Mount connection sshkeys on executors and mergers

Change-Id: I1628b2d4efe4ed949c70a0a96a5a06c037495a09
2021-07-08 11:27:53 +02:00 · 2021-07-08 11:27:53 +02:00 · e39d82975e
parent 97aa27080f
commit e39d82975e
1 changed files with 28 additions and 0 deletions
--- a/zuul_operator/templates/zuul.yaml
+++ b/zuul_operator/templates/zuul.yaml
@ -345,6 +345,13 @@ spec:
          mountPath: {{ volume.path }}
          {%- if volume.access == 'ro' %}readOnly: true{% endif %}
        {%- endfor %}
+        {%- for connection_name, connection in connections.items() %}
+        {%- if 'secretName' in connection %}
+        - name: connection-{{ connection_name }}
+          mountPath: /etc/zuul/connections/{{ connection_name }}
+          readOnly: true
+        {%- endif %}
+        {%- endfor %}
        securityContext:
          privileged: true
        terminationGracePeriodSeconds: {{ spec.executor.terminationGracePeriodSeconds }}
@ -371,6 +378,13 @@ spec:
      {%- for volume in spec.get('jobVolumes', []) %}
      - {{ volume.volume | zuul_to_json }}
      {%- endfor %}
+      {%- for connection_name, connection in connections.items() %}
+      {%- if 'secretName' in connection %}
+      - name: connection-{{ connection_name }}
+        secret:
+          secretName: {{ connection['secretName'] }}
+      {%- endif %}
+      {%- endfor %}
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@ -415,6 +429,13 @@ spec:
        - name: zookeeper-client-tls
          mountPath: /tls/client
          readOnly: true
+        {%- for connection_name, connection in connections.items() %}
+        {%- if 'secretName' in connection %}
+        - name: connection-{{ connection_name }}
+          mountPath: /etc/zuul/connections/{{ connection_name }}
+          readOnly: true
+        {%- endif %}
+        {%- endfor %}
        terminationGracePeriodSeconds: 3600
      volumes:
      - name: zuul-var
@ -425,6 +446,13 @@ spec:
      - name: zookeeper-client-tls
        secret:
          secretName: {{ spec.zookeeper.secretName }}
+      {%- for connection_name, connection in connections.items() %}
+      {%- if 'secretName' in connection %}
+      - name: connection-{{ connection_name }}
+        secret:
+          secretName: {{ connection['secretName'] }}
+      {%- endif %}
+      {%- endfor %}
 ---
 apiVersion: v1
 kind: Service