feat: Adding support for k8s webhooks secret store (#33)

zacharyblasczyk · web-flow · commit 9d2ef9cf37c4 · 2023-10-23T17:20:35.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 *.tgz
 .vscode/
 dryrun.yaml
+license.txt
 test-values.yaml
diff --git a/charts/wandb/Chart.yaml b/charts/wandb/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: wandb
 description: A Helm chart for deploying W&B to Kubernetes
 type: application
-version: 0.2.3
-appVersion: "0.42.0"
+version: 0.3.0
+appVersion: "0.44.1"
 icon: https://wandb.ai/logo.svg
 maintainers:
   - name: wandb
diff --git a/charts/wandb/templates/_helpers.tpl b/charts/wandb/templates/_helpers.tpl
@@ -87,4 +87,16 @@ SQL configuration helpers, MySQL 8 needs session variable permissions
 {{- if eq (include "wandb.mysqlVersion" .) "8" }}
 {{- printf "SESSION_VARIABLES_ADMIN," -}}
 {{- end }}
-{{- end }}
+{{- end }}
+
+
+{{/*
+Secrets Manager Role and Binding
+*/}}
+{{- define "wandb.secretManagerRoleName" -}}
+{{- printf "%s-secret-manager-role" (include "wandb.fullname" .) -}}
+{{- end -}}
+
+{{- define "wandb.secretManagerRoleBindingName" -}}
+{{- printf "%s-secret-manager-binding" (include "wandb.fullname" .) -}}
+{{- end -}}
diff --git a/charts/wandb/templates/role.yaml b/charts/wandb/templates/role.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "wandb.secretManagerRoleName" . }}
+  labels:
+  {{- include "wandb.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "delete"]
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get"]
diff --git a/charts/wandb/templates/rolebinding.yaml b/charts/wandb/templates/rolebinding.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "wandb.secretManagerRoleBindingName" . }}
+  labels:
+  {{- include "wandb.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "wandb.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "wandb.secretManagerRoleName" . }}
+  apiGroup: rbac.authorization.k8s.io
