        openshift.spc: |
+          connection "openshift" {
+            plugin      = "openshift"
+            config_path = "~/.kube/config"
+          }
 
   secrets:
     enabled: false
-    data:
-      #  azure.spc: |
-      #    connection "azure" {
-      #      plugin = "azure"
-      #      environment = "AZUREPUBLICCLOUD"
-      #      tenant_id       = "00000000-0000-0000-0000-000000000000"
-      #      subscription_id = "00000000-0000-0000-0000-000000000000"
-      #      client_id       = "00000000-0000-0000-0000-000000000000"
-      #      client_secret   = "~dummy@3password"
-      #    }
+    config:
+      - name: azure-connection
+        data:
+          azure.spc: |
+            connection "azure" {
+              plugin          = "azure"
+              environment     = "AZUREPUBLICCLOUD"
+              tenant_id       = "00000000-0000-0000-0000-000000000000"
+              subscription_id = "00000000-0000-0000-0000-000000000000"
+              client_id       = "00000000-0000-0000-0000-000000000000"
+              client_secret   = "~dummy@3password"
+            }
+      - name: openshift-kubeconfig
+        data:
+          config: |
+            current-context: federal-context
+            apiVersion: v1
+            clusters:
+            - cluster:
+                certificate-authority: path/to/my/cafile
+                server: https://horse.org:4443
+              name: horse-cluster
+            contexts:
+            - context:
+                cluster: horse-cluster
+                namespace: chisel-ns
+                user: green-user
+              name: federal-context
+            kind: Config
+            users:
+            - name: green-user
+              user:
+                client-certificate: path/to/my/client/cert
+                client-key: path/to/my/client/key
 
 initContainer:
   image:
@@ -181,20 +204,25 @@ initContainer:
     runAsNonRoot: true
     runAsUser: 9193
 
-  # Ref: https://hub.steampipe.io/plugins
   plugins: []
+  ## Ref: https://hub.steampipe.io/plugins
   # - "azure"
   # - "azuread"
+  # - "openshift"
+  # - "terraform"
 
-  # Ref: https://hub.steampipe.io/mods
   mods: []
+  ## Ref: https://hub.steampipe.io/mods
   #  - "github.com/turbot/steampipe-mod-azure-insights"
+  #  - "github.com/turbot/steampipe-mod-azure-compliance"
+  #  - "github.com/turbot/steampipe-mod-azure-tags"
+  #  - "github.com/turbot/steampipe-mod-terraform-azure-compliance"
 
   resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  ## We usually recommend not to specify default resources and to leave this as a conscious
+  ## choice for the user. This also increases chances charts run on environments with little
+  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
   # limits:
   #   cpu: 100m
   #   memory: 128Mi