Merge pull request #12 from elinesterov/eli/hardocded-socket-path

enable spirl csi volume injeciton by default
spirl · Sep 17, 2023 · 6271e7a · 6271e7a
2 parents 28c2d83 + 078bd9f
commit 6271e7a
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 7 deletions.
diff --git a/charts/spiffe-demo-app/Chart.yaml b/charts/spiffe-demo-app/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
 name: spiffe-demo-app
 description: A Helm chart to install spiffe-demo-app
 type: application
-version: 0.3.1
+version: 0.3.2
diff --git a/charts/spiffe-demo-app/README.md b/charts/spiffe-demo-app/README.md
@@ -1,16 +1,17 @@
 # spiffe-demo-app
 
-![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart to install spiffe-demo-app
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| app | object | `{"enableBusybox":false,"spiffeCSIDriverVolume":true,"spiffeSocketMountPathDir":"/spiffe-workload-api","spiffeSocketName":"agent.sock"}` | The App configuration |
+| app | object | `{"enableBusybox":false,"spiffeCSIDriverInjectionEnabled":true,"spiffeCSIDriverVolume":false,"spiffeSocketMountPathDir":"/spiffe-workload-api","spiffeSocketName":"agent.sock"}` | The App configuration |
 | app.enableBusybox | bool | `false` | Enable busybox container |
-| app.spiffeCSIDriverVolume | bool | `true` | Add SPIFFE CSIdirver volume |
+| app.spiffeCSIDriverInjectionEnabled | bool | `true` | SPIRL SPIFFE CSI injeciton enabled |
+| app.spiffeCSIDriverVolume | bool | `false` | Add SPIFFE CSIdirver volume |
 | app.spiffeSocketMountPathDir | string | `"/spiffe-workload-api"` | SPIFFE Workload API socket mount path |
 | app.spiffeSocketName | string | `"agent.sock"` | SPIFFE Workload API socket name exposed by the agent the resulting default socket path will be /spiffe-workload-api/agent.sock spiffeSocketName is a filename from the socket path for the agent |
 | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy |

diff --git a/charts/spiffe-demo-app/templates/deployment.yaml b/charts/spiffe-demo-app/templates/deployment.yaml
@@ -12,28 +12,35 @@ spec:
     metadata:
       labels:
         app: spiffe-demo-app
+        {{- if .Values.app.spiffeCSIDriverInjectionEnabled }}
+        k8s.spirl.com/spiffe-csi: enabled
+        {{- end }}
     spec:
       containers:
       - name: spiffe-demo-app
         image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
+        {{- if not .Values.app.spiffeCSIDriverInjectionEnabled }}
         env:
           - name: SPIFFE_ENDPOINT_SOCKET
             value: "unix://{{ .Values.app.spiffeSocketMountPathDir }}/{{ .Values.app.spiffeSocketName }}"
+        {{- end }}
         ports:
         - containerPort: 8080
-      {{- if .Values.app.spiffeCSIDriverVolume }}
+        {{- if .Values.app.spiffeCSIDriverVolume }}
         volumeMounts:
         - name: spiffe-csi-driver-volume
           mountPath: {{ .Values.app.spiffeSocketMountPathDir }}
-      {{- end }}
+        {{- end }}
       {{- if .Values.app.enableBusybox }}
       - name: busybox
         image: busybox
         command: ['sleep', '3600']
+        {{- if not .Values.app.spiffeCSIDriverInjectionEnabled }}
         env:
           - name: SPIFFE_ENDPOINT_SOCKET
             value: "unix://{{ .Values.app.spiffeSocketMountPathDir }}/{{ .Values.app.spiffeSocketName }}"
+        {{- end }}
         imagePullPolicy: IfNotPresent
         {{- if .Values.app.spiffeCSIDriverVolume }}
         volumeMounts:

diff --git a/charts/spiffe-demo-app/values.yaml b/charts/spiffe-demo-app/values.yaml
@@ -17,14 +17,16 @@ service:
 
 # -- The App configuration
 app:
+  # -- SPIRL SPIFFE CSI injeciton enabled
+  spiffeCSIDriverInjectionEnabled: true
   # -- SPIFFE Workload API socket mount path
   spiffeSocketMountPathDir: /spiffe-workload-api
   # -- SPIFFE Workload API socket name exposed by the agent
   # the resulting default socket path will be /spiffe-workload-api/agent.sock
   # spiffeSocketName is a filename from the socket path for the agent
   spiffeSocketName: agent.sock
   # -- Add SPIFFE CSIdirver volume
-  spiffeCSIDriverVolume: true
+  spiffeCSIDriverVolume: false
   # -- Enable busybox container
   enableBusybox: false