Skip to content

Commit

Permalink
Use ephemeral secret-op volumes rather than csi
Browse files Browse the repository at this point in the history 
Requires stackabletech/secret-operator#125, see that
PR for motivation
  • Loading branch information
@nightkr
nightkr committed May 6, 2022
1 parent f8f2d55 commit 7790067
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 10 deletions.
32 changes: 26 additions & 6 deletions src/builder/pod/volume.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
use k8s_openapi::api::core::v1::VolumeMount;
use k8s_openapi::api::core::v1::{
EphemeralVolumeSource, PersistentVolumeClaimSpec, PersistentVolumeClaimTemplate,
ResourceRequirements, VolumeMount,
};
use k8s_openapi::{
api::core::v1::{
CSIVolumeSource, ConfigMapVolumeSource, DownwardAPIVolumeSource, EmptyDirVolumeSource,
Expand All @@ -9,6 +12,8 @@ use k8s_openapi::{
};
use std::collections::BTreeMap;

use crate::builder::ObjectMetaBuilder;

/// A builder to build [`Volume`] objects.
/// May only contain one `volume_source` at a time.
/// E.g. a call like `secret` after `empty_dir` will overwrite the `empty_dir`.
Expand All @@ -28,6 +33,7 @@ pub enum VolumeSource {
Projected(ProjectedVolumeSource),
Secret(SecretVolumeSource),
Csi(CSIVolumeSource),
Ephemeral(Box<EphemeralVolumeSource>),
}

impl Default for VolumeSource {
Expand Down Expand Up @@ -187,6 +193,11 @@ impl VolumeBuilder {
csi: Some(csi.clone()),
..Volume::default()
},
VolumeSource::Ephemeral(ephemeral) => Volume {
name,
ephemeral: Some((**ephemeral).clone()),
..Volume::default()
},
}
}
}
Expand Down Expand Up @@ -275,7 +286,7 @@ impl SecretOperatorVolumeSourceBuilder {
self
}

pub fn build(&self) -> CSIVolumeSource {
pub fn build(&self) -> EphemeralVolumeSource {
let mut attrs = BTreeMap::from([(
"secrets.stackable.tech/class".to_string(),
self.secret_class.clone(),
Expand All @@ -299,10 +310,19 @@ impl SecretOperatorVolumeSourceBuilder {
attrs.insert("secrets.stackable.tech/scope".to_string(), scopes);
}

CSIVolumeSource {
driver: "secrets.stackable.tech".to_string(),
volume_attributes: Some(attrs),
..CSIVolumeSource::default()
EphemeralVolumeSource {
volume_claim_template: Some(PersistentVolumeClaimTemplate {
metadata: Some(ObjectMetaBuilder::new().annotations(attrs).build()),
spec: PersistentVolumeClaimSpec {
storage_class_name: Some("secrets.stackable.tech".to_string()),
resources: Some(ResourceRequirements {
requests: Some([("storage".to_string(), Quantity("1".to_string()))].into()),
..ResourceRequirements::default()
}),
access_modes: Some(vec!["ReadWriteOnce".to_string()]),
..PersistentVolumeClaimSpec::default()
},
}),
}
}
}
Expand Down
14 changes: 10 additions & 4 deletions src/commons/secret_class.rs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use crate::builder::SecretOperatorVolumeSourceBuilder;
use k8s_openapi::api::core::v1::CSIVolumeSource;
use k8s_openapi::api::core::v1::EphemeralVolumeSource;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};

Expand All @@ -13,7 +13,7 @@ pub struct SecretClassVolume {
}

impl SecretClassVolume {
pub fn to_csi_volume(&self) -> CSIVolumeSource {
pub fn to_ephemeral_volume(&self) -> EphemeralVolumeSource {
let mut secret_operator_volume_builder =
SecretOperatorVolumeSourceBuilder::new(&self.secret_class);

Expand Down Expand Up @@ -59,7 +59,7 @@ mod tests {
services: vec!["myservice".to_string()],
}),
}
.to_csi_volume();
.to_ephemeral_volume();

let expected_volume_attributes = BTreeMap::from([
(
Expand All @@ -74,7 +74,13 @@ mod tests {

assert_eq!(
expected_volume_attributes,
secret_class_volume.volume_attributes.unwrap()
secret_class_volume
.volume_claim_template
.unwrap()
.metadata
.unwrap()
.annotations
.unwrap()
);
}
}

0 comments on commit 7790067

Please sign in to comment.