refactor: Add SealedSecrets and volumes in deployment.yaml and templa…

…tes/sealedsecret.yaml files. Changes in the 'deployment.yaml' file include adding volumeMounts, volumes, and a range loop for sealedSecrets in the 'templates/sealedsecret.yaml' file. The 'values.yaml' file now includes an optional section for sealedSecrets with an example of how to define a sealed secret.
freepik-company · Jun 11, 2024 · a046b39 · a046b39
1 parent 5a3264b
commit a046b39
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 1 deletion.
diff --git a/charts/cog-ai-model/README.md b/charts/cog-ai-model/README.md
@@ -2,7 +2,7 @@
 
 A Helm chart to install an IA model with Cog
 
-![Version: 0.14.3](https://img.shields.io/badge/Version-0.14.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 ## Values
 
@@ -58,6 +58,7 @@ A Helm chart to install an IA model with Cog
 | resources | object | `{}` |  |
 | routes | object | `{}` |  |
 | runtimeClassName | string | `"nvidia"` |  |
+| sealedSecrets | list | `[]` |  |
 | securityContext | object | `{}` |  |
 | service.annotations | object | `{}` |  |
 | service.port | int | `5000` |  |
@@ -96,6 +97,8 @@ A Helm chart to install an IA model with Cog
 | sidecar.service.type | string | `"ClusterIP"` |  |
 | strategy | object | `{}` |  |
 | tolerations | list | `[]` |  |
+| volumeMounts | list | `[]` |  |
+| volumes | list | `[]` |  |
 
 ## Nginx Auth
 

diff --git a/charts/cog-ai-model/templates/deployment.yaml b/charts/cog-ai-model/templates/deployment.yaml
@@ -72,6 +72,9 @@ spec:
           volumeMounts:
             - name: model-data-volume
               mountPath: {{ .Values.config.modelMountDir }}
+            {{- with .Values.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
         {{- if .Values.sidecar.enabled }}
         - name: {{ .Values.sidecar.name }}
           image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag | default .Chart.AppVersion }}"
@@ -116,6 +119,9 @@ spec:
         - name: model-data-volume
           hostPath:
             path: {{ .Values.config.modelLocalDir }}
+        {{- with .Values.volumes}}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
         {{- if .Values.sidecar.enabled }}
         - name: nginx-auth-config
           configMap:

diff --git a/charts/cog-ai-model/templates/sealedsecret.yaml b/charts/cog-ai-model/templates/sealedsecret.yaml
@@ -19,4 +19,19 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       name: {{ include "cog-ai-model.sidecarName" . }}
+{{- end }}
+---
+{{- range .Values.sealedSecrets }}
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: {{ include "cog-ai-model.fullname" $ }}-{{ .name }}
+  labels:
+    {{- include "cog-ai-model.labels" $ | nindent 4 }}
+spec:
+  encryptedData:
+    {{ .name }}: {{ .value | quote }}
+  template:
+    metadata:
+      name: {{ include "cog-ai-model.fullname" $ }}-{{ .name }}
 {{- end }}
diff --git a/charts/cog-ai-model/values.yaml b/charts/cog-ai-model/values.yaml
@@ -159,6 +159,22 @@ envsFrom: {}
 
 strategy: {}
 
+# Sealed values for secrets. It uses SealedSecrets to store secrets in a secure way.
+# Ensure you have SealedSecrets installed in your cluster before enabling this feature
+# and that you keep a sealed value to be sure that an upload to a repository is safe.
+sealedSecrets: []
+  #- name: MY_SECRET
+  #  value: "my-encrypted-secret-value"
+
+volumes: []
+  # - name: my-volume
+  #   emptyDir: {}
+
+volumeMounts: []
+  # - name: my-volume
+  #   mountPath: /path/to/mount
+
+
 # Nginx sidecar for auth-token management
 
 # Sidecar container to enable authorization token. Used to authenticate request using header