feat: Add support for configuring wasmCloud Secrets

Signed-off-by: Joonas Bergius <joonas@cosmonic.com>
wasmCloud · Aug 1, 2024 · 4ec7c28 · 4ec7c28
1 parent 5988e64
commit 4ec7c28
Show file tree

Hide file tree

Showing 8 changed files with 800 additions and 475 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "wasmcloud-operator"
-version = "0.3.1"
+version = "0.4.0"
 edition = "2021"
 
 [[bin]]
@@ -94,9 +94,9 @@ tracing-opentelemetry = "0.22"
 tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
 utoipa = { version = "4.1", features = ["axum_extras"] }
 uuid = { version = "1", features = ["v5"] }
-wadm = "0.12.2"
-wadm-client = "0.1.2"
-wadm-types = "0.1.0"
+wadm = "0.13.0"
+wadm-client = "0.2.0"
+wadm-types = "0.2.0"
 wasmcloud-operator-types = { version = "*", path = "./crates/types" }
 
 [workspace]

diff --git a/crates/types/Cargo.toml b/crates/types/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "wasmcloud-operator-types"
-version = "0.1.6"
+version = "0.1.7"
 edition = "2021"
 
 [dependencies]

diff --git a/crates/types/src/v1alpha1/wasmcloud_host_config.rs b/crates/types/src/v1alpha1/wasmcloud_host_config.rs
@@ -80,6 +80,8 @@ pub struct WasmCloudHostConfigSpec {
     pub observability: Option<ObservabilityConfiguration>,
     /// Certificates: Authorities, client certificates
     pub certificates: Option<WasmCloudHostCertificates>,
+    /// wasmCloud secrets topic prefix, must not be empty if set.
+    pub secrets_topic_prefix: Option<String>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)]

diff --git a/examples/full-config/wasmcloud-annotated.yaml b/examples/full-config/wasmcloud-annotated.yaml
@@ -68,6 +68,9 @@ spec:
     traces:
       enable: false
       endpoint: "traces-specific-otel-collector.svc"
+  # Optional: Subject prefix that will be used by the host to query for wasmCloud Secrets.
+  # See https://wasmcloud.com/docs/concepts/secrets for more context
+  secretsTopicPrefix: "wasmcloud.secrets"
   # Optional: Additional options to control how the underlying wasmCloud hosts are scheduled in Kubernetes.
   # This includes setting resource requirements for the nats and wasmCloud host
   # containers along with any additional pot template settings.

diff --git a/src/controller.rs b/src/controller.rs
@@ -373,6 +373,14 @@ async fn pod_template(config: &WasmCloudHostConfig, ctx: Arc<Context>) -> Result
         }
     }
 
+    if let Some(secrets_prefix) = &config.spec.secrets_topic_prefix {
+        wasmcloud_env.push(EnvVar {
+            name: "WASMCLOUD_SECRETS_TOPIC".to_string(),
+            value: Some(secrets_prefix.clone()),
+            ..Default::default()
+        })
+    }
+
     let mut wasmcloud_args = configure_observability(&config.spec);
 
     let mut nats_resources: Option<k8s_openapi::api::core::v1::ResourceRequirements> = None;