rancher-partner-charts/charts/hashicorp/consul/templates/gossip-encryption-autogener...

{{- if .Values.global.gossipEncryption.autoGenerate }}
{{- if (or .Values.global.gossipEncryption.secretName .Values.global.gossipEncryption.secretKey) }}
  {{ fail "If global.gossipEncryption.autoGenerate is true, global.gossipEncryption.secretName and global.gossipEncryption.secretKey must not be set." }}
{{ end }}
# automatically generate encryption key for gossip protocol and save it in Kubernetes secret
apiVersion: batch/v1
kind: Job
metadata:
  name: {{ template "consul.fullname" . }}-gossip-encryption-autogenerate
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "consul.name" . }}
    chart: {{ template "consul.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
    component: gossip-encryption-autogenerate
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-weight": "1"
    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
spec:
  template:
    metadata:
      name: {{ template "consul.fullname" . }}-gossip-encryption-autogenerate
      labels:
        app: {{ template "consul.name" . }}
        chart: {{ template "consul.chart" . }}
        release: {{ .Release.Name }}
        component: gossip-encryption-autogenerate
      annotations:
        "consul.hashicorp.com/connect-inject": "false"
    spec:
      restartPolicy: Never
      serviceAccountName: {{ template "consul.fullname" . }}-gossip-encryption-autogenerate
      {{- if not .Values.global.openshift.enabled }}
      securityContext:
        runAsNonRoot: true
        runAsGroup: 1000 
        runAsUser: 100 
        fsGroup: 1000
      {{- end }}
      containers:
        - name: gossip-encryption-autogen
          image: "{{ .Values.global.imageK8S }}"
          command:
            - "/bin/sh"
            - "-ec"
            - |
              consul-k8s-control-plane gossip-encryption-autogenerate \
                -namespace={{ .Release.Namespace }} \
                -secret-name={{ template "consul.fullname" . }}-gossip-encryption-key \
                -secret-key="key" \
                -log-level={{ .Values.global.logLevel }} \
                -log-json={{ .Values.global.logJSON }}
          resources:
            requests:
              memory: "50Mi"
              cpu: "50m"
            limits:
              memory: "50Mi"
              cpu: "50m"
{{- end }}
CI Updated Charts Added: hashicorp/consul: - 0.49.0 hashicorp/vault: - 0.22.0 2022-10-18 08:13:05 +00:00			`{{- if .Values.global.gossipEncryption.autoGenerate }}`
			`{{- if (or .Values.global.gossipEncryption.secretName .Values.global.gossipEncryption.secretKey) }}`
			`{{ fail "If global.gossipEncryption.autoGenerate is true, global.gossipEncryption.secretName and global.gossipEncryption.secretKey must not be set." }}`
			`{{ end }}`
			`# automatically generate encryption key for gossip protocol and save it in Kubernetes secret`
			`apiVersion: batch/v1`
			`kind: Job`
			`metadata:`
			`name: {{ template "consul.fullname" . }}-gossip-encryption-autogenerate`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`app: {{ template "consul.name" . }}`
			`chart: {{ template "consul.chart" . }}`
			`heritage: {{ .Release.Service }}`
			`release: {{ .Release.Name }}`
			`component: gossip-encryption-autogenerate`
			`annotations:`
			`"helm.sh/hook": pre-install,pre-upgrade`
			`"helm.sh/hook-weight": "1"`
			`"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation`
			`spec:`
			`template:`
			`metadata:`
			`name: {{ template "consul.fullname" . }}-gossip-encryption-autogenerate`
			`labels:`
			`app: {{ template "consul.name" . }}`
			`chart: {{ template "consul.chart" . }}`
			`release: {{ .Release.Name }}`
			`component: gossip-encryption-autogenerate`
			`annotations:`
			`"consul.hashicorp.com/connect-inject": "false"`
			`spec:`
			`restartPolicy: Never`
			`serviceAccountName: {{ template "consul.fullname" . }}-gossip-encryption-autogenerate`
			`{{- if not .Values.global.openshift.enabled }}`
			`securityContext:`
			`runAsNonRoot: true`
			`runAsGroup: 1000`
			`runAsUser: 100`
			`fsGroup: 1000`
			`{{- end }}`
			`containers:`
			`- name: gossip-encryption-autogen`
			`image: "{{ .Values.global.imageK8S }}"`
			`command:`
			`- "/bin/sh"`
			`- "-ec"`
			`- \|`
			`consul-k8s-control-plane gossip-encryption-autogenerate \`
			`-namespace={{ .Release.Namespace }} \`
			`-secret-name={{ template "consul.fullname" . }}-gossip-encryption-key \`
			`-secret-key="key" \`
			`-log-level={{ .Values.global.logLevel }} \`
			`-log-json={{ .Values.global.logJSON }}`
			`resources:`
			`requests:`
			`memory: "50Mi"`
			`cpu: "50m"`
			`limits:`
			`memory: "50Mi"`
			`cpu: "50m"`
			`{{- end }}`