Merge pull request #27 from patoarvizu/parameterize-gomplate-image

Parameterize gomplate image

.circleci/config.yml

@@ -62,7 +62,7 @@ jobs:
             kubectl rollout status -n cert-manager deployment/cert-manager-webhook -w
             kubectl apply -f https://raw.githubusercontent.com/patoarvizu/common-manifests/master/cert-manager/cluster-issuer.yaml
             kubectl create ns vault
-            helm install vault-agent-webhook helm/vault-agent-auto-inject-webhook/ -n vault --set prometheusMonitoring.enable=false --set replicas=1
+            helm install vault-agent-webhook helm/vault-agent-auto-inject-webhook/ -n vault --set prometheusMonitoring.enable=false --set replicas=1 --set imageVersion=latest
             while [ "$(kubectl -n vault get deployment vault-agent-webhook -o jsonpath={.status.readyReplicas})" != "1" ]; do
               sleep 1
             done

README.md

@@ -103,6 +103,7 @@ Flag | Description | Default
 `-tls-key-file` | TLS key file |
 `-annotation-prefix` | Prefix of the annotations the webhook will process | `vault.patoarvizu.dev`
 `-target-vault-address` | Address of remote Vault API | `https://vault:8200`
+`-gomplate-image` | The full name (repository and tag) of the gomplate image for the init container | `hairyhenderson/gomplate:v3`
 `-kubernetes-auth-path` | Path to Vault Kubernetes auth endpoint | `auth/kubernetes`
 `-vault-image-version` | Tag on the 'vault' Docker image to inject with the sidecar | `1.3.0`
 `-default-config-map-name` | The name of the ConfigMap to be used for the Vault agent configuration by default, unless overwritten by annotation | `vault-agent-config`

cmd/webhook.go

@@ -48,6 +48,7 @@ type webhookCfg struct {
 	memoryLimit          string
 	mountCACertSecret    bool
 	caCertSecretName     string
+	gomplateImage        string
 }
 
 var cfg = &webhookCfg{}
@@ -167,7 +168,7 @@ func injectVaultSidecar(_ context.Context, obj metav1.Object) (bool, error) {
 
 	pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{
 		Name:  "config-template",
-		Image: "hairyhenderson/gomplate:v3",
+		Image: cfg.gomplateImage,
 		Command: []string{
 			"/gomplate",
 			"--file",
@@ -280,6 +281,7 @@ func main() {
 	fl.StringVar(&cfg.targetVaultAddress, "target-vault-address", "https://vault:8200", "Address of remote Vault API")
 	fl.StringVar(&cfg.kubernetesAuthPath, "kubernetes-auth-path", "auth/kubernetes", "Path to Vault Kubernetes auth endpoint")
 	fl.StringVar(&cfg.vaultImageVersion, "vault-image-version", "1.3.0", "Tag on the 'vault' Docker image to inject with the sidecar")
+	fl.StringVar(&cfg.gomplateImage, "gomplate-image", "hairyhenderson/gomplate:v3", "The full name (repository and tag) of the gomplate image for the init container")
 	fl.StringVar(&cfg.defaultConfigMapName, "default-config-map-name", "vault-agent-config", "The name of the ConfigMap to be used for the Vault agent configuration by default, unless overwritten by annotation")
 	fl.BoolVar(&cfg.mountCACertSecret, "mount-ca-cert-secret", false, "Indicate if the Secret indicated by the -ca-cert-secret-name flag should be mounted on the Vault agent container")
 	fl.StringVar(&cfg.caCertSecretName, "ca-cert-secret-name", "vault-tls", "The name of the secret in the target namespace to mount and use as a CA cert")

docs/index.md

@@ -1,6 +1,6 @@
 # vault-agent-auto-inject-webhook
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square)
 
 Vault agent auto-inject webhook
 
@@ -19,6 +19,7 @@ Vault agent auto-inject webhook
 | flags.annotationPrefix | string | `"vault.patoarvizu.dev"` | The value to be set on the `-annotation-prefix` flag. |
 | flags.caCertSecretName | string | `"vault-tls"` | The value to be set on the `-ca-cert-secret-name` flag. |
 | flags.defaultConfigMapName | string | `"vault-agent-config"` | The value to be set on the `-default-config-map-name` flag. |
+| flags.gomplateImage | string | `"hairyhenderson/gomplate:v3"` | The value to be set to the `-gomplate-image` flag. |
 | flags.kubernetesAuthPath | string | `"auth/kubernetes"` | The value to be set on the `-kubernetes-auth-path` flag. |
 | flags.mountCACertSecret | bool | `true` | The value to be set on the `-mount-ca-cert-secret` flag. |
 | flags.resources.limits.cpu | string | `"100m"` | The value to be set on the `-cpu-limit` flag. |

docs/index.yaml

@@ -2,19 +2,27 @@ apiVersion: v1
 entries:
   vault-agent-auto-inject-webhook:
   - apiVersion: v2
-    created: "2020-09-29T12:55:00.528379-04:00"
+    created: "2020-11-16T14:12:17.413611-05:00"
+    description: Vault agent auto-inject webhook
+    digest: f0951ec709bfdbf482472242733b39b5f6d5a913437bd46f8b4d9653f6578c85
+    name: vault-agent-auto-inject-webhook
+    urls:
+    - https://patoarvizu.github.io/vault-agent-auto-inject-webhook/vault-agent-auto-inject-webhook-0.2.0.tgz
+    version: 0.2.0
+  - apiVersion: v2
+    created: "2020-11-16T14:12:17.412837-05:00"
     description: Vault agent auto-inject webhook
     digest: 2da09a31eb20a128b60e5dc6761a353bb8ac938e3dbafbce1d2aa3be9c7b44f0
     name: vault-agent-auto-inject-webhook
     urls:
     - https://patoarvizu.github.io/vault-agent-auto-inject-webhook/vault-agent-auto-inject-webhook-0.1.0.tgz
     version: 0.1.0
   - apiVersion: v1
-    created: "2020-09-29T12:55:00.527031-04:00"
+    created: "2020-11-16T14:12:17.412118-05:00"
     description: Vault agent auto-inject webhook
     digest: 77e938e8bce1bb95537e1a070eb0b54677d699f81e464d2ac4bffb6bf5c5af11
     name: vault-agent-auto-inject-webhook
     urls:
     - https://patoarvizu.github.io/vault-agent-auto-inject-webhook/vault-agent-auto-inject-webhook-0.0.0.tgz
     version: 0.0.0
-generated: "2020-09-29T12:55:00.522914-04:00"
+generated: "2020-11-16T14:12:17.408468-05:00"

helm/vault-agent-auto-inject-webhook/Chart.yaml

@@ -1,4 +1,4 @@
 apiVersion: v2
 description: Vault agent auto-inject webhook
 name: vault-agent-auto-inject-webhook
-version: 0.1.0
+version: 0.2.0

helm/vault-agent-auto-inject-webhook/templates/deployment.yaml

@@ -35,6 +35,8 @@ spec:
         - {{ .Values.flags.annotationPrefix }}
         - -target-vault-address
         - {{ .Values.flags.targetVaultAddress | default (printf "https://vault.%s:8200" .Release.Namespace) }}
+        - -gomplate-image
+        - {{ .Values.flags.gomplateImage }}
         - -kubernetes-auth-path
         - {{ .Values.flags.kubernetesAuthPath }}
         - -default-config-map-name

helm/vault-agent-auto-inject-webhook/values.yaml

@@ -23,6 +23,8 @@ flags:
   # flags.targetVaultAddress -- The value to be set on the `-target-vault-address` flag.
   # If not specified, it will default to https://vault.{{ .Release.Namespace }}:8200.
   targetVaultAddress:
+  # flags.gomplateImage -- The value to be set to the `-gomplate-image` flag.
+  gomplateImage: hairyhenderson/gomplate:v3
   # flags.kubernetesAuthPath -- The value to be set on the `-kubernetes-auth-path` flag.
   kubernetesAuthPath: auth/kubernetes
   # flags.vaultImageVersion -- The value to be set on the `-vault-image-version` flag.