Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes for StatefulSet deployment. Add questions.yml and app-readme.md for rancher chart #744

Merged
merged 41 commits into from
Apr 16, 2022
Merged

Fixes for StatefulSet deployment. Add questions.yml and app-readme.md for rancher chart #744

merged 41 commits into from
Apr 16, 2022

Conversation

jamesongithub
Copy link
Contributor

No description provided.

@jamesongithub
Copy link
Contributor Author

@amvin87 first pass for rancher chart

@anubisg1
Copy link

i would also add the possibility to have extra volumes and extravolumemounts to allow the SA_PASSWORD to be injected as a secret pulled from a vault

to values.yaml add

extraVolumes: []

extraVolumeMounts: []

to deployment.yaml add:

          volumeMounts:
           - name: mssql
             mountPath: "/var/opt/mssql"
           - name: mssql-config-volume
             mountPath: /var/opt/config
           {{- if .Values.extraVolumeMounts }}
           {{- toYaml .Values.extraVolumeMounts | nindent 11 }}
           {{- end }}
      volumes:
      - name: mssql-config-volume
        configMap:
         name: mssql
      {{- if .Values.extraVolumes }}
      {{- toYaml .Values.extraVolumes | nindent 6 }}
      {{- end }}

@jamesongithub
Copy link
Contributor Author

jamesongithub commented Apr 1, 2022
edited
Loading

i would also add the possibility to have extra volumes and extravolumemounts to allow the SA_PASSWORD to be injected as a secret pulled from a vault

to values.yaml add

extraVolumes: []

extraVolumeMounts: []

to deployment.yaml add:

          volumeMounts:
           - name: mssql
             mountPath: "/var/opt/mssql"
           - name: mssql-config-volume
             mountPath: /var/opt/config
           {{- if .Values.extraVolumeMounts }}
           {{- toYaml .Values.extraVolumeMounts | nindent 11 }}
           {{- end }}
      volumes:
      - name: mssql-config-volume
        configMap:
         name: mssql
      {{- if .Values.extraVolumes }}
      {{- toYaml .Values.extraVolumes | nindent 6 }}
      {{- end }}

extraVoumes/Mounts seem to be commonly used.
maybe in the next pr. is this w/ hashicorp vault?

@anubisg1
Copy link

anubisg1 commented Apr 1, 2022

extraVoumes/Mounts can be used for many things, but in the usecase i was thinking about it's related to Azure Keyvault

the setup would look like this.

values.yml

extraVolumes:
  - name: secrets-store-inline
    csi:
      driver: secrets-store.csi.k8s.io
      readOnly: true
      volumeAttributes:
        secretProviderClass: "azure-vault"

extraVolumeMounts:
  - name: secrets-store-inline
    mountPath: "/mnt/secrets-store"
    readOnly: true

vault-providerclass.yml (obviously i removed sensitive information from below)

piVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: azure-vault
spec:
  provider: azure
  secretObjects:
  - secretName: mssql
    type: Opaque
    data:
      - key: SA_PASSWORD
        objectName: mssql-password
  parameters:
    usePodIdentity: "false"
    useVMManagedIdentity: "true"
    userAssignedIdentityID: "IDENTITY_ID"
    keyvaultName: DevKbnVault
    objects: |
      array:
        - |
          objectName: mssql-password
          objectType: secret
    tenantId: TENANT_ID

@amvin87-zz amvin87-zz merged commit 0e12922 into microsoft:master Apr 16, 2022
@jamesongithub jamesongithub deleted the jy/rancher branch April 21, 2022 08:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amvin87-zz amvin87-zz amvin87-zz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jamesongithub @anubisg1 @amvin87-zz