fix(deployment): mount environment variables and volumes only when enabled

2025-10-12 21:55:31 +02:00
parent 5c09cf8c79
commit 3bce806ed6
7 changed files with 51 additions and 21 deletions
--- a/templates/_pod.tpl
+++ b/templates/_pod.tpl
@@ -2,23 +2,23 @@

 {{/* annotations */}}

-{{- define "athens-proxy.pod.annotations" -}}
-{{ include "athens-proxy.annotations" . }}
-{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) -}}
-{{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
-{{- end -}}
-{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) -}}
-{{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
-{{- end -}}
-{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) -}}
-{{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
-{{- end -}}
-{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) -}}
-{{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
-{{- end -}}
-{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) -}}
-{{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
-{{- end -}}
+{{- define "athens-proxy.pod.annotations" }}
+{{- include "athens-proxy.annotations" . }}
+{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
+{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
+{{- end }}
+{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
+{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
+{{- end }}
+{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
+{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
+{{- end }}
+{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
+{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
+{{- end }}
+{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
+{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
+{{- end }}
 {{- end }}


--- a/templates/configMapDownloadMode.yaml
+++ b/templates/configMapDownloadMode.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.config.downloadMode.existingConfigMap.enabled }}
+{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
 ---
 apiVersion: v1
 kind: ConfigMap
--- a/templates/configMapGitConfig.yaml
+++ b/templates/configMapGitConfig.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.config.gitConfig.existingConfigMap.enabled }}
+{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
 ---
 apiVersion: v1
 kind: ConfigMap
--- a/templates/secretSSH.yaml
+++ b/templates/secretSSH.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.config.ssh.existingSecret.enabled }}
+{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
 ---
 apiVersion: v1
 kind: Secret
--- a/unittests/configMaps/downloadMode.yaml
+++ b/unittests/configMaps/downloadMode.yaml
@@ -8,14 +8,22 @@ release:
 templates:
 - templates/configMapDownloadMode.yaml
 tests:
+- it: Skip rending by default.
+  asserts:
+  - hasDocuments:
+      count: 0
+
 - it: Skip rending by using existing config map.
  set:
+    config.downloadMode.enabled: true
    config.downloadMode.existingConfigMap.enabled: true
  asserts:
  - hasDocuments:
      count: 0

- it: Rendering by default.
+- it: Rendering with default values
+  set:
+    config.downloadMode.enabled: true
  asserts:
  - hasDocuments:
      count: 1
@@ -56,6 +64,7 @@ tests:

 - it: Rendering custom annotations and labels.
  set:
+    config.downloadMode.enabled: true
    config.downloadMode.configMap.annotations:
      foo: bar
      bar: foo
@@ -76,6 +85,7 @@ tests:

 - it: Rendering custom configuration
  set:
+    config.downloadMode.enabled: true
    config.downloadMode.configMap.content: |
      downloadURL = "https://proxy.golang.org"
      mode = "async_redirect"
--- a/unittests/configMaps/gitConfig.yaml
+++ b/unittests/configMaps/gitConfig.yaml
@@ -8,14 +8,22 @@ release:
 templates:
 - templates/configMapGitConfig.yaml
 tests:
+- it: Skip rending by default.
+  asserts:
+  - hasDocuments:
+      count: 0
+
 - it: Skip rending by using existing config map.
  set:
+    config.gitConfig.enabled: true
    config.gitConfig.existingConfigMap.enabled: true
  asserts:
  - hasDocuments:
      count: 0

 - it: Rendering by default.
+  set:
+    config.gitConfig.enabled: true
  asserts:
  - hasDocuments:
      count: 1
@@ -46,6 +54,7 @@ tests:

 - it: Rendering custom annotations and labels.
  set:
+    config.gitConfig.enabled: true
    config.gitConfig.configMap.annotations:
      foo: bar
      bar: foo
@@ -66,6 +75,7 @@ tests:

 - it: Rendering custom configuration
  set:
+    config.gitConfig.enabled: true
    config.gitConfig.configMap.content: |
      [url "git@github.com:"]
      insteadOf = https://github.com/
--- a/unittests/secrets/ssh.yaml
+++ b/unittests/secrets/ssh.yaml
@@ -8,14 +8,22 @@ release:
 templates:
 - templates/secretSSH.yaml
 tests:
+- it: Skip rending by default.
+  asserts:
+  - hasDocuments:
+      count: 0
+
 - it: Skip rendering by using existing secret.
  set:
+    config.ssh.enabled: true
    config.ssh.existingSecret.enabled: true
  asserts:
  - hasDocuments:
      count: 0

 - it: Rendering ssh secret with default values.
+  set:
+    config.ssh.enabled: true
  asserts:
  - hasDocuments:
      count: 1
@@ -51,6 +59,7 @@ tests:

 - it: Rendering ssh secret with custom values.
  set:
+    config.ssh.enabled: true
    config.ssh.secret.config: |
      Host *
        IdentityFile ~/.ssh/id_ed25519
@@ -90,6 +99,7 @@ tests:

 - it: Rendering custom annotations and labels.
  set:
+    config.ssh.enabled: true
    config.ssh.secret.annotations:
      foo: bar
      bar: foo