tyk-helm-chart
tyk-helm-chart copied to clipboard
TykTechnologies
[TT-6556]Feature Request - Allow mounting of externally created secrets
Description
We are using DocumentDB as the backing store for Tyk Dashboard and are running in to an issue when attempting to mount its CA bundle to the dashboard deployment using the Tyk-pro helm chart. Currently, if you declare a mount in the values file under dash.mounts the helm chart will generate a secret for you using this template. This presents a couple problems for us
-
We can’t provide the file required for the value of the secret because we are referencing the tyk-pro as a subchart and don’t have access to add files to the mount directory.
-
Even if we could do option 1 we would still like the ability to define secrets separately so that we could do things like create the secret with SealedSecrets. This would be a better fit for our gitops deployment model that would allow us to check in the secret to our repository.
Proposed Change
An idea we had to make this behavior possible was to simply add an additional boolean flag as part of the mount definition. This could be something like an isExternal flag that got checked here before the secret was created for the mount. If this seems like a viable option to the Tyk team I’m happy to create a PR implementing these changes.
Hi @cabewaldrop, Thanks for posting here. I created an internal ticket for this feature request. Please note that this will undergo investigation,review and approval thus there's still no estimated time as of the moment.
Hi thanks for the suggestion.
Mounting secret is supported by our new charts using the extraVolumes and extraVolumeMounts fields.
# extraVolumes is a list of volumes to be added to the pod
# extraVolumes:
# - name: ca-certs
# secret:
# defaultMode: 420
# secretName: ca-certs
extraVolumes: []
# extraVolumeMounts is a list of volume mounts to be added to the pod
# extraVolumeMounts:
# - name: ca-certs
# mountPath: /etc/ssl/certs/ca-certs.crt
# readOnly: true
extraVolumeMounts: []
