cerc-io
/
stack-orchestrator
mirror of https://github.com/cerc-io/stack-orchestrator
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

feat: add secrets support for k8s deployments 

Adds a `secrets:` key to spec.yml that references pre-existing k8s
Secrets by name. SO mounts them as envFrom.secretRef on all pod
containers. Secret contents are managed out-of-band by the operator.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
feature/k8s-jobs
Prathamesh Musale 2026-02-27 09:25:57 +00:00
parent 4a1b5d86fd
commit d964544503
4 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
stack_orchestrator/constants.py
View File

@ -29,6 +29,7 @@ network_key = "network"
http_proxy_key = "http-proxy" http_proxy_key = "http-proxy"
image_registry_key = "image-registry" image_registry_key = "image-registry"
configmaps_key = "configmaps" configmaps_key = "configmaps"
secrets_key = "secrets"
resources_key = "resources" resources_key = "resources"
volumes_key = "volumes" volumes_key = "volumes"
security_key = "security" security_key = "security"

3
stack_orchestrator/deploy/deployment_create.py
View File

@ -477,6 +477,9 @@ def init_operation(
spec_file_content["volumes"] = {**volume_descriptors, **orig_volumes} spec_file_content["volumes"] = {**volume_descriptors, **orig_volumes}
if configmap_descriptors: if configmap_descriptors:
spec_file_content["configmaps"] = configmap_descriptors spec_file_content["configmaps"] = configmap_descriptors
if "k8s" in deployer_type:
if "secrets" not in spec_file_content:
spec_file_content["secrets"] = {}
if opts.o.debug: if opts.o.debug:
print( print(

10
stack_orchestrator/deploy/k8s/cluster_info.py
View File

@ -483,6 +483,16 @@ class ClusterInfo:
) )
) )
] ]
# Mount user-declared secrets from spec.yml
for user_secret_name in self.spec.get_secrets():
env_from.append(
client.V1EnvFromSource(
secret_ref=client.V1SecretEnvSource(
name=user_secret_name,
optional=True,
)
)
)
container = client.V1Container( container = client.V1Container(
name=container_name, name=container_name,
image=image_to_use, image=image_to_use,

3
stack_orchestrator/deploy/spec.py
View File

@ -115,6 +115,9 @@ class Spec:
def get_configmaps(self): def get_configmaps(self):
return self.obj.get(constants.configmaps_key, {}) return self.obj.get(constants.configmaps_key, {})
def get_secrets(self):
return self.obj.get(constants.secrets_key, {})
def get_container_resources(self): def get_container_resources(self):
return Resources( return Resources(
self.obj.get(constants.resources_key, {}).get("containers", {}) self.obj.get(constants.resources_key, {}).get("containers", {})