From 4ece77dd1685ad5a787da9070dc6099417810e53 Mon Sep 17 00:00:00 2001 From: Dom Goodwin Date: Thu, 28 May 2020 21:09:28 +0100 Subject: [PATCH] Elasticsearch secret mountmode (#596) * Add ability to set the file permissions when mounting a secret * Added test for defaultMode on secret mount --- elasticsearch/templates/statefulset.yaml | 3 +++ elasticsearch/tests/elasticsearch_test.py | 18 ++++++++++++++++++ elasticsearch/values.yaml | 1 + 3 files changed, 22 insertions(+) diff --git a/elasticsearch/templates/statefulset.yaml b/elasticsearch/templates/statefulset.yaml index afc260710..acb1afbc8 100644 --- a/elasticsearch/templates/statefulset.yaml +++ b/elasticsearch/templates/statefulset.yaml @@ -113,6 +113,9 @@ spec: - name: {{ .name }} secret: secretName: {{ .secretName }} + {{- if .defaultMode }} + defaultMode: {{ .defaultMode }} + {{- end }} {{- end }} {{- if .Values.esConfig }} - name: esconfig diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index 82e5d279b..87b598e0d 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -514,6 +514,24 @@ def test_adding_a_secret_mount_with_subpath(): } +def test_adding_a_secret_mount_with_default_mode(): + config = """ +secretMounts: + - name: elastic-certificates + secretName: elastic-certs + path: /usr/share/elasticsearch/config/certs + subPath: cert.crt + defaultMode: 0755 +""" + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + assert s["containers"][0]["volumeMounts"][-1] == { + "mountPath": "/usr/share/elasticsearch/config/certs", + "subPath": "cert.crt", + "name": "elastic-certificates", + } + + def test_adding_image_pull_secrets(): config = """ imagePullSecrets: diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 0029b9928..53d0fe762 100755 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -48,6 +48,7 @@ secretMounts: [] # - name: elastic-certificates # secretName: elastic-certificates # path: /usr/share/elasticsearch/config/certs +# defaultMode: 0755 image: "docker.elastic.co/elasticsearch/elasticsearch" imageTag: "7.7.0"