From 248b1172704715b856b815d35af8e910fd061d96 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Wed, 12 Nov 2025 21:44:53 +0545 Subject: [PATCH 1/7] docs: update comments --- toggle-django-helm/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/toggle-django-helm/values.yaml b/toggle-django-helm/values.yaml index 8e441be..c62f6c1 100644 --- a/toggle-django-helm/values.yaml +++ b/toggle-django-helm/values.yaml @@ -96,7 +96,7 @@ rabbitmq: storageClass: api: - # Not required if global image are set + # Not required if root image are set image: {} # name: WORKER-SET-BY-CICD-IMAGE # tag: WORKER-SET-BY-CICD-TAG @@ -114,7 +114,7 @@ api: memory: 1Gi worker: - # Not required if global image are set + # Not required if root image are set image: {} # name: WORKER-SET-BY-CICD-IMAGE # tag: WORKER-SET-BY-CICD-TAG @@ -202,7 +202,7 @@ cronjobs: # enabled: false # command: ["./manage.py", "run-dummy-command"] -# Not required if global image are set +# Not required if root image are set argoHook: enabled: true image: {} From 674052b52446f20828071fb4828475564f590379 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Wed, 12 Nov 2025 21:52:39 +0545 Subject: [PATCH 2/7] feat: add service-account --- toggle-django-helm/templates/_helpers.tpl | 11 +++++++++++ .../templates/api/deployment.yaml | 4 ++++ .../templates/api/service-account.yaml | 17 +++++++++++++++++ .../templates/argo-hooks/hook-job.yaml | 4 ++++ .../templates/celery-flower/deployment.yaml | 4 ++++ .../templates/cronjobs/deployment.yaml | 4 ++++ .../templates/worker-beat/deployment.yaml | 4 ++++ .../templates/worker/deployment.yaml | 4 ++++ toggle-django-helm/tests/values-1.yaml | 9 +++++++++ toggle-django-helm/tests/values-2.yaml | 5 +++++ toggle-django-helm/values.yaml | 7 +++++++ 11 files changed, 73 insertions(+) create mode 100644 toggle-django-helm/templates/api/service-account.yaml diff --git a/toggle-django-helm/templates/_helpers.tpl b/toggle-django-helm/templates/_helpers.tpl index 07a4665..c6c59fb 100644 --- a/toggle-django-helm/templates/_helpers.tpl +++ b/toggle-django-helm/templates/_helpers.tpl @@ -31,6 +31,17 @@ {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create the name of the service account to use +*/}} +{{- define "django-app.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "django-app.fullname" .) .Values.serviceAccountName }} +{{- else }} +{{- default "default" .Values.serviceAccountName }} +{{- end }} +{{- end }} + {{/* Create the name of the secret to be used by the django-app */}} diff --git a/toggle-django-helm/templates/api/deployment.yaml b/toggle-django-helm/templates/api/deployment.yaml index 0fffb15..661bc2c 100644 --- a/toggle-django-helm/templates/api/deployment.yaml +++ b/toggle-django-helm/templates/api/deployment.yaml @@ -23,6 +23,10 @@ spec: app: {{ include "django-app.fullname" . }} component: api spec: + {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ include "django-app.serviceAccountName" $ }} + {{- end }} containers: - name: api {{- include "django-app.imageConfig" diff --git a/toggle-django-helm/templates/api/service-account.yaml b/toggle-django-helm/templates/api/service-account.yaml new file mode 100644 index 0000000..cc7a511 --- /dev/null +++ b/toggle-django-helm/templates/api/service-account.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "django-app.serviceAccountName" . }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{ toYaml . | nindent 4}} + {{- end }} + {{- with .Values.serviceAccount.labels }} + labels: + {{ toYaml . | nindent 4}} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} + +{{- end }} diff --git a/toggle-django-helm/templates/argo-hooks/hook-job.yaml b/toggle-django-helm/templates/argo-hooks/hook-job.yaml index ddebbc3..90e54d2 100644 --- a/toggle-django-helm/templates/argo-hooks/hook-job.yaml +++ b/toggle-django-helm/templates/argo-hooks/hook-job.yaml @@ -19,6 +19,10 @@ spec: template: spec: restartPolicy: "Never" + {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} + {{- if $.Values.serviceAccount.create }} + serviceAccountName: {{ include "django-app.serviceAccountName" $ }} + {{- end }} containers: - name: {{ $hookName }} {{- include "django-app.imageConfig" diff --git a/toggle-django-helm/templates/celery-flower/deployment.yaml b/toggle-django-helm/templates/celery-flower/deployment.yaml index f4884d2..95a7617 100644 --- a/toggle-django-helm/templates/celery-flower/deployment.yaml +++ b/toggle-django-helm/templates/celery-flower/deployment.yaml @@ -24,6 +24,10 @@ spec: app: {{ include "django-app.fullname" . }} component: worker-flower spec: + {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ include "django-app.serviceAccountName" $ }} + {{- end }} containers: - name: worker {{- include "django-app.imageConfig" diff --git a/toggle-django-helm/templates/cronjobs/deployment.yaml b/toggle-django-helm/templates/cronjobs/deployment.yaml index 27482e7..f9965e1 100644 --- a/toggle-django-helm/templates/cronjobs/deployment.yaml +++ b/toggle-django-helm/templates/cronjobs/deployment.yaml @@ -27,6 +27,10 @@ spec: template: spec: restartPolicy: "Never" + {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 10 }}{{- end }} + {{- if $.Values.serviceAccount.create }} + serviceAccountName: {{ include "django-app.serviceAccountName" $ }} + {{- end }} containers: - name: cronjob command: diff --git a/toggle-django-helm/templates/worker-beat/deployment.yaml b/toggle-django-helm/templates/worker-beat/deployment.yaml index 1991305..f5d9db4 100644 --- a/toggle-django-helm/templates/worker-beat/deployment.yaml +++ b/toggle-django-helm/templates/worker-beat/deployment.yaml @@ -23,6 +23,10 @@ spec: app: {{ include "django-app.fullname" . }} component: worker-beat spec: + {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ include "django-app.serviceAccountName" $ }} + {{- end }} containers: - name: worker-beat {{- include "django-app.imageConfig" diff --git a/toggle-django-helm/templates/worker/deployment.yaml b/toggle-django-helm/templates/worker/deployment.yaml index 69f3bfe..e14cd67 100644 --- a/toggle-django-helm/templates/worker/deployment.yaml +++ b/toggle-django-helm/templates/worker/deployment.yaml @@ -29,6 +29,10 @@ spec: component: worker queue: {{ $queue_name }} spec: + {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} + {{- if $.Values.serviceAccount.create }} + serviceAccountName: {{ include "django-app.serviceAccountName" $ }} + {{- end }} containers: - name: worker command: diff --git a/toggle-django-helm/tests/values-1.yaml b/toggle-django-helm/tests/values-1.yaml index e80faee..88913ca 100644 --- a/toggle-django-helm/tests/values-1.yaml +++ b/toggle-django-helm/tests/values-1.yaml @@ -89,6 +89,15 @@ secrets: AWS_S3_BUCKET_STATIC_NAME: static-data AWS_S3_BUCKET_MEDIA_NAME: media-data +serviceAccountName: "secret-account" +serviceAccount: + create: true + annotations: + azure.workload.identity/client-id : "XXXXXXXX-YYYYYYYY" + labels: + azure.workload.identity/use: "true" + automountServiceAccountToken: true + extraManifests: - apiVersion: postgresql.cnpg.io/v1 kind: ScheduledBackup diff --git a/toggle-django-helm/tests/values-2.yaml b/toggle-django-helm/tests/values-2.yaml index 48b0c6f..3b5b589 100644 --- a/toggle-django-helm/tests/values-2.yaml +++ b/toggle-django-helm/tests/values-2.yaml @@ -137,6 +137,11 @@ secrets: AWS_S3_BUCKET_MEDIA_NAME: media-data +serviceAccountName: "" +serviceAccount: + create: true + automountServiceAccountToken: true + extraEnvVars: - name: SPECIAL_LEVEL_KEY valueFrom: diff --git a/toggle-django-helm/values.yaml b/toggle-django-helm/values.yaml index c62f6c1..a0f7fbc 100644 --- a/toggle-django-helm/values.yaml +++ b/toggle-django-helm/values.yaml @@ -253,4 +253,11 @@ secrets: {} # AWS_S3_BUCKET_STATIC_NAME: static-data # AWS_S3_BUCKET_MEDIA_NAME: media-data +serviceAccountName: "" +serviceAccount: + create: false + annotations: {} + labels: {} + automountServiceAccountToken: true + # extraManifests: [] or {} From 97c3c973528ee3915cc144a388bc0d1fc1c37af7 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Wed, 12 Nov 2025 21:53:12 +0545 Subject: [PATCH 3/7] feat: add podLabels and podAnnotations --- toggle-django-helm/templates/_helpers.tpl | 12 ++++++++++++ toggle-django-helm/templates/api/deployment.yaml | 1 + .../templates/argo-hooks/hook-job.yaml | 7 +++++++ .../templates/celery-flower/deployment.yaml | 1 + .../templates/cronjobs/deployment.yaml | 9 +++++++++ .../templates/worker-beat/deployment.yaml | 1 + toggle-django-helm/templates/worker/deployment.yaml | 1 + toggle-django-helm/tests/values-2.yaml | 7 +++++++ toggle-django-helm/tests/values-3.yaml | 5 +++++ toggle-django-helm/values.yaml | 4 ++++ 10 files changed, 48 insertions(+) diff --git a/toggle-django-helm/templates/_helpers.tpl b/toggle-django-helm/templates/_helpers.tpl index c6c59fb..f2d3c4b 100644 --- a/toggle-django-helm/templates/_helpers.tpl +++ b/toggle-django-helm/templates/_helpers.tpl @@ -133,4 +133,16 @@ Generate default annotations for app deployments reloader.stakater.com/auto: "true" checksum/secret: {{ include (print .Template.BasePath "/config/secret.yaml") . | sha256sum }} checksum/configmap: {{ include (print .Template.BasePath "/config/configmap.yaml") . | sha256sum }} +{{- with .Values.podAnnotations }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Generate default labels for app deployments +*/}} +{{- define "django-app.appDefaultLabels" -}} +{{- with .Values.podLabels -}} +{{ toYaml . }} +{{- end }} {{- end }} diff --git a/toggle-django-helm/templates/api/deployment.yaml b/toggle-django-helm/templates/api/deployment.yaml index 661bc2c..1d6286f 100644 --- a/toggle-django-helm/templates/api/deployment.yaml +++ b/toggle-django-helm/templates/api/deployment.yaml @@ -22,6 +22,7 @@ spec: labels: app: {{ include "django-app.fullname" . }} component: api + {{- with (include "django-app.appDefaultLabels" $) -}}{{ . | nindent 8 }}{{- end }} spec: {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} {{- if .Values.serviceAccount.create }} diff --git a/toggle-django-helm/templates/argo-hooks/hook-job.yaml b/toggle-django-helm/templates/argo-hooks/hook-job.yaml index 90e54d2..8a53ef2 100644 --- a/toggle-django-helm/templates/argo-hooks/hook-job.yaml +++ b/toggle-django-helm/templates/argo-hooks/hook-job.yaml @@ -17,6 +17,13 @@ metadata: argocd.argoproj.io/hook: {{ $hook.hook }} spec: template: + metadata: + annotations: + {{- include "django-app.appDefaultAnnotations" $ | nindent 8 }} + labels: + app: {{ include "django-app.fullname" $ }} + component: argo-hooks + {{- with (include "django-app.appDefaultLabels" $) -}}{{ . | nindent 8 }}{{- end }} spec: restartPolicy: "Never" {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} diff --git a/toggle-django-helm/templates/celery-flower/deployment.yaml b/toggle-django-helm/templates/celery-flower/deployment.yaml index 95a7617..1e77a39 100644 --- a/toggle-django-helm/templates/celery-flower/deployment.yaml +++ b/toggle-django-helm/templates/celery-flower/deployment.yaml @@ -23,6 +23,7 @@ spec: labels: app: {{ include "django-app.fullname" . }} component: worker-flower + {{- with (include "django-app.appDefaultLabels" $) -}}{{ . | nindent 8 }}{{- end }} spec: {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} {{- if .Values.serviceAccount.create }} diff --git a/toggle-django-helm/templates/cronjobs/deployment.yaml b/toggle-django-helm/templates/cronjobs/deployment.yaml index f9965e1..621fada 100644 --- a/toggle-django-helm/templates/cronjobs/deployment.yaml +++ b/toggle-django-helm/templates/cronjobs/deployment.yaml @@ -24,6 +24,15 @@ spec: jobTemplate: spec: activeDeadlineSeconds: {{ default 7200 $job.timeLimit }} # 2 hours default + metadata: + {{- with $.Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + labels: + app: {{ include "django-app.fullname" $ }} + component: cronjob + {{- with (include "django-app.appDefaultLabels" $) -}}{{ . | nindent 10 }}{{- end }} template: spec: restartPolicy: "Never" diff --git a/toggle-django-helm/templates/worker-beat/deployment.yaml b/toggle-django-helm/templates/worker-beat/deployment.yaml index f5d9db4..5118d2c 100644 --- a/toggle-django-helm/templates/worker-beat/deployment.yaml +++ b/toggle-django-helm/templates/worker-beat/deployment.yaml @@ -22,6 +22,7 @@ spec: labels: app: {{ include "django-app.fullname" . }} component: worker-beat + {{- with (include "django-app.appDefaultLabels" $) -}}{{ . | nindent 8 }}{{- end }} spec: {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} {{- if .Values.serviceAccount.create }} diff --git a/toggle-django-helm/templates/worker/deployment.yaml b/toggle-django-helm/templates/worker/deployment.yaml index e14cd67..c819f7b 100644 --- a/toggle-django-helm/templates/worker/deployment.yaml +++ b/toggle-django-helm/templates/worker/deployment.yaml @@ -28,6 +28,7 @@ spec: app: {{ include "django-app.fullname" $ }} component: worker queue: {{ $queue_name }} + {{- with (include "django-app.appDefaultLabels" $) -}}{{ . | nindent 8 }}{{- end }} spec: {{- with (include "django-app.appDefaultVolumes" $) -}}{{ . | nindent 6 }}{{- end }} {{- if $.Values.serviceAccount.create }} diff --git a/toggle-django-helm/tests/values-2.yaml b/toggle-django-helm/tests/values-2.yaml index 3b5b589..515c6dc 100644 --- a/toggle-django-helm/tests/values-2.yaml +++ b/toggle-django-helm/tests/values-2.yaml @@ -1,5 +1,12 @@ environment: ALPHA +podLabels: + azure.workload.identity/use: "true" +podAnnotations: + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + image: name: ghcr.io/example/example tag: v1.0.1 diff --git a/toggle-django-helm/tests/values-3.yaml b/toggle-django-helm/tests/values-3.yaml index 8f5fd50..5205a62 100644 --- a/toggle-django-helm/tests/values-3.yaml +++ b/toggle-django-helm/tests/values-3.yaml @@ -1,5 +1,10 @@ environment: ALPHA +podLabels: + azure.workload.identity/use: "true" +podAnnotations: + aws.workload.identity/use: "true" + image: name: ghcr.io/example/example tag: v1.0.1 diff --git a/toggle-django-helm/values.yaml b/toggle-django-helm/values.yaml index a0f7fbc..894fe21 100644 --- a/toggle-django-helm/values.yaml +++ b/toggle-django-helm/values.yaml @@ -1,6 +1,10 @@ environment: PROD appTypeEnvName: "DJANGO_APP_TYPE" + +podLabels: {} +podAnnotations: {} + image: {} # name: # tag: From ad099b9514b448689392f5b6ad807bc9f77c137c Mon Sep 17 00:00:00 2001 From: thenav56 Date: Thu, 13 Nov 2025 11:43:19 +0545 Subject: [PATCH 4/7] feat: add podVolumes and podVolumeMounts --- toggle-django-helm/templates/_helpers.tpl | 20 +++++++++++++++++++ .../templates/api/deployment.yaml | 1 + .../templates/argo-hooks/hook-job.yaml | 1 + .../templates/celery-flower/deployment.yaml | 1 + .../templates/cronjobs/deployment.yaml | 1 + .../templates/worker-beat/deployment.yaml | 1 + .../templates/worker/deployment.yaml | 1 + toggle-django-helm/tests/values-2.yaml | 13 ++++++++++++ toggle-django-helm/values.yaml | 2 ++ 9 files changed, 41 insertions(+) diff --git a/toggle-django-helm/templates/_helpers.tpl b/toggle-django-helm/templates/_helpers.tpl index f2d3c4b..0024e02 100644 --- a/toggle-django-helm/templates/_helpers.tpl +++ b/toggle-django-helm/templates/_helpers.tpl @@ -146,3 +146,23 @@ Generate default labels for app deployments {{ toYaml . }} {{- end }} {{- end }} + +{{/* +Generate default volumes for app deployments +*/}} +{{- define "django-app.appDefaultVolumes" -}} +{{- if .Values.podVolumes }} +volumes: +{{ .Values.podVolumes | toYaml | indent 2 }} +{{- end }} +{{- end }} + +{{/* +Generate default volumes mounts for app deployments +*/}} +{{- define "django-app.appDefaultVolumeMounts" -}} +{{- if .Values.podVolumeMounts }} +volumeMounts: +{{ .Values.podVolumeMounts | toYaml | indent 2 }} +{{- end }} +{{- end }} diff --git a/toggle-django-helm/templates/api/deployment.yaml b/toggle-django-helm/templates/api/deployment.yaml index 1d6286f..7b42db3 100644 --- a/toggle-django-helm/templates/api/deployment.yaml +++ b/toggle-django-helm/templates/api/deployment.yaml @@ -50,5 +50,6 @@ spec: (dict "Values" $.Values "Type" "web" ) | nindent 12 }} + {{- with (include "django-app.appDefaultVolumeMounts" $) -}}{{ . | nindent 10 }}{{- end }} {{- end }} diff --git a/toggle-django-helm/templates/argo-hooks/hook-job.yaml b/toggle-django-helm/templates/argo-hooks/hook-job.yaml index 8a53ef2..52838d0 100644 --- a/toggle-django-helm/templates/argo-hooks/hook-job.yaml +++ b/toggle-django-helm/templates/argo-hooks/hook-job.yaml @@ -52,6 +52,7 @@ spec: (dict "Values" $.Values "Type" "hook" ) | nindent 12 }} + {{- with (include "django-app.appDefaultVolumeMounts" $) -}}{{ . | nindent 10 }}{{- end }} {{- end }} diff --git a/toggle-django-helm/templates/celery-flower/deployment.yaml b/toggle-django-helm/templates/celery-flower/deployment.yaml index 1e77a39..d4d2136 100644 --- a/toggle-django-helm/templates/celery-flower/deployment.yaml +++ b/toggle-django-helm/templates/celery-flower/deployment.yaml @@ -47,6 +47,7 @@ spec: (dict "Values" $.Values "Type" "worker" ) | nindent 12 }} + {{- with (include "django-app.appDefaultVolumeMounts" $) -}}{{ . | nindent 10 }}{{- end }} {{- end }} {{- end }} diff --git a/toggle-django-helm/templates/cronjobs/deployment.yaml b/toggle-django-helm/templates/cronjobs/deployment.yaml index 621fada..c485f20 100644 --- a/toggle-django-helm/templates/cronjobs/deployment.yaml +++ b/toggle-django-helm/templates/cronjobs/deployment.yaml @@ -60,6 +60,7 @@ spec: (dict "Values" $.Values "Type" "cronjob" ) | nindent 16 }} + {{- with (include "django-app.appDefaultVolumeMounts" $) -}}{{ . | nindent 14 }}{{- end }} {{- end }} diff --git a/toggle-django-helm/templates/worker-beat/deployment.yaml b/toggle-django-helm/templates/worker-beat/deployment.yaml index 5118d2c..de6f271 100644 --- a/toggle-django-helm/templates/worker-beat/deployment.yaml +++ b/toggle-django-helm/templates/worker-beat/deployment.yaml @@ -46,5 +46,6 @@ spec: (dict "Values" $.Values "Type" "worker" ) | nindent 12 }} + {{- with (include "django-app.appDefaultVolumeMounts" $) -}}{{ . | nindent 10 }}{{- end }} {{- end }} diff --git a/toggle-django-helm/templates/worker/deployment.yaml b/toggle-django-helm/templates/worker/deployment.yaml index c819f7b..67d3b80 100644 --- a/toggle-django-helm/templates/worker/deployment.yaml +++ b/toggle-django-helm/templates/worker/deployment.yaml @@ -56,6 +56,7 @@ spec: (dict "Values" $.Values "Type" "worker" ) | nindent 12 }} + {{- with (include "django-app.appDefaultVolumeMounts" $) -}}{{ . | nindent 10 }}{{- end }} {{- end }} diff --git a/toggle-django-helm/tests/values-2.yaml b/toggle-django-helm/tests/values-2.yaml index 515c6dc..7a9c766 100644 --- a/toggle-django-helm/tests/values-2.yaml +++ b/toggle-django-helm/tests/values-2.yaml @@ -7,6 +7,19 @@ podAnnotations: aws.workload.identity/use2: "true" aws.workload.identity/use3: "true" +podVolumes: + - name: my-stuff + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + +podVolumeMounts: + - name: my-secret + mountPath: /mnt/secrets-store + readOnly: true + image: name: ghcr.io/example/example tag: v1.0.1 diff --git a/toggle-django-helm/values.yaml b/toggle-django-helm/values.yaml index 894fe21..5a14b9c 100644 --- a/toggle-django-helm/values.yaml +++ b/toggle-django-helm/values.yaml @@ -4,6 +4,8 @@ appTypeEnvName: "DJANGO_APP_TYPE" podLabels: {} podAnnotations: {} +podVolumes: [] +podVolumeMounts: [] image: {} # name: From 734157eef9d1b0e604ef8511950a6cba27dc068f Mon Sep 17 00:00:00 2001 From: thenav56 Date: Thu, 13 Nov 2025 11:46:03 +0545 Subject: [PATCH 5/7] feat: add secretsStoreCsiDriver integration (usages in azure) --- toggle-django-helm/templates/_helpers.tpl | 32 +++++++++++++++++-- .../templates/api/secrets-provider-class.yaml | 29 +++++++++++++++++ .../templates/config/secret.yaml | 4 +++ toggle-django-helm/tests/values-2.yaml | 12 +++++++ toggle-django-helm/values.yaml | 12 +++++++ 5 files changed, 87 insertions(+), 2 deletions(-) create mode 100644 toggle-django-helm/templates/api/secrets-provider-class.yaml diff --git a/toggle-django-helm/templates/_helpers.tpl b/toggle-django-helm/templates/_helpers.tpl index 0024e02..3c82dad 100644 --- a/toggle-django-helm/templates/_helpers.tpl +++ b/toggle-django-helm/templates/_helpers.tpl @@ -42,6 +42,17 @@ Create the name of the service account to use {{- end }} {{- end }} +{{/* +Create the name of the secret to be used by the django-app +*/}} +{{- define "django-app.secretProviderName" -}} +{{- if .Values.secretsStoreCsiDriverProviderName }} + {{- .Values.secretsStoreCsiDriverProviderName -}} +{{- else }} + {{- printf "%s-secret-provider" (include "django-app.fullname" .) -}} +{{- end -}} +{{- end -}} + {{/* Create the name of the secret to be used by the django-app */}} @@ -151,18 +162,35 @@ Generate default labels for app deployments Generate default volumes for app deployments */}} {{- define "django-app.appDefaultVolumes" -}} -{{- if .Values.podVolumes }} +{{- if or .Values.secretsStoreCsiDriver.create .Values.podVolumes -}} volumes: +{{- if .Values.secretsStoreCsiDriver.create }} + - name: {{ template "django-app.secretname" . }} + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: {{ template "django-app.secretProviderName" . }} +{{- end }} +{{- if .Values.podVolumes }} {{ .Values.podVolumes | toYaml | indent 2 }} {{- end }} {{- end }} +{{- end }} {{/* Generate default volumes mounts for app deployments */}} {{- define "django-app.appDefaultVolumeMounts" -}} -{{- if .Values.podVolumeMounts }} +{{- if or .Values.secretsStoreCsiDriver.create .Values.podVolumeMounts -}} volumeMounts: +{{- if .Values.secretsStoreCsiDriver.create }} + - name: {{ template "django-app.secretname" . }} + mountPath: /mnt/secrets-store + readOnly: true +{{- end }} +{{- if .Values.podVolumeMounts }} {{ .Values.podVolumeMounts | toYaml | indent 2 }} {{- end }} {{- end }} +{{- end }} diff --git a/toggle-django-helm/templates/api/secrets-provider-class.yaml b/toggle-django-helm/templates/api/secrets-provider-class.yaml new file mode 100644 index 0000000..d42524e --- /dev/null +++ b/toggle-django-helm/templates/api/secrets-provider-class.yaml @@ -0,0 +1,29 @@ +{{- if .Values.secretsStoreCsiDriver.create -}} + +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: {{ template "django-app.secretProviderName" . }} +spec: + provider: {{ .Values.secretsStoreCsiDriver.provider }} + parameters: + {{- with .Values.secretsStoreCsiDriver.parameters -}} + {{ toYaml . | nindent 4 }} + {{- end }} + objects: | + array: + {{- range $secret_key, $object_key := .Values.secretsStoreCsiDriver.secretsKeyMap }} + - | + objectName: {{ $object_key }} + objectType: secret + {{- end }} + secretObjects: + - secretName: {{ template "django-app.secretname" . }} + type: Opaque + data: + {{- range $secret_key, $object_key := .Values.secretsStoreCsiDriver.secretsKeyMap }} + - objectName: {{ $object_key }} + key: {{ $secret_key }} + {{- end }} + +{{- end }} diff --git a/toggle-django-helm/templates/config/secret.yaml b/toggle-django-helm/templates/config/secret.yaml index 4e60893..dd4054c 100644 --- a/toggle-django-helm/templates/config/secret.yaml +++ b/toggle-django-helm/templates/config/secret.yaml @@ -1,3 +1,5 @@ +{{- if not .Values.secretsStoreCsiDriver.create -}} + kind: Secret apiVersion: v1 metadata: @@ -12,3 +14,5 @@ stringData: {{- range $name, $value := .Values.secrets }} {{ $name }}: {{ tpl $value $ | quote }} {{- end }} + +{{- end }} diff --git a/toggle-django-helm/tests/values-2.yaml b/toggle-django-helm/tests/values-2.yaml index 7a9c766..5231caf 100644 --- a/toggle-django-helm/tests/values-2.yaml +++ b/toggle-django-helm/tests/values-2.yaml @@ -157,6 +157,18 @@ secrets: AWS_S3_BUCKET_MEDIA_NAME: media-data +# Azure configurations +secretsStoreCsiDriver: + create: true + parameters: + usePodIdentity: "false" + clientID: "sample" + keyvaultName: "sample" + tenantId: "" + secretsKeyMap: + CACHE_REDIS_URL: CACHE-REDIS-URL + CELERY_BROKER_URL: CELERY-BROKER-URL + serviceAccountName: "" serviceAccount: create: true diff --git a/toggle-django-helm/values.yaml b/toggle-django-helm/values.yaml index 5a14b9c..857c01a 100644 --- a/toggle-django-helm/values.yaml +++ b/toggle-django-helm/values.yaml @@ -266,4 +266,16 @@ serviceAccount: labels: {} automountServiceAccountToken: true +# Azure configurations +secretsStoreCsiDriverProviderName: "" +secretsStoreCsiDriver: + create: false + provider: azure # Only azure is supported + parameters: + usePodIdentity: "false" + clientID: "" + keyvaultName: "" + tenantId: "" + secretsKeyMap: {} # k8s Secret Key -> VaultKey + # extraManifests: [] or {} From 16c5976c7fa78362e1ef3090c3342ae6646ec9d7 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Thu, 13 Nov 2025 16:04:28 +0545 Subject: [PATCH 6/7] fix: reloader.stakater.com annotations placement --- toggle-django-helm/templates/_helpers.tpl | 9 ++++++++- toggle-django-helm/templates/api/deployment.yaml | 1 + .../templates/celery-flower/deployment.yaml | 1 + toggle-django-helm/templates/worker-beat/deployment.yaml | 1 + toggle-django-helm/templates/worker/deployment.yaml | 1 + 5 files changed, 12 insertions(+), 1 deletion(-) diff --git a/toggle-django-helm/templates/_helpers.tpl b/toggle-django-helm/templates/_helpers.tpl index 3c82dad..d0431a9 100644 --- a/toggle-django-helm/templates/_helpers.tpl +++ b/toggle-django-helm/templates/_helpers.tpl @@ -140,8 +140,15 @@ Generate env configs for app types {{/* Generate default annotations for app deployments */}} +{{- define "django-app.appDefaultDeploymentAnnotations" -}} +annotations: + reloader.stakater.com/auto: "true" +{{- end }} + +{{/* +Generate default annotations for app pods +*/}} {{- define "django-app.appDefaultAnnotations" -}} -reloader.stakater.com/auto: "true" checksum/secret: {{ include (print .Template.BasePath "/config/secret.yaml") . | sha256sum }} checksum/configmap: {{ include (print .Template.BasePath "/config/configmap.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} diff --git a/toggle-django-helm/templates/api/deployment.yaml b/toggle-django-helm/templates/api/deployment.yaml index 7b42db3..3d64f61 100644 --- a/toggle-django-helm/templates/api/deployment.yaml +++ b/toggle-django-helm/templates/api/deployment.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "django-app.fullname" . }}-api + {{- with (include "django-app.appDefaultDeploymentAnnotations" $) -}}{{ . | nindent 2 }}{{- end }} labels: app: {{ include "django-app.fullname" . }} component: api diff --git a/toggle-django-helm/templates/celery-flower/deployment.yaml b/toggle-django-helm/templates/celery-flower/deployment.yaml index d4d2136..a14dcb0 100644 --- a/toggle-django-helm/templates/celery-flower/deployment.yaml +++ b/toggle-django-helm/templates/celery-flower/deployment.yaml @@ -5,6 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "django-app.fullname" . }}-celery-flower + {{- with (include "django-app.appDefaultDeploymentAnnotations" $) -}}{{ . | nindent 2 }}{{- end }} labels: app: {{ include "django-app.fullname" . }} component: worker-flower diff --git a/toggle-django-helm/templates/worker-beat/deployment.yaml b/toggle-django-helm/templates/worker-beat/deployment.yaml index de6f271..3a8acf4 100644 --- a/toggle-django-helm/templates/worker-beat/deployment.yaml +++ b/toggle-django-helm/templates/worker-beat/deployment.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "django-app.fullname" . }}-worker-beat + {{- with (include "django-app.appDefaultDeploymentAnnotations" $) -}}{{ . | nindent 2 }}{{- end }} labels: app: {{ include "django-app.fullname" . }} component: worker-beat diff --git a/toggle-django-helm/templates/worker/deployment.yaml b/toggle-django-helm/templates/worker/deployment.yaml index 67d3b80..b2444a4 100644 --- a/toggle-django-helm/templates/worker/deployment.yaml +++ b/toggle-django-helm/templates/worker/deployment.yaml @@ -7,6 +7,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "django-app.fullname" $ }}-worker-{{ $queue_name }} + {{- with (include "django-app.appDefaultDeploymentAnnotations" $) -}}{{ . | nindent 2 }}{{- end }} labels: app: {{ include "django-app.fullname" $ }} component: worker From ab45bd1784e114d69f5f70794f825967f47741b1 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Fri, 14 Nov 2025 07:44:56 +0545 Subject: [PATCH 7/7] feat: add imagePullSecrets --- toggle-django-helm/templates/_helpers.tpl | 4 ++++ toggle-django-helm/tests/values-2.yaml | 2 ++ toggle-django-helm/values.yaml | 7 +++++++ 3 files changed, 13 insertions(+) diff --git a/toggle-django-helm/templates/_helpers.tpl b/toggle-django-helm/templates/_helpers.tpl index d0431a9..cf4655a 100644 --- a/toggle-django-helm/templates/_helpers.tpl +++ b/toggle-django-helm/templates/_helpers.tpl @@ -90,6 +90,10 @@ Generate image metadata -}} image: "{{ printf "%s:%s" $merged.name $merged.tag }}" imagePullPolicy: {{ default "IfNotPresent" $merged.imagePullPolicy }} +{{- with $merged.imagePullSecrets }} +imagePullSecrets: +{{- toYaml . | nindent 2 }} +{{- end }} {{- end }} {{/* diff --git a/toggle-django-helm/tests/values-2.yaml b/toggle-django-helm/tests/values-2.yaml index 5231caf..dc30be9 100644 --- a/toggle-django-helm/tests/values-2.yaml +++ b/toggle-django-helm/tests/values-2.yaml @@ -24,6 +24,8 @@ image: name: ghcr.io/example/example tag: v1.0.1 imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred ingress: enabled: true diff --git a/toggle-django-helm/values.yaml b/toggle-django-helm/values.yaml index 857c01a..f1f5365 100644 --- a/toggle-django-helm/values.yaml +++ b/toggle-django-helm/values.yaml @@ -11,6 +11,7 @@ image: {} # name: # tag: # imagePullPolicy: IfNotPresent + # imagePullSecrets: ingress: enabled: false @@ -107,6 +108,7 @@ api: # name: WORKER-SET-BY-CICD-IMAGE # tag: WORKER-SET-BY-CICD-TAG # imagePullPolicy: IfNotPresent + # imagePullSecrets: enabled: true replicaCount: 1 containerPort: 80 @@ -125,12 +127,14 @@ worker: # name: WORKER-SET-BY-CICD-IMAGE # tag: WORKER-SET-BY-CICD-TAG # imagePullPolicy: IfNotPresent + # imagePullSecrets: enabled: true beat: image: {} # name: WORKER-SET-BY-CICD-IMAGE # tag: WORKER-SET-BY-CICD-TAG # imagePullPolicy: IfNotPresent + # imagePullSecrets: command: ["celery", "-A", "myapp", "beat", "-l", "INFO"] resources: requests: @@ -144,6 +148,7 @@ worker: # name: WORKER-SET-BY-CICD-IMAGE # tag: WORKER-SET-BY-CICD-TAG # imagePullPolicy: IfNotPresent + # imagePullSecrets: enabled: false # Install flower package first command: ["celery", "-A", "myapp", "flower", "--port=8000"] resources: @@ -193,6 +198,7 @@ cronjobs: # name: CRONJOB-SET-BY-CICD-IMAGE # tag: CRONJOB-SET-BY-CICD-TAG # imagePullPolicy: IfNotPresent + # imagePullSecrets: defaultResources: requests: cpu: "1" @@ -215,6 +221,7 @@ argoHook: # name: WORKER-SET-BY-CICD-IMAGE # tag: WORKER-SET-BY-CICD-TAG # imagePullPolicy: IfNotPresent + # imagePullSecrets: resources: requests: cpu: "0.1"