From 64da97364ab7f2e4df41fa3940ae4d199f6c718f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20G=C3=BCttler?= <thomas.guettler@syself.com>
Date: Thu, 19 Dec 2024 10:29:34 +0100
Subject: [PATCH] :seedling: Syself Hetzner ccm v2. Hot reload via mounted
 secret. (#100)

---
 charts/ccm-hetzner/Chart.yaml                |  4 +-
 charts/ccm-hetzner/templates/deployment.yaml | 41 +++++---------------
 charts/ccm-hetzner/templates/secret.yaml     |  8 ++--
 charts/ccm-hetzner/values.yaml               | 11 ++++--
 4 files changed, 22 insertions(+), 42 deletions(-)

diff --git a/charts/ccm-hetzner/Chart.yaml b/charts/ccm-hetzner/Chart.yaml
index 84b5a3c..05c7519 100644
--- a/charts/ccm-hetzner/Chart.yaml
+++ b/charts/ccm-hetzner/Chart.yaml
@@ -7,5 +7,5 @@ maintainers:
   - name: Syself
     email: info@syself.com
     url: https://github.com/syself
-appVersion: "v1.18.0-0.0.8"
-version: 1.1.15
+appVersion: "v2.0.1"
+version: 2.0.1
diff --git a/charts/ccm-hetzner/templates/deployment.yaml b/charts/ccm-hetzner/templates/deployment.yaml
index ae8440b..dac08f6 100644
--- a/charts/ccm-hetzner/templates/deployment.yaml
+++ b/charts/ccm-hetzner/templates/deployment.yaml
@@ -28,6 +28,10 @@ spec:
       serviceAccountName: {{ include "ccm-hetzner.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      volumes:
+      - name: hetzner-secret
+        secret:
+          secretName: {{ .Values.secret.name }}
       tolerations:
         # Introduced with CAPI v1.4, more info: https://cluster-api.sigs.k8s.io/developer/providers/bootstrap.html#taint-nodes-at-creation
         - key: "node.cluster.x-k8s.io/uninitialized"
@@ -70,38 +74,11 @@ spec:
 {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+          - mountPath: /etc/hetzner-secret
+            name: hetzner-secret
+            readOnly: true
           env:
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: HCLOUD_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  {{- if .Values.secret.create }}
-                  name: {{ include "ccm-hetzner.fullname" . }}
-                  {{- else }}
-                  name: {{ .Values.secret.name }}
-                  {{- end }}
-                  key: {{ .Values.secret.key.token }}
-            - name: ROBOT_USER_NAME
-              valueFrom:
-                secretKeyRef:
-                  {{- if .Values.secret.create }}
-                  name: {{ include "ccm-hetzner.fullname" . }}
-                  {{- else }}
-                  name: {{ .Values.secret.name }}
-                  {{- end }}
-                  key: {{ .Values.secret.key.robotUserName }}
-            - name: ROBOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  {{- if .Values.secret.create }}
-                  name: {{ include "ccm-hetzner.fullname" . }}
-                  {{- else }}
-                  name: {{ .Values.secret.name }}
-                  {{- end }}
-                  key: {{ .Values.secret.key.robotPassword }}
             - name: HCLOUD_DEBUG
               value: "{{ .Values.env.debug }}"
             - name: HCLOUD_LOAD_BALANCERS_ENABLED
@@ -131,4 +108,4 @@ spec:
       {{- with .Values.topologySpreadConstraints }}
       topologySpreadConstraints:
         {{- toYaml . | nindent 8 }}
-      {{- end }}
\ No newline at end of file
+      {{- end }}
diff --git a/charts/ccm-hetzner/templates/secret.yaml b/charts/ccm-hetzner/templates/secret.yaml
index 477b40e..0e7d7c1 100644
--- a/charts/ccm-hetzner/templates/secret.yaml
+++ b/charts/ccm-hetzner/templates/secret.yaml
@@ -7,10 +7,10 @@ metadata:
   labels:
     {{- include "ccm-hetzner.labels" . | nindent 4 }}
 stringData:
-  {{ .Values.secret.key.token }}: {{ .Values.env.hcloudApiToken | b64enc }}
-  {{ .Values.secret.key.robotUserName }}: {{ .Values.env.robotUser | b64enc }}
-  {{ .Values.secret.key.robotPassword }}: {{ .Values.env.robotPassword | b64enc }}
+  hcloud: {{ .Values.env.hcloudApiToken | b64enc }}
+  robot-user: {{ .Values.env.robotUser | b64enc }}
+  robot-password: {{ .Values.env.robotPassword | b64enc }}
 {{- if .Values.privateNetwork.enabled }}
   {{ .Values.secret.networkKeyName }}: {{ .Values.privateNetwork.network.id | b64enc }}
-{{- end -}}  
+{{- end -}}
 {{- end -}}
diff --git a/charts/ccm-hetzner/values.yaml b/charts/ccm-hetzner/values.yaml
index 250f5a5..57e6843 100644
--- a/charts/ccm-hetzner/values.yaml
+++ b/charts/ccm-hetzner/values.yaml
@@ -36,11 +36,14 @@ secret:
   create: false
   name: hetzner # Name of an existing secret
   key:
-    token: hcloud # Name of an existing key for the hcloud-token in the above specified secret
-    robotUserName: robot-user
-    robotPassword: robot-password
     network: network # Name of an existing key for the hcloud-network in the above specified secret
 
+    ## These values could be set in v1. For v2 we introduced hot-reloading of the secret.
+    ## These values are no longer configurable:
+    # token: hcloud
+    # robotUserName: robot-user
+    # robotPassword: robot-password
+
 pdb:
   enabled: true
   minAvailable: 1
@@ -80,4 +83,4 @@ tolerations: []
 
 affinity: {}
 
-topologySpreadConstraints: {}
\ No newline at end of file
+topologySpreadConstraints: {}