From 4b97a39cbffcdc0ee2c5eadf6a7498dff5af8f90 Mon Sep 17 00:00:00 2001 From: Patrick Koss Date: Sun, 1 Dec 2024 21:08:37 +0100 Subject: [PATCH] fix use sa key in zone repo --- Makefile | 2 +- deploy/stackit/templates/deployment.yaml | 6 ++++++ deploy/stackit/values.yaml | 21 ++++++++++++++++----- internal/repository/zone_repository.go | 9 +-------- 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 1822691..e4d3cee 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -GOLANGCI_VERSION = 1.61.0 +GOLANGCI_VERSION = 1.62.0 HELM_DOCS_VERSION = 1.14.2 LICENCES_IGNORE_LIST = $(shell cat licenses/licenses-ignore-list.txt) diff --git a/deploy/stackit/templates/deployment.yaml b/deploy/stackit/templates/deployment.yaml index 64094e0..de56892 100644 --- a/deploy/stackit/templates/deployment.yaml +++ b/deploy/stackit/templates/deployment.yaml @@ -63,6 +63,9 @@ spec: mountPath: {{ .Values.stackitSaAuthentication.mountPath }} readOnly: true {{- end }} + {{- if .Values.additionalVolumeMounts }} + {{ toYaml .Values.additionalVolumeMounts | indent 10 }} + {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} volumes: @@ -74,6 +77,9 @@ spec: secret: secretName: {{ .Values.stackitSaAuthentication.secretName }} {{- end }} + {{- if .Values.additionalVolumes }} + {{ toYaml .Values.additionalVolumes | indent 8 }} + {{- end }} {{- with .Values.podSecurityContext }} securityContext: {{ toYaml . | indent 8 }} diff --git a/deploy/stackit/values.yaml b/deploy/stackit/values.yaml index 3e7b601..b6bf99b 100644 --- a/deploy/stackit/values.yaml +++ b/deploy/stackit/values.yaml @@ -52,7 +52,8 @@ service: port: 443 # -- Kubernetes resources for the webhook. Usually limits.cpu=100m, limits.memory=128Mi, requests.cpu=100m, requests.memory=128Mi is enough for the webhook. -resources: { } +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -65,19 +66,29 @@ resources: { } # memory: 128Mi # -- Node selector for the webhook. -nodeSelector: { } +nodeSelector: {} # -- Tolerations for the webhook. -tolerations: [ ] +tolerations: [] -affinity: { } +affinity: {} securityContext: allowPrivilegeEscalation: false capabilities: - drop: [ "ALL" ] + drop: ["ALL"] podSecurityContext: runAsGroup: 1000 runAsUser: 1000 runAsNonRoot: true + +additionalVolumes: [] +# - name: extra-config +# configMap: +# name: extra-config-map + +additionalVolumeMounts: [] +# - name: extra-config +# mountPath: /etc/extra-config +# readOnly: true diff --git a/internal/repository/zone_repository.go b/internal/repository/zone_repository.go index 9dd6e4e..946e26c 100644 --- a/internal/repository/zone_repository.go +++ b/internal/repository/zone_repository.go @@ -5,7 +5,6 @@ import ( "fmt" "strings" - stackitconfig "github.com/stackitcloud/stackit-sdk-go/core/config" stackitdnsclient "github.com/stackitcloud/stackit-sdk-go/services/dns" ) @@ -31,13 +30,7 @@ type zoneRepositoryFactory struct{} func (z zoneRepositoryFactory) NewZoneRepository( config Config, ) (ZoneRepository, error) { - httpClient := *config.HttpClient - - apiClient, err := newStackitDnsClient( - stackitconfig.WithToken(config.AuthToken), - stackitconfig.WithHTTPClient(&httpClient), - stackitconfig.WithEndpoint(config.ApiBasePath), - ) + apiClient, err := chooseNewStackitDnsClient(config) if err != nil { return nil, err }