feat(helm): allow to set init containers (#4745)

Signed-off-by: Thomas Bétrancourt <thomas@betrancourt.net>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

deploy/charts/external-secrets/README.md

@@ -42,6 +42,7 @@ The command removes all the Kubernetes components associated with the chart and
 | certController.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
 | certController.extraArgs | object | `{}` |  |
 | certController.extraEnv | list | `[]` |  |
+| certController.extraInitContainers | list | `[]` |  |
 | certController.extraVolumeMounts | list | `[]` |  |
 | certController.extraVolumes | list | `[]` |  |
 | certController.fullnameOverride | string | `""` |  |
@@ -102,6 +103,7 @@ The command removes all the Kubernetes components associated with the chart and
 | extraArgs | object | `{}` |  |
 | extraContainers | list | `[]` |  |
 | extraEnv | list | `[]` |  |
+| extraInitContainers | list | `[]` |  |
 | extraObjects | list | `[]` |  |
 | extraVolumeMounts | list | `[]` |  |
 | extraVolumes | list | `[]` |  |
@@ -191,6 +193,7 @@ The command removes all the Kubernetes components associated with the chart and
 | webhook.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
 | webhook.extraArgs | object | `{}` |  |
 | webhook.extraEnv | list | `[]` |  |
+| webhook.extraInitContainers | list | `[]` |  |
 | webhook.extraVolumeMounts | list | `[]` |  |
 | webhook.extraVolumes | list | `[]` |  |
 | webhook.failurePolicy | string | `"Fail"` | Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore |

deploy/charts/external-secrets/templates/cert-controller-deployment.yaml

@@ -98,6 +98,10 @@ spec:
           volumeMounts:
           {{- toYaml .Values.certController.extraVolumeMounts | nindent 12 }}
           {{- end }}
+      {{- with .Values.certController.extraInitContainers }}
+      initContainers:
+        {{- tpl (toYaml . | nindent 8) $ }}
+      {{- end }}
       {{- if .Values.certController.extraVolumes }}
       volumes:
       {{- toYaml .Values.certController.extraVolumes | nindent 8 }}

deploy/charts/external-secrets/templates/deployment.yaml

@@ -44,7 +44,7 @@ spec:
       containers:
         - name: {{ .Chart.Name }}
           {{- with .Values.securityContext }}
-           {{- if and (.enabled) (gt (keys . | len) 1) }}
+          {{- if and (.enabled) (gt (keys . | len) 1) }}
           securityContext:
             {{- include "external-secrets.renderSecurityContext" (dict "securityContext" . "context" $) | nindent 12 }}
           {{- end }}
@@ -116,6 +116,10 @@ spec:
         {{- if .Values.extraContainers }}
           {{ toYaml .Values.extraContainers | nindent 8 }}
         {{- end }}
+      {{- with .Values.extraInitContainers }}
+      initContainers:
+        {{- tpl (toYaml . | nindent 8) $ }}
+      {{- end }}
       dnsPolicy: {{ .Values.dnsPolicy }}
       {{- if .Values.dnsConfig }}
       dnsConfig:

deploy/charts/external-secrets/templates/webhook-deployment.yaml

@@ -99,6 +99,10 @@ spec:
           {{- if .Values.webhook.extraVolumeMounts }}
           {{- toYaml .Values.webhook.extraVolumeMounts | nindent 12 }}
           {{- end }}
+      {{- with .Values.webhook.extraInitContainers }}
+      initContainers:
+        {{- tpl (toYaml . | nindent 8) $ }}
+      {{- end }}
       volumes:
         - name: certs
           secret:

deploy/charts/external-secrets/tests/cert_controller_test.yaml

@@ -24,6 +24,25 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: IfNotPresent
+  - it: should add a init container
+    templates:
+      - cert-controller-deployment.yaml
+    set:
+      certController.extraInitContainers:
+        - name: foo
+          image: example.com/external-secrets/init-image:{{ .Chart.Version }}
+          restartPolicy: Always
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[0].name
+          value: foo
+      - matchRegex:
+          path: spec.template.spec.initContainers[0].image
+          pattern: ^example\.com/external-secrets/init-image:[0-9]+\.[0-9]+\.[0-9]+$
+      - equal:
+          path: spec.template.spec.initContainers[0].restartPolicy
+          value: Always
+
   - it: should override securityContext
     set:
       certController.podSecurityContext:

deploy/charts/external-secrets/tests/controller_test.yaml

@@ -71,3 +71,19 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].image
           value: example.com/external-secrets/external-secrets:v0.9.9-ubi
+  - it: should add a init container
+    set:
+      extraInitContainers:
+        - name: foo
+          image: example.com/external-secrets/init-image:{{ .Chart.Version }}
+          restartPolicy: Always
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[0].name
+          value: foo
+      - matchRegex:
+          path: spec.template.spec.initContainers[0].image
+          pattern: ^example\.com/external-secrets/init-image:[0-9]+\.[0-9]+\.[0-9]+$
+      - equal:
+          path: spec.template.spec.initContainers[0].restartPolicy
+          value: Always

deploy/charts/external-secrets/tests/webhook_test.yaml

@@ -358,3 +358,21 @@ tests:
       - equal:
           path: metadata.annotations["prometheus.io/scrape"]
           value: "true"
+  - it: should add a init container
+    templates:
+      - webhook-deployment.yaml
+    set:
+      webhook.extraInitContainers:
+        - name: foo
+          image: example.com/external-secrets/init-image:{{ .Chart.Version }}
+          restartPolicy: Always
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[0].name
+          value: foo
+      - matchRegex:
+          path: spec.template.spec.initContainers[0].image
+          pattern: ^example\.com/external-secrets/init-image:[0-9]+\.[0-9]+\.[0-9]+$
+      - equal:
+          path: spec.template.spec.initContainers[0].restartPolicy
+          value: Always

deploy/charts/external-secrets/values.schema.json

@@ -36,6 +36,9 @@
                 "extraEnv": {
                     "type": "array"
                 },
+                "extraInitContainers": {
+                    "type": "array"
+                },
                 "extraVolumeMounts": {
                     "type": "array"
                 },
@@ -318,6 +321,9 @@
         "extraEnv": {
             "type": "array"
         },
+        "extraInitContainers": {
+            "type": "array"
+        },
         "extraObjects": {
             "type": "array"
         },
@@ -732,6 +738,9 @@
                 "extraEnv": {
                     "type": "array"
                 },
+                "extraInitContainers": {
+                    "type": "array"
+                },
                 "extraVolumeMounts": {
                     "type": "array"
                 },

deploy/charts/external-secrets/values.yaml

@@ -152,6 +152,9 @@ extraObjects: []
 ## -- Extra volumes to mount to the container.
 extraVolumeMounts: []
 
+## -- Extra init containers to add to the pod.
+extraInitContainers: []
+
 ## -- Extra containers to add to the pod.
 extraContainers: []
 
@@ -405,6 +408,9 @@ webhook:
     ## -- Map of extra arguments to pass to container.
   extraArgs: {}
 
+    ## -- Extra init containers to add to the pod.
+  extraInitContainers: []
+
     ## -- Extra volumes to pass to pod.
   extraVolumes: []
 
@@ -539,6 +545,8 @@ certController:
     ## -- Map of extra arguments to pass to container.
   extraArgs: {}
 
+    ## -- Extra init containers to add to the pod.
+  extraInitContainers: []
 
     ## -- Extra volumes to pass to pod.
   extraVolumes: []