Merge pull request fluxcd#1166 from stephenmoloney/helm/add_ssh_dir

Mount the sshdir into the helm-operator too
oliviabarrick · Jun 28, 2018 · e0e6b70 · e0e6b70
2 parents 78b09f0 + e291e53
commit e0e6b70
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/chart/flux/templates/helm-operator-deployment.yaml b/chart/flux/templates/helm-operator-deployment.yaml
@@ -24,6 +24,10 @@ spec:
       serviceAccountName: {{ template "flux.serviceAccountName" . }}
       {{- end }}
       volumes:
+      - name: sshdir
+        configMap:
+          name: {{ template "flux.fullname" . }}-ssh-config
+          defaultMode: 0600
       - name: git-key
         secret:
           secretName: {{ template "flux.fullname" . }}-git-deploy
@@ -33,6 +37,10 @@ spec:
         image: "{{ .Values.helmOperator.repository }}:{{ .Values.helmOperator.tag }}"
         imagePullPolicy: {{ .Values.helmOperator.pullPolicy }}
         volumeMounts:
+        - name: sshdir
+          mountPath: /root/.ssh/known_hosts
+          subPath: known_hosts
+          readOnly: true
         - name: git-key
           mountPath: /etc/fluxd/ssh
           readOnly: true

diff --git a/deploy-helm/helm-operator-deployment.yaml b/deploy-helm/helm-operator-deployment.yaml
@@ -14,6 +14,14 @@ spec:
     spec:
       serviceAccount: flux
       volumes:
+      # The following volume is for using a customised known_hosts
+      # file file, which you will need to do if you host your own git
+      # repo rather than using github or the like. You'll also need to
+      # mount it into the container, below.
+      # - name: sshdir
+      #   configMap:
+      #     name: flux-ssh-config
+      #     defaultMode: 0600
       - name: git-key
         secret:
           secretName: flux-git-deploy
@@ -26,6 +34,12 @@ spec:
         image: quay.io/weaveworks/helm-operator:0.1.0-alpha
         imagePullPolicy: IfNotPresent
         volumeMounts:
+        # Include this if you need to mount a customised known_hosts
+        # file; you'll also need the volume declared above.
+        # - name: sshdir
+        # mountPath: /root/.ssh/known_hosts
+        # subPath: known_hosts
+        # readOnly: true
         - name: git-key
           mountPath: /etc/fluxd/ssh
           readOnly: true # this will be the case perforce in K8s >=1.10