overlay-azure.yaml

#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")
#@ load("@ytt:json", "json")
#@ load("@ytt:struct", "struct")
#@ load("@ytt:assert", "assert")

#@ if data.values.azure:
#@ if data.values.azure.resourceGroup == "":
#@   assert.fail("`data.values.azure.resourceGroup` must be specified")
#@ end
#@ if data.values.azure.tenantId == "":
#@   assert.fail("`data.values.azure.tenantId` must be specified")
#@ end
#@ if data.values.azure.subscriptionId == "":
#@   assert.fail("`data.values.azure.subscriptionId` must be specified")
#@ end
#@ if data.values.azure.useManagedIdentityExtension in [None, False] and data.values.azure.aadClientSecret in [None, ""]:
#@   assert.fail("`data.values.azure.aadClientSecret` must be specified if not using managed identity extension")
#@ end
#@ if data.values.azure.useManagedIdentityExtension in [None, False] and data.values.azure.aadClientId in [None, ""]:
#@   assert.fail("`data.values.azure.aadClientId` must be specified if not using managed identity extension")
#@ end
#@
#@ json_data = {}
#@ azure_config = data.values.azure
#@ for key in azure_config:
#@   if azure_config[key] != None:
#@     json_data[key] = azure_config[key]
#@   end
#@ end

---
apiVersion: v1
kind: Secret
metadata:
  name: azure-config-file
  namespace: #@ data.values.namespace
type: Opaque
stringData:
  azure.json: #@ json.encode(json_data)

#@overlay/match by=overlay.subset({"kind":"Deployment", "metadata":{"name":"external-dns"}})
#@overlay/match-child-defaults missing_ok=True
---
spec:
  template:
    spec:
      volumes:
        - name: azure-config-file
          secret:
            secretName: azure-config-file
      containers:
        #@overlay/match by=overlay.subset({"name": "external-dns"})
        - volumeMounts:
            - name: azure-config-file
              mountPath: /etc/kubernetes
              readOnly: true
#@ end