feat(csi/providersDir): add configurable providersDir #603
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
|
@jasonodonnell Can you please review this PR? We can't upgrade the vault integration on a cluster due to it being using differente providersDir paths. |
benashz
reviewed
Sep 10, 2021
benashz
reviewed
Sep 10, 2021
benashz
reviewed
Sep 10, 2021
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
|
Thanks for the review Please re-review @benashz |
|
Thanks @eyenx . I think all that is missing now are some unit tests. I think the following patch should suffice: diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats
index c546d0a..5cfd8a7 100644
--- a/test/unit/csi-daemonset.bats
+++ b/test/unit/csi-daemonset.bats
@@ -315,6 +315,68 @@ load _helpers
[ "${actual}" = "{}" ]
}
+@test "csi/daemonset: csi providersDir default" {
+ cd `chart_dir`
+
+ # Test that it defines it
+ local object=$(helm template \
+ --show-only templates/csi-daemonset.yaml \
+ --set 'csi.enabled=true' \
+ . | tee /dev/stderr |
+ yq -r '.spec.template.spec.volumes[] | select(.name == "providervol")' | tee /dev/stderr)
+
+ local actual=$(echo $object |
+ yq -r '.hostPath.path' | tee /dev/stderr)
+ [ "${actual}" = "/etc/kubernetes/secrets-store-csi-providers" ]
+}
+
+@test "csi/daemonset: csi kubeletRootDir default" {
+ cd `chart_dir`
+
+ # Test that it defines it
+ local object=$(helm template \
+ --show-only templates/csi-daemonset.yaml \
+ --set 'csi.enabled=true' \
+ . | tee /dev/stderr |
+ yq -r '.spec.template.spec.volumes[] | select(.name == "mountpoint-dir")' | tee /dev/stderr)
+
+ local actual=$(echo $object |
+ yq -r '.hostPath.path' | tee /dev/stderr)
+ [ "${actual}" = "/var/lib/kubelet/pods" ]
+}
+
+@test "csi/daemonset: csi providersDir override " {
+ cd `chart_dir`
+
+ # Test that it defines it
+ local object=$(helm template \
+ --show-only templates/csi-daemonset.yaml \
+ --set 'csi.enabled=true' \
+ --set 'csi.daemonSet.providersDir=/alt/csi-prov-dir' \
+ . | tee /dev/stderr |
+ yq -r '.spec.template.spec.volumes[] | select(.name == "providervol")' | tee /dev/stderr)
+
+ local actual=$(echo $object |
+ yq -r '.hostPath.path' | tee /dev/stderr)
+ [ "${actual}" = "/alt/csi-prov-dir" ]
+}
+
+@test "csi/daemonset: csi kubeletRootDir override" {
+ cd `chart_dir`
+
+ # Test that it defines it
+ local object=$(helm template \
+ --show-only templates/csi-daemonset.yaml \
+ --set 'csi.enabled=true' \
+ --set 'csi.daemonSet.kubeletRootDir=/alt/kubelet-root' \
+ . | tee /dev/stderr |
+ yq -r '.spec.template.spec.volumes[] | select(.name == "mountpoint-dir")' | tee /dev/stderr)
+
+ local actual=$(echo $object |
+ yq -r '.hostPath.path' | tee /dev/stderr)
+ [ "${actual}" = "/alt/kubelet-root/pods" ]
+}
+
#--------------------------------------------------------------------
# volumeMounts |
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
benashz
approved these changes
Sep 15, 2021
|
My pleasure |
illegalnumbers
pushed a commit
to streamnative/vault-helm
that referenced
this pull request
Mar 17, 2022
* add configurable values for providersDir and kubeletRootDir Signed-off-by: Toni Tauro <toni.tauro@adfinis.com> Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background: with kubernetes-sigs/secrets-store-csi-driver#409 the providersDir path has been made configurable for secrets-store-csi-driver, as not every single kubernetes distribution out there uses the same path.
This is why we should also allow vault-helm to set providersDir accordingly. Default will remain
/etc/kubernetes/secrets-store-csi-providersSigned-off-by: Toni Tauro toni.tauro@adfinis.com