add support for more flexible volume mounts. Include example values f…

…or init container
hashicorp · May 28, 2020 · d06d640 · d06d640
1 parent 6c5628f
commit d06d640
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -97,6 +97,9 @@ extra volumes the user may have specified (such as a secret with TLS).
             secretName: {{ .name }}
           {{- end }}
   {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
 {{- end -}}
 
 {{/*
@@ -159,6 +162,9 @@ based on the mode configured.
               readOnly: true
               mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
   {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
 {{- end -}}
 
 {{/*

diff --git a/values.yaml b/values.yaml
@@ -163,6 +163,20 @@ server:
   # This is useful if you need to run a script to provision TLS certificates or
   # write out configuration files in a dynamic way.
   extraInitContainers: null
+    # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+    # # which is defined in the volumes value.
+    # - name: oauthapp
+    #   image: "alpine"
+    #   command: [sh, -c]
+    #   args:
+    #     - cd /tmp &&
+    #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+    #       tar -xf oauthapp.xz &&
+    #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+    #       chmod +x /usr/local/libexec/vault/oauthapp
+    #   volumeMounts:
+    #     - name: plugins
+    #       mountPath: /usr/local/libexec/vault
 
   # extraContainers is a list of sidecar containers. Specified as a YAML list.
   extraContainers: null
@@ -210,6 +224,22 @@ server:
     #   name: my-secret
     #   path: null # default is `/vault/userconfig`
 
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+
   # Affinity Settings
   # Commenting out or setting as empty the affinity variable, will allow
   # deployment to single node services such as Minikube