Merge pull request #17 from HomeDevopsLab/secret-volumes

feat: mounting secrets as volumes

Author: kkrolikowski

CHANGELOG.md

@@ -1,5 +1,28 @@
 # Changelog
 
+## [3.0.0] - 2025-12-30
+
+### Added
+
+- Ability to mount secrets as volumes. I'ts handy when you need to mount encrypted config file
+- Ability to mount configmap as volume just as the other type of volume.
+
+
+### Changed
+
+- [BREAKING] volumes structure. Flag `enabled` was removed, along with `type` structure. Now volumes structure is flattened.
+- [BREAKING] kubernetes service name is no longer combined with application name (.Release.Name). HelmRelese configuration will be more straightforward.
+- [BREAKING] mountPath and subPath options are now child-nodes for volumes.nfs, volumes.configmap and volumes.secret
+- Ingress name is now the same as application name.
+
+### Removed
+
+- [BREAKING] database.enabled flag
+- Obsolete dbsecrets pre-install hook which was designed to generate databae credentials for application
+- Faulty initwebsitedir pre-install hook, which was designed to create application directory on persistent storage
+- Obsolete mattermos-notify post-hook. This hook was designed to send chat notification after application deployment
+- Obsolete MySQLDBHelper pre-install hook which was designed to create mysql database for an application
+
 ## [2.7.0] - 2025-12-14
 
 ### Added

chart/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.7.0
+version: 3.0.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

chart/templates/dbsecrets.yaml

@@ -15,6 +15,7 @@ spec:
       labels:
         {{- include "basic.selectorLabels" . | nindent 8 }}
     spec:
+      enableServiceLinks: false
       containers:
         - name: {{ .Release.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -36,27 +37,31 @@ spec:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           {{- end }}
-          {{- if .Values.volumes.enabled }}
           volumeMounts:
-            {{- if .Values.configMap }}
-            - name: {{ .Values.configMap.name }}
-              mountPath: {{ .Values.configMap.mountPath }}
-            {{- end }}
-            {{- range .Values.volumes.mountPath }}
-            {{- $dirmap := regexSplit ":" . -1 }}
-            {{- $sub_path := slice $dirmap 0 1 | first }}
-            {{- $mount := slice $dirmap  1 | last }}
-            {{- if $.Values.volumes.type.pvc }}
-            {{- $path := $mount }}
-            - mountPath: {{ $mount | default "/var/www" }}
-              name: {{ $.Release.Name }}-volume
-            {{- else }}
+            {{- if .Values.volumes.nfs }}
+              {{- range .Values.volumes.nfs.mountPath }}
+                {{- $dirmap := regexSplit ":" . -1 }}
+                {{- $sub_path := slice $dirmap 0 1 | first }}
+                {{- $mount := slice $dirmap  1 | last }}
             - mountPath: {{ $mount | default "/var/www" }}
               name: {{ $.Release.Name }}-volume
               subPath: {{ $sub_path }}
+              {{- end }}
             {{- end }}
+            {{- if .Values.volumes.secret }}
+            - name: {{ .Values.volumes.secret.secretName }}
+              mountPath: {{ .Values.volumes.secret.mountPath }}
+              {{- if .Values.volumes.secret.subPath }}
+              subPath: {{ .Values.volumes.secret.subPath }}
+              {{- end}}
+            {{- end }}
+            {{- if .Values.volumes.configmap }}
+            - name: {{ .Values.volumes.configmap.configMap }}
+              mountPath: {{ .Values.volumes.configmap.mountPath }}
+              {{- if .Values.volumes.configmap.subPath }}
+              subPath: {{ .Values.volumes.configmap.subPath }}
+              {{- end}}
             {{- end }}
-          {{- end}}
           env:
           {{- with .Values.env }}
             {{- toYaml . | nindent 12 }}
@@ -102,31 +107,30 @@ spec:
       {{- with .Values.nodeSelector }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if .Values.volumes.enabled }}
-      {{- if .Values.volumes.type.pvc }}
-      {{- $ownership := regexSplit ":" .Values.volumes.ownership -1 }}
-      {{- $gid := slice $ownership 0 1 | first }}
-      securityContext:
-        fsGroup: {{ $gid | default 0 }}
-      {{- end}}
       volumes:
-        {{- if .Values.configMap }}
-        - name: {{ .Values.configMap.name }}
+      {{- if .Values.volumes.configMap }}
+        - name: {{ .Values.volumes.configMap.name }}
           configMap:
-            name: {{ .Values.configMap.name }}
-        {{- end }}
+            name: {{ .Values.volumes.configMap.name }}
+      {{- end }}
+      {{- if .Values.volumes.nfs }}
         - name: {{ .Release.Name }}-volume
-          {{- if .Values.volumes.type.nfs }}
           nfs:
-            server: {{ .Values.volumes.type.nfs.server }}
-            {{- if .Values.volumes.rootDir }}
-            path: {{ .Values.volumes.type.nfs.path }}/{{ .Values.volumes.rootDir }}
-            {{- else }}
-            path: {{ .Values.volumes.type.nfs.path }}/{{ .Release.Name }}
-            {{- end }}
+            server: {{ .Values.volumes.nfs.server }}
+        {{- if .Values.volumes.rootDir }}
+            path: {{ .Values.volumes.nfs.path }}/{{ .Values.volumes.rootDir }}
+        {{- else }}
+            path: {{ .Values.volumes.nfs.path }}/{{ .Release.Name }}
+        {{- end }}
             readOnly: false
-          {{- else }}
-          persistentVolumeClaim:
-            claimName: {{ .Release.Name }}-pvc
-          {{- end }} 
-    {{- end }}
+      {{- end }}
+      {{- if .Values.volumes.secret }}
+        - name: {{ .Values.volumes.secret.secretName }}
+          secret:
+            secretName: {{ .Values.volumes.secret.secretName }}
+      {{- end }}
+      {{- if .Values.volumes.configmap }}
+        - name: {{ .Values.volumes.configmap.configMap }}
+          configMap:
+            name: {{ .Values.volumes.configmap.configMap }}
+      {{- end }}

chart/templates/deployment.yaml

@@ -1,12 +1,10 @@
 {{- if .Values.ingress.enabled -}}
 {{- range .Values.ingress.hosts }}
-{{- $subdomain := .name | splitList "." | first -}}
-{{- $ReleaseName := printf "%s-%s" $.Release.Name $subdomain -}}
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ $ReleaseName }}
+  name: {{ $.Release.Name}}
   namespace: {{ $.Release.Namespace }}
   {{- if $.Values.ingress.ssl }}
   annotations:
@@ -23,12 +21,12 @@ spec:
             pathType: Prefix
             backend:
               service:
-                name: {{ $ReleaseName }}
+                name: {{ $.Release.Name }}
                 port:
                   number: {{ .servicePort }}
   {{- if $.Values.ingress.ssl }}
   tls:
-    - secretName: {{ $ReleaseName }}-tls
+    - secretName: {{ $.Release.Name }}-tls
       hosts:
         - {{ .name }}
   {{- end }}

chart/templates/ingress.yaml

@@ -5,7 +5,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: "{{ $.Release.Name }}-{{ .name }}"
+  name: "{{ .name }}"
   namespace: {{ $.Release.Namespace }}
 spec:
   type: {{ .type }}