From 916fd6e62573bb5a12a5ca4e2b6aa4552c390804 Mon Sep 17 00:00:00 2001
From: Waqar Ahmed <waqarahmedjoyia@live.com>
Date: Mon, 8 Feb 2021 00:33:05 +0500
Subject: [PATCH] Mount minio configured cert inside pod using secret

---
 test/minio/1.2.0/templates/_cert.tpl       | 25 ++++++++++++++++++++++
 test/minio/1.2.0/templates/_helpers.tpl    |  6 +++---
 test/minio/1.2.0/templates/deployment.yaml |  7 +++---
 test/minio/1.2.0/templates/secrets.yaml    |  8 +++----
 4 files changed, 36 insertions(+), 10 deletions(-)
 create mode 100644 test/minio/1.2.0/templates/_cert.tpl

diff --git a/test/minio/1.2.0/templates/_cert.tpl b/test/minio/1.2.0/templates/_cert.tpl
new file mode 100644
index 0000000000..7376b1e410
--- /dev/null
+++ b/test/minio/1.2.0/templates/_cert.tpl
@@ -0,0 +1,25 @@
+{{/*
+Formats volumeMount for Minio tls keys and trusted certs
+*/}}
+{{- define "minio.tlsKeysVolumeMount" -}}
+{{- if eq (include "minio.certAvailable" .) "true" -}}
+- name: cert-secret-volume
+  mountPath: "/etc/minio/certs"
+{{- end }}
+{{- end -}}
+
+{{/*
+Formats volume for Minio tls keys and trusted certs
+*/}}
+{{- define "minio.tlsKeysVolume" -}}
+{{- if eq (include "minio.certAvailable" .) "true" -}}
+- name: cert-secret-volume
+  secret:
+    secretName: {{ include "minio.secretName" . }}
+    items:
+    - key: certPublicKey
+      path: public.crt
+    - key: certPrivateKey
+      path: private.key
+{{- end }}
+{{- end -}}
diff --git a/test/minio/1.2.0/templates/_helpers.tpl b/test/minio/1.2.0/templates/_helpers.tpl
index 1aeab6171a..526b122225 100644
--- a/test/minio/1.2.0/templates/_helpers.tpl
+++ b/test/minio/1.2.0/templates/_helpers.tpl
@@ -11,7 +11,7 @@ Retrieve true/false if minio certificate is configured
 */}}
 {{- define "minio.certAvailable" -}}
 {{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.certificate) -}}
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
 {{- template "common.resources.cert_present" $values -}}
 {{- end -}}
 
@@ -21,7 +21,7 @@ Retrieve public key of minio certificate
 */}}
 {{- define "minio.cert.publicKey" -}}
 {{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.certificate "publicKey" true) -}}
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
 {{ include "common.resources.cert" $values }}
 {{- end -}}
 
@@ -31,6 +31,6 @@ Retrieve private key of minio certificate
 */}}
 {{- define "minio.cert.privateKey" -}}
 {{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.certificate) -}}
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
 {{ include "common.resources.cert" $values }}
 {{- end -}}
diff --git a/test/minio/1.2.0/templates/deployment.yaml b/test/minio/1.2.0/templates/deployment.yaml
index aed4ad032b..743268e4fc 100644
--- a/test/minio/1.2.0/templates/deployment.yaml
+++ b/test/minio/1.2.0/templates/deployment.yaml
@@ -1,4 +1,3 @@
-{{ $scheme := "http" }}
 apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
@@ -29,13 +28,14 @@ spec:
       containers:
         - name: {{ .Chart.Name }}
           {{ include "common.containers.imageConfig" .Values.image | nindent 10 }}
-          {{ include "common.storage.allContainerVolumeMounts" .Values | nindent 10 }}
+          volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
+          {{- include "minio.tlsKeysVolumeMount" . | nindent 12 }}
           command:
             - "/bin/sh"
             - "-ce"
             - "/usr/bin/docker-entrypoint.sh minio server /export {{ (.Values.extraArgs | default list) | join " " }}"
           ports:
-            - name: {{ $scheme }}
+            - name: http
               containerPort: 9000
           env:
             {{ $secretName := (include "minio.secretName" .) }}
@@ -44,3 +44,4 @@ spec:
             {{ $envList = mustAppend $envList (dict "name" "MINIO_SECRET_KEY" "valueFromSecret" true "secretName" $secretName "secretKey" "secretkey") }}
             {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }}
 {{ include "common.storage.allAppVolumes" .Values | nindent 6 }}
+{{- include "minio.tlsKeysVolume" . | nindent 8 }}
diff --git a/test/minio/1.2.0/templates/secrets.yaml b/test/minio/1.2.0/templates/secrets.yaml
index 26c1d2c896..4085fd585b 100644
--- a/test/minio/1.2.0/templates/secrets.yaml
+++ b/test/minio/1.2.0/templates/secrets.yaml
@@ -7,7 +7,7 @@ type: Opaque
 data:
   accesskey: {{ if .Values.accessKey }}{{ .Values.accessKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }}
   secretkey: {{ if .Values.secretKey }}{{ .Values.secretKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }}
-  {{- if eq (include "minio.certAvailable" .) true -}}
-  certPublicKey: {{ template "minio.cert.publicKey" . }}
-  certPrivateKey: {{ template "minio.cert.privateKey" . }}
-  {{- end -}}
+  {{ if eq (include "minio.certAvailable" .) "true" }}
+  certPublicKey: {{ (include "minio.cert.publicKey" .) | toString | b64enc | quote }}
+  certPrivateKey: {{ (include "minio.cert.privateKey" .) | toString | b64enc | quote }}
+  {{ end }}