[incubator/raw] Resource templates

This is handy when you basically want an adhoc helm chart that securely generates Kubernetes secrets with a tool like [helm-secrets](https://github.com/futuresimple/helm-secrets). Signed-off-by: Yusuke Kuoka <ykuoka@gmail.com>
helm · Mar 22, 2019 · 56d5b63 · 56d5b63
1 parent 0f6bdf6
commit 56d5b63
Show file tree

Hide file tree

Showing 6 changed files with 86 additions and 5 deletions.
diff --git a/incubator/raw/Chart.yaml b/incubator/raw/Chart.yaml
@@ -1,8 +1,10 @@
 name: raw
 home: https://github.com/helm/charts/blob/master/incubator/raw
-version: 0.1.0
-appVersion: 0.1.0
+version: 0.2.0
+appVersion: 0.2.0
 description: A place for all the Kubernetes resources which don't already have a home.
 maintainers:
 - name: josdotso
   email: josdotso@cisco.com
+- name: mumoshu
+  email: ykuoka@gmail.com
diff --git a/incubator/raw/OWNERS b/incubator/raw/OWNERS
@@ -1,4 +1,6 @@
 approvers:
 - josdotso
+- mumoshu
 reviewers:
 - josdotso
+- mumoshu
diff --git a/incubator/raw/README.md b/incubator/raw/README.md
@@ -1,17 +1,22 @@
 # incubator/raw
 
-The `incubator/raw` chart takes a list of raw Kubernetes resources and
+The `incubator/raw` chart takes a list of Kubernetes resources and
 merges each resource with a default `metadata.labels` map and installs
 the result.
 
+The Kubernetes resources can be "raw" ones defined under the `resources` key, or "templated" ones defined under the `templates` key.
+
 Some use cases for this chart include Helm-based installation and
 maintenance of resources of kinds:
 - LimitRange
 - PriorityClass
+- Secret
 
 ## Usage
 
-### STEP 1: Create a yaml file containing your raw resources.
+### Raw resources
+
+#### STEP 1: Create a yaml file containing your raw resources.
 
 ```
 # raw-priority-classes.yaml
@@ -83,8 +88,42 @@ resources:
     description: "This priority class should only be used for low priority app pods."
 ```
 
-### STEP 2: Install your raw resources.
+#### STEP 2: Install your raw resources.
 
 ```
 helm install --name raw-priority-classes incubator/raw -f raw-priority-classes.yaml
 ```
+
+### Templated resources
+
+#### STEP 1: Create a yaml file containing your templated resources.
+
+```
+# values.yaml
+
+templates:
+- |
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: common-secret
+  stringData:
+    mykey: {{ .Values.mysecret }}
+```
+
+The yaml file containing `mysecret` should be encrypted with a tool like [helm-secrets](https://github.com/futuresimple/helm-secrets)
+
+```
+# secrets.yaml
+mysecret: abc123
+```
+
+```
+$ helm secrets enc secrets.yaml
+```
+
+#### STEP 2: Install your templated resources.
+
+```
+helm secrets install --name mysecret incubator/raw -f values.yaml -f secrets.yaml
+```
diff --git a/incubator/raw/ci/values.yaml b/incubator/raw/ci/values.yaml
@@ -0,0 +1,18 @@
+resources:
+- apiVersion: v1
+  kind: Secret
+  metadata:
+    name: common
+  stringData:
+    foo: bar
+
+mysecret: abc134
+
+templates:
+- |
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: common-secret
+  stringData:
+    mykey: "{{ .Values.mysecret }}"
diff --git a/incubator/raw/templates/resources.yaml b/incubator/raw/templates/resources.yaml
@@ -3,3 +3,7 @@
 ---
 {{- toYaml (merge . $template) -}}
 {{- end }}
+{{- range $i, $t := .Values.templates }}
+---
+{{- toYaml (merge (tpl $t $ | fromYaml) $template) -}}
+{{- end }}
diff --git a/incubator/raw/values.yaml b/incubator/raw/values.yaml
@@ -63,3 +63,19 @@ resources: []
 #    value: 70000
 #    globalDefault: false
 #    description: "This priority class should only be used for low priority app pods."
+
+templates:
+# This is here to pass the chart ci
+- |
+  apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: raw
+#
+#  - |
+#    apiVersion: v1
+#    kind: Secret
+#    metadata:
+#      name: common-secret
+#    stringData:
+#      mykey: {{ .Values.mysecret }}