-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoverlay-aws.yaml
65 lines (58 loc) · 2.14 KB
/
overlay-aws.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")
#@ load("@ytt:base64", "base64")
#@ load("@ytt:assert", "assert")
#@ load("defaults.star", "get_default_aws_args")
#@ if data.values.infraProvider=="aws":
#@ (hasAwsCredsAccessKey, _) = assert.try_to(lambda: len(data.values.aws.credentials.accessKey) > 0)
#@ (hasAwsCredsSecretKey, _) = assert.try_to(lambda: len(data.values.aws.credentials.secretKey) > 0)
#@ if (hasAwsCredsSecretKey and not hasAwsCredsAccessKey) or (not hasAwsCredsSecretKey and hasAwsCredsAccessKey):
#@ assert.fail("`aws.credentials.accessKey` and `aws.credentials.secretKey` must both be provided")
#@ end
#@overlay/match by=overlay.subset({"kind":"Deployment", "metadata": {"name": "external-dns"}})
#@overlay/match-child-defaults missing_ok=True
---
spec:
template:
spec:
containers:
#@overlay/match by="name"
- name: external-dns
#@overlay/replace
args: #@ get_default_aws_args()
#@ if hasAwsCredsAccessKey and hasAwsCredsSecretKey:
#! When providing the `aws.credentials` the provider must be `aws`
#@ if "--provider=aws" not in get_default_aws_args():
#@ assert.fail("Use of `aws.credentials` requires using the aws provider")
#@ end
---
apiVersion: v1
kind: Secret
metadata:
name: external-dns-aws-values
namespace: #@ data.values.namespace
type: Opaque
data:
awsAccessKeyID: #@ base64.encode("{}".format(data.values.aws.credentials.accessKey))
awsSecretAccessKey: #@ base64.encode("{}".format(data.values.aws.credentials.secretKey))
#@overlay/match by=overlay.subset({"kind":"Deployment", "metadata":{"name":"external-dns"}})
#@overlay/match-child-defaults missing_ok=True
---
spec:
template:
spec:
containers:
#@overlay/match by=overlay.subset({"name": "external-dns"})
- env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: external-dns-aws-values
key: awsAccessKeyID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: external-dns-aws-values
key: awsSecretAccessKey
#@ end
#@ end