🌱 Syself Hetzner ccm v2. Hot reload via mounted secret. (#100)

syself · Dec 19, 2024 · 64da973 · 64da973
1 parent 6bcbe7f
commit 64da973
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 42 deletions.
diff --git a/charts/ccm-hetzner/Chart.yaml b/charts/ccm-hetzner/Chart.yaml
@@ -7,5 +7,5 @@ maintainers:
   - name: Syself
     email: [email protected]
     url: https://github.com/syself
-appVersion: "v1.18.0-0.0.8"
-version: 1.1.15
+appVersion: "v2.0.1"
+version: 2.0.1
diff --git a/charts/ccm-hetzner/templates/deployment.yaml b/charts/ccm-hetzner/templates/deployment.yaml
@@ -28,6 +28,10 @@ spec:
       serviceAccountName: {{ include "ccm-hetzner.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      volumes:
+      - name: hetzner-secret
+        secret:
+          secretName: {{ .Values.secret.name }}
       tolerations:
         # Introduced with CAPI v1.4, more info: https://cluster-api.sigs.k8s.io/developer/providers/bootstrap.html#taint-nodes-at-creation
         - key: "node.cluster.x-k8s.io/uninitialized"
@@ -70,38 +74,11 @@ spec:
 {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+          - mountPath: /etc/hetzner-secret
+            name: hetzner-secret
+            readOnly: true
           env:
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: HCLOUD_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  {{- if .Values.secret.create }}
-                  name: {{ include "ccm-hetzner.fullname" . }}
-                  {{- else }}
-                  name: {{ .Values.secret.name }}
-                  {{- end }}
-                  key: {{ .Values.secret.key.token }}
-            - name: ROBOT_USER_NAME
-              valueFrom:
-                secretKeyRef:
-                  {{- if .Values.secret.create }}
-                  name: {{ include "ccm-hetzner.fullname" . }}
-                  {{- else }}
-                  name: {{ .Values.secret.name }}
-                  {{- end }}
-                  key: {{ .Values.secret.key.robotUserName }}
-            - name: ROBOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  {{- if .Values.secret.create }}
-                  name: {{ include "ccm-hetzner.fullname" . }}
-                  {{- else }}
-                  name: {{ .Values.secret.name }}
-                  {{- end }}
-                  key: {{ .Values.secret.key.robotPassword }}
             - name: HCLOUD_DEBUG
               value: "{{ .Values.env.debug }}"
             - name: HCLOUD_LOAD_BALANCERS_ENABLED
@@ -131,4 +108,4 @@ spec:
       {{- with .Values.topologySpreadConstraints }}
       topologySpreadConstraints:
         {{- toYaml . | nindent 8 }}
-      {{- end }}
+      {{- end }}
diff --git a/charts/ccm-hetzner/templates/secret.yaml b/charts/ccm-hetzner/templates/secret.yaml
@@ -7,10 +7,10 @@ metadata:
   labels:
     {{- include "ccm-hetzner.labels" . | nindent 4 }}
 stringData:
-  {{ .Values.secret.key.token }}: {{ .Values.env.hcloudApiToken | b64enc }}
-  {{ .Values.secret.key.robotUserName }}: {{ .Values.env.robotUser | b64enc }}
-  {{ .Values.secret.key.robotPassword }}: {{ .Values.env.robotPassword | b64enc }}
+  hcloud: {{ .Values.env.hcloudApiToken | b64enc }}
+  robot-user: {{ .Values.env.robotUser | b64enc }}
+  robot-password: {{ .Values.env.robotPassword | b64enc }}
 {{- if .Values.privateNetwork.enabled }}
   {{ .Values.secret.networkKeyName }}: {{ .Values.privateNetwork.network.id | b64enc }}
-{{- end -}}  
+{{- end -}}
 {{- end -}}
diff --git a/charts/ccm-hetzner/values.yaml b/charts/ccm-hetzner/values.yaml
@@ -36,11 +36,14 @@ secret:
   create: false
   name: hetzner # Name of an existing secret
   key:
-    token: hcloud # Name of an existing key for the hcloud-token in the above specified secret
-    robotUserName: robot-user
-    robotPassword: robot-password
     network: network # Name of an existing key for the hcloud-network in the above specified secret
 
+    ## These values could be set in v1. For v2 we introduced hot-reloading of the secret.
+    ## These values are no longer configurable:
+    # token: hcloud
+    # robotUserName: robot-user
+    # robotPassword: robot-password
+
 pdb:
   enabled: true
   minAvailable: 1
@@ -80,4 +83,4 @@ tolerations: []
 
 affinity: {}
 
-topologySpreadConstraints: {}
+topologySpreadConstraints: {}