S3 custom backend support (#98)

osstotalsoft · Nov 22, 2024 · a46f5cf · a46f5cf
1 parent 0d39153
commit a46f5cf
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 1 deletion.
diff --git a/helm/templates/provisioner-deployment.yaml b/helm/templates/provisioner-deployment.yaml
@@ -22,6 +22,12 @@ spec:
         app.kubernetes.io/version: {{ .Values.global.tag }}
         app.kubernetes.io/managed-by: "helm"
     spec:
+      {{- if .Values.global.s3.enabled }}
+      volumes:
+        - name: provisioner-secrets
+          secret:
+            secretName: provisioner-secrets
+      {{- end }}
       containers:
       - name: provisioning-controller
         image: "{{ .Values.global.registry }}/platform-controllers:{{ .Values.global.tag }}"
@@ -85,11 +91,21 @@ spec:
               name: azure-config
               key: tenantId
         {{- end }}
+        {{- if eq .Values.global.backend.type "cloud" }}
         - name: PULUMI_ACCESS_TOKEN
           valueFrom:
             secretKeyRef:
               name: provisioner-secrets
               key: pulumiAccessToken
+        {{- else if eq .Values.global.backend.type "custom" }}
+        - name: PULUMI_BACKEND_URL
+          value: {{ .Values.global.backend.customBackedUrl | quote }}
+        - name: PULUMI_CONFIG_PASSPHRASE
+          valueFrom:
+            secretKeyRef:
+              name: provisioner-secrets
+              key: pulumiConfigPassphrase
+        {{- end }}
         {{- if .Values.global.vault.enabled }}
         - name: VAULT_ADDR
           value: "{{ .Values.global.vault.address }}"
@@ -99,8 +115,19 @@ spec:
               name:  provisioner-secrets
               key: vaultAccessToken
         {{- end }}
+        {{- if .Values.global.s3.enabled }}
+        - name: AWS_PROFILE
+          value: "{{ .Values.global.s3.profile }}"
+        {{- end }}
         - name: RUSI_ENABLED
-          value: "{{ .Values.global.rusi.enabled }}"            
+          value: "{{ .Values.global.rusi.enabled }}"
+        {{- if .Values.global.s3.enabled }}
+        volumeMounts:
+          - mountPath: "/home/nonroot/.aws/credentials"
+            name: provisioner-secrets
+            subPath: s3Credentials
+            readOnly: true
+        {{- end }}
         command:
         - "/tenant-provisioner"
         args:

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -11,4 +11,11 @@ global:
     enabled: true
   azure:
     enabled: true
+  backend:
+    type: cloud # cloud | custom
+    customBackedUrl: s3://my-bucket?region=ro&endpoint=http://my-minio-server:9000&disableSSL=true&s3ForcePathStyle=true
+  s3:
+    enabled: false
+    profile: minio
+