Support initcontainer, sidecar, volumes and mounts

Keyfactor · Sep 26, 2023 · 4b6cc5e · 4b6cc5e
1 parent 593e4fe
commit 4b6cc5e
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -290,6 +290,10 @@ Note that the samples prefix properties with `WORKERGENID1` which always creates
 | signserver.keystoresMountPath         | Mount path in the SignServer container for mounted keystore files                                      |         |
 | signserver.env                        | Environment variables to pass to container                                                             |         |
 | signserver.envRaw                     | Environment variables to pass to container in Kubernetes YAML format                                   |         |
+| signserver.initContainers             | Extra init containers to be added to the deployment                                                    | []      |
+| signserver.sidecarContainers          | Extra sidecar containers to be added to the deployment                                                 | []      |
+| signserver.volumes                    | Extra volumes to be added to the deployment                                                            | []      |
+| signserver.volumeMounts               | Extra volume mounts to be added to the deployment                                                      | []      |
 
 ### SignServer Environment Variables
 
@@ -330,6 +334,8 @@ Note that the samples prefix properties with `WORKERGENID1` which always creates
 | services.proxyHttp.bindIP     | IP to bind for proxy HTTP communication                                                                   | 0.0.0.0   |
 | services.proxyHttp.httpPort   | Service port for proxy HTTP communication                                                                 | 8081      |
 | services.proxyHttp.httpsPort  | Service port for proxy HTTP communication that accepts SSL_CLIENT_CERT header                             | 8082      |
+| services.sidecarPorts         | Additional ports to expose in sidecar containers                                                          | []        |
+
 
 ### Ingress Parameters
 

diff --git a/templates/deployment.yaml b/templates/deployment.yaml
@@ -27,6 +27,10 @@ spec:
       serviceAccountName: {{ include "signserver-community-helm.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}  
+      {{- if .Values.signserver.initContainers }}
+      initContainers:
+        {{- toYaml .Values.signserver.initContainers | nindent 8 }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -119,6 +123,12 @@ spec:
             - name: signserver-keystores-files
               mountPath: {{ .Values.signserver.keystoresMountPath }}
             {{- end }}
+            {{- if .Values.signserver.volumeMounts }}
+              {{- toYaml .Values.signserver.volumeMounts | nindent 12 }}
+            {{- end }}
+          {{- if .Values.signserver.sidecarContainers }}
+            {{- toYaml .Values.signserver.sidecarContainers | nindent 8 }}
+          {{- end }}
       volumes:
         {{- if .Values.signserver.useH2Persistence }}
         - name: signserver-h2-persistence
@@ -145,6 +155,9 @@ spec:
           secret:
             secretName: {{ .Values.signserver.keystoresSecret }}
         {{- end }}
+        {{- if .Values.signserver.volumes }}
+          {{- toYaml .Values.signserver.volumes | nindent 8 }}
+        {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/templates/services.yaml b/templates/services.yaml
@@ -22,6 +22,9 @@ spec:
       targetPort: https
       protocol: TCP
       name: https
+    {{- if and .Values.signserver.sidecarContainers .Values.services.sidecarPorts }}
+      {{- toYaml .Values.services.sidecarPorts | nindent 4 }}
+    {{- end }}
   selector:
     {{- include "signserver-community-helm.selectorLabels" . | nindent 4 }}
 {{- end }}

diff --git a/values.yaml b/values.yaml
@@ -22,6 +22,14 @@ signserver:
   #     secretKeyRef:
   #       name: signserverdbcredentials
   #       key: database_password
+  # Extra init containers to be added to the deployment
+  initContainers: []
+  # Extra sidecar containers to be added to the deployment
+  sidecarContainers: []
+  # Extra volumes to be added to the deployment
+  volumes: []
+  # Extra volume mounts to be added to the deployment
+  volumeMounts: []
 
 
 # Only one of the following services can be enabled at a time
@@ -42,6 +50,9 @@ services:
     bindIP: 0.0.0.0
     httpPort: 8081
     httpsPort: 8082
+  # Extra sidecar ports to be added to the service, optionally used when sidecarContainers
+  # are defined and need to expose ports
+  sidecarPorts: []
 
 # Requires proxyAJP or proxyHttp service to be enabled for adminweb access
 ingress: