Project secrets into knative CRD

This commit projects secrets into the Knative CRD YAML, however it appears that the CRD validator for the Service object will now allow multiple volumes to be mounted into the same directory which breaks compatiability with OpenFaaS on Kubernetes. A separate directory is used for each secret with the key so that "aws" will be mounted at /var/openfaas/secrets/aws/name. Signed-off-by: Alex Ellis <alexellis2@gmail.com>
2019-05-11 15:40:52 +01:00
parent b42d0703b6
commit c9544f53a9
2 changed files with 39 additions and 2 deletions
--- a/commands/generate.go
+++ b/commands/generate.go
@@ -261,6 +261,26 @@ func generateknativev1alpha1ServingCRDYAML(services stack.Services, format schem
 			},
 		}

+		var mounts []knativev1alpha1.VolumeMount
+		var volumes []knativev1alpha1.Volume
+
+		for _, secret := range function.Secrets {
+			mounts = append(mounts, knativev1alpha1.VolumeMount{
+				MountPath: "/var/openfaas/secrets/"+secret,
+				ReadOnly: true,
+				Name:      secret,
+			})
+			volumes = append(volumes, knativev1alpha1.Volume{
+				Name: secret,
+				Secret: knativev1alpha1.Secret{
+					SecretName: secret,
+				},
+			})
+		}
+
+		crd.Spec.RunLatest.Configuration.RevisionTemplate.Spec.Container.VolumeMounts = mounts
+		crd.Spec.RunLatest.Configuration.RevisionTemplate.Spec.Volumes = volumes
+
 		crds = append(crds, crd)
 	}

--- a/schema/knative/v1alpha1/serving.go
+++ b/schema/knative/v1alpha1/serving.go
@@ -25,11 +25,28 @@ type ServingSpecRunLatestConfigurationRevisionTemplate struct {

 type ServingSpecRunLatestConfigurationRevisionTemplateSpec struct {
 	Container ServingSpecRunLatestConfigurationRevisionTemplateSpecContainer `yaml:"container"`
+	Volumes   []Volume                                                       `yaml:"volumes,omitempty"`
 }

 type ServingSpecRunLatestConfigurationRevisionTemplateSpecContainer struct {
-	Image string    `yaml:"image"`
-	Env   []EnvPair `yaml:"env,omitempty"`
+	Image        string        `yaml:"image"`
+	Env          []EnvPair     `yaml:"env,omitempty"`
+	VolumeMounts []VolumeMount `yaml:"volumeMounts,omitempty"`
+}
+
+type VolumeMount struct {
+	Name      string `yaml:"name"`
+	MountPath string `yaml:"mountPath"`
+	ReadOnly  bool   `yaml:"readOnly"`
+}
+
+type Volume struct {
+	Name   string `yaml:"name"`
+	Secret Secret `yaml:"secret"`
+}
+
+type Secret struct {
+	SecretName string `yaml:"secretName"`
 }

 type EnvPair struct {