search

kumahq / kuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.
https://kuma.io/install
Apache License 2.0
3.6k stars 332 forks source link

Add userDefinedVolumes and userDefinedVolumeMounts to kuma helm charts #8222

Open ashman1984 opened 10 months ago

ashman1984 commented 10 months ago

Description

The Kong Gateway helm chart supports these (userDefinedVolumes & userDefinedVolumeMounts) options and they would be handy if these were available to mount volumes to the CP in mesh.

This will enable the use of Secrets Store CSI Drivers for mounting (License) secrets from Azure Key Vault and the like.

I did some testing by adding the following to the cp-deployment.yaml file:

volumes:
{{- if .Values.userDefinedVolumes }}
{{- .Values.userDefinedVolumes | toYaml | nindent 8 }}
{{- end }}

and

volumeMounts:
{{- if .Values.userDefinedVolumeMounts }}
{{- .Values.userDefinedVolumeMounts | toYaml | nindent 12 }}
{{- end }}

Then defined the options at the root in my values file:

userDefinedVolumes:
  - name: secrets-store-kong-license
    csi:
      driver: secrets-store.csi.k8s.io
      readOnly: true
      volumeAttributes:
        secretProviderClass: "azure-kv-kong-license"

userDefinedVolumeMounts:
  - name: secrets-store-kong-license
    mountPath: "/mnt/secrets-store"
    readOnly: true

I did attempt to put them under .Values.controlPlane.userDefinedVolumes and .Values.controlPlane.userDefinesVolumeMounts however my knowledge of templating is minimal and this did not work as expected.

The solution as a whole did appear to work when deploying a standalone CP however I was not sure on how or where these options should sit in the values file or what standard should be followed.

Should userDefinedVolumeMounts for the kuma-sidecar be a consideration? Does that take away from the containerpatches?

Thanks

lahabana commented 10 months ago

Triage: Yes we should add this for the CP.

github-actions[bot] commented 7 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 4 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 1 month ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.