-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkubeconfig-injector.yaml
69 lines (64 loc) · 1.87 KB
/
kubeconfig-injector.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
apiVersion: core.oam.dev/v1beta1
kind: TraitDefinition
metadata:
annotations:
definition.oam.dev/description: Inject the kubeconfig file to allow access with the kubectl command.
labels:
custom.definition.oam.dev/ui-hidden: "true"
name: kubeconfig-injector
namespace: vela-system
spec:
appliesToWorkloads:
- deployments.apps
podDisruptive: true
schematic:
cue:
template: |
patch: spec: template: spec: {
// +patchKey=name
containers: [{
name: context.name
env:[{
name: "KUBECONFIG"
value: "/var/napptive/kubeconfig"
}]
// +patchKey=name
volumeMounts: [{
name: parameter.mountName
mountPath: "/var/napptive"
}]
}]
// +patchKey=name
initContainers: [{
name: context.name + "-kubecnf"
image: "napptive/kubeconfig-injector:v1.0.0"
imagePullPolicy: "Always"
// +patchKey=name
volumeMounts: [{
name: parameter.mountName
mountPath: "/var/napptive"
},{
name: parameter.saMountName
mountPath: "/var/run/secrets/kubernetes.io/serviceaccount"
}]
}]
// +patchKey=name
volumes: [{
name: parameter.mountName
emptyDir: {}
},{
name: parameter.saMountName
secret: {
secretName: "user-secret"
optional: false
},
}]
}
parameter: {
// +usage=Deprecated. Parameter not used
name?: string
// +usage=Specify the mount name of shared volume
mountName: *"kubeconfig" | string
// +usage=Specify the mount name of secret volume
saMountName: *"sa-volume" | string
}