feat: add secrets support for k8s deployments
Adds a `secrets:` key to spec.yml that references pre-existing k8s Secrets by name. SO mounts them as envFrom.secretRef on all pod containers. Secret contents are managed out-of-band by the operator. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>feature/k8s-jobs
Prathamesh Musale
parent
4a1b5d86fd
commit
d964544503
|
|
@ -29,6 +29,7 @@ network_key = "network"
|
|||
http_proxy_key = "http-proxy"
|
||||
image_registry_key = "image-registry"
|
||||
configmaps_key = "configmaps"
|
||||
secrets_key = "secrets"
|
||||
resources_key = "resources"
|
||||
volumes_key = "volumes"
|
||||
security_key = "security"
|
||||
|
|
|
|||
|
|
@ -477,6 +477,9 @@ def init_operation(
|
|||
spec_file_content["volumes"] = {**volume_descriptors, **orig_volumes}
|
||||
if configmap_descriptors:
|
||||
spec_file_content["configmaps"] = configmap_descriptors
|
||||
if "k8s" in deployer_type:
|
||||
if "secrets" not in spec_file_content:
|
||||
spec_file_content["secrets"] = {}
|
||||
|
||||
if opts.o.debug:
|
||||
print(
|
||||
|
|
|
|||
|
|
@ -483,6 +483,16 @@ class ClusterInfo:
|
|||
)
|
||||
)
|
||||
]
|
||||
# Mount user-declared secrets from spec.yml
|
||||
for user_secret_name in self.spec.get_secrets():
|
||||
env_from.append(
|
||||
client.V1EnvFromSource(
|
||||
secret_ref=client.V1SecretEnvSource(
|
||||
name=user_secret_name,
|
||||
optional=True,
|
||||
)
|
||||
)
|
||||
)
|
||||
container = client.V1Container(
|
||||
name=container_name,
|
||||
image=image_to_use,
|
||||
|
|
|
|||
|
|
@ -115,6 +115,9 @@ class Spec:
|
|||
def get_configmaps(self):
|
||||
return self.obj.get(constants.configmaps_key, {})
|
||||
|
||||
def get_secrets(self):
|
||||
return self.obj.get(constants.secrets_key, {})
|
||||
|
||||
def get_container_resources(self):
|
||||
return Resources(
|
||||
self.obj.get(constants.resources_key, {}).get("containers", {})
|
||||
|
|
|
|||
Loading…
Reference in New Issue