{{- /* Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} replicas: {{ .Values.replicaCount }} strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} template: metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/component: jenkins-controller annotations: checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} {{- if .Values.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} {{- end }} spec: serviceAccountName: {{ include "jenkins.serviceAccountName" . }} {{- include "jenkins.imagePullSecrets" . | nindent 6 }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- if .Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- else }} affinity: podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "jenkins-controller" "customLabels" $podLabels "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "jenkins-controller" "customLabels" $podLabels "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName }} {{- end }} {{- if .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName | quote }} {{- end }} {{- if .Values.podSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) (or .Values.tls.autoGenerated .Values.tls.existingSecret) .Values.initContainers }} initContainers: - name: copy-plugins image: {{ include "jenkins.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: - /bin/bash - -ec - |- #!/bin/bash . /opt/bitnami/scripts/libfs.sh if ! is_dir_empty /opt/bitnami/jenkins/plugins; then cp -r /opt/bitnami/jenkins/plugins/* /plugins fi {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- else if ne .Values.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: empty-dir mountPath: /opt/bitnami/jenkins/certs subPath: app-certs-dir - name: empty-dir mountPath: /plugins subPath: app-plugins-dir - name: empty-dir mountPath: /tmp subPath: tmp-dir {{- if or .Values.tls.autoGenerated .Values.tls.existingSecret }} - name: init-certs image: {{ include "jenkins.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: - /bin/bash - -ec - |- if [[ -f /opt/bitnami/jenkins/certs/jenkins.jks ]]; then rm /opt/bitnami/jenkins/certs/jenkins.jks fi {{- if or .Values.tls.autoGenerated .Values.tls.usePemCerts }} if [[ -f "/certs/tls.key" ]] && [[ -f "/certs/tls.crt" ]]; then openssl pkcs12 -export -in "/certs/tls.crt" \ -passout pass:"${JENKINS_KEYSTORE_PASSWORD}" \ -inkey "/certs/tls.key" \ -out "/tmp/keystore.p12" keytool -importkeystore -srckeystore "/tmp/keystore.p12" \ -srcstoretype PKCS12 \ -srcstorepass "${JENKINS_KEYSTORE_PASSWORD}" \ -deststorepass "${JENKINS_KEYSTORE_PASSWORD}" \ -destkeystore "/opt/bitnami/jenkins/certs/jenkins.jks" rm "/tmp/keystore.p12" else echo "Couldn't find the expected PEM certificates! They are mandatory when encryption via TLS is enabled." exit 1 fi {{- else }} if [[ -f "/certs/jenkins.jks" ]]; then cp "/certs/jenkins.jks" "/opt/bitnami/jenkins/certs/jenkins.jks" else echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when encryption via TLS is enabled." exit 1 fi {{- end }} env: {{- if or .Values.tls.passwordsSecret .Values.tls.password .Values.tls.autoGenerated .Values.tls.usePemCerts }} - name: JENKINS_KEYSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ (include "jenkins.tlsPasswordsSecret" .) }} key: keystore-password {{- end }} {{- if .Values.tls.resources }} resources: {{- toYaml .Values.tls.resources | nindent 12 }} {{- else if ne .Values.tls.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: certs mountPath: /certs - name: empty-dir mountPath: /opt/bitnami/jenkins/certs subPath: app-certs-dir {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - name: volume-permissions image: {{ include "jenkins.volumePermissions.image" . }} imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} command: - /bin/bash args: - -ec - | mkdir -p /bitnami/jenkins chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" /bitnami/jenkins {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} {{- else }} securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: empty-dir mountPath: /tmp subPath: tmp-dir - name: jenkins-data mountPath: /bitnami/jenkins {{- end }} {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} {{- end }} {{- end }} containers: - name: jenkins image: {{ include "jenkins.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} {{- else if .Values.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} {{- else if .Values.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} {{- end }} {{- if .Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: BITNAMI_DEBUG value: {{ ternary "true" "false" .Values.image.debug | quote }} - name: JENKINS_USERNAME value: {{ .Values.jenkinsUser | quote }} - name: JENKINS_PASSWORD valueFrom: secretKeyRef: name: {{ include "common.names.fullname" . }} key: jenkins-password - name: JENKINS_HOME value: {{ .Values.jenkinsHome | quote }} - name: JENKINS_SKIP_BOOTSTRAP value: {{ .Values.disableInitialization | quote }} - name: JENKINS_HOST value: {{ include "jenkins.host" . | quote }} - name: JENKINS_EXTERNAL_HTTP_PORT_NUMBER value: {{ .Values.service.ports.http | quote }} - name: JENKINS_EXTERNAL_HTTPS_PORT_NUMBER value: {{ .Values.service.ports.https | quote }} {{- if or .Values.tls.autoGenerated .Values.tls.existingSecret }} - name: JENKINS_CERTS_DIR value: "/opt/bitnami/jenkins/certs" {{- end }} {{- if or .Values.tls.passwordsSecret .Values.tls.password .Values.tls.autoGenerated .Values.tls.usePemCerts }} - name: JENKINS_KEYSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ (include "jenkins.tlsPasswordsSecret" .) }} key: keystore-password {{- end }} {{- $plugins := .Values.plugins }} {{- if .Values.extraPlugins }} {{- $plugins = append $plugins .Values.extraPlugins }} {{- end }} {{- if $plugins }} - name: JENKINS_PLUGINS value: {{ join ";" $plugins | quote }} {{- end }} {{- $paths := .Values.overridePaths | default "" }} {{- if or .Values.initHookScripts .Values.initHookScriptsCM .Values.initHookScriptsSecret }} {{- if $paths }} {{- $paths = printf "%s,init.groovy.d" $paths }} {{- else }} {{- $paths = "init.groovy.d" }} {{- end }} {{- end }} {{- if $paths }} - name: JENKINS_OVERRIDE_PATHS value: {{ join ";" $paths | quote }} {{- end }} - name: JENKINS_PLUGINS_LATEST value: {{ ternary "true" "false" .Values.latestPlugins | quote }} - name: JENKINS_PLUGINS_LATEST_SPECIFIED value: {{ ternary "true" "false" .Values.latestSpecifiedPlugins | quote }} - name: JENKINS_SKIP_IMAGE_PLUGINS value: {{ ternary "true" "false" .Values.skipImagePlugins | quote }} - name: JENKINS_OVERRIDE_PLUGINS value: {{ ternary "true" "false" .Values.overridePlugins | quote }} {{- if .Values.configAsCode.enabled }} - name: CASC_JENKINS_CONFIG value: "$(JENKINS_HOME)/casc_configs" {{- if and .Values.configAsCode.enabled .Values.configAsCode.autoReload.enabled }} - name: CASC_RELOAD_TOKEN value: "$(POD_NAME)" {{- end }} {{- end }} {{- if .Values.javaOpts }} - name: JAVA_OPTS value: {{ .Values.javaOpts | join " " | quote }} {{- end }} {{- if .Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} envFrom: {{- if .Values.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} {{- end }} {{- end }} ports: - name: http containerPort: {{ .Values.containerPorts.http }} protocol: TCP - name: https containerPort: {{ .Values.containerPorts.https }} protocol: TCP {{- if .Values.agent.enabled }} - name: agent-listener containerPort: {{ .Values.containerPorts.agentListener }} protocol: TCP {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} tcpSocket: port: http {{- end }} {{- if .Values.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.livenessProbe.enabled }} livenessProbe: tcpSocket: port: http initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} successThreshold: {{ .Values.livenessProbe.successThreshold }} {{- end }} {{- if .Values.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} {{- else if .Values.readinessProbe.enabled }} readinessProbe: httpGet: path: /login port: http initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} successThreshold: {{ .Values.readinessProbe.successThreshold }} {{- end }} {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- else if ne .Values.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: empty-dir mountPath: /tmp subPath: tmp-dir - name: empty-dir mountPath: /opt/bitnami/jenkins/plugins subPath: app-plugins-dir - name: empty-dir mountPath: /opt/bitnami/jenkins/tmp subPath: app-tmp-dir - name: empty-dir mountPath: /opt/bitnami/jenkins/logs subPath: app-logs-dir - name: jenkins-data mountPath: /bitnami/jenkins {{- if or .Values.tls.autoGenerated .Values.tls.existingSecret }} - name: empty-dir mountPath: /opt/bitnami/jenkins/certs subPath: app-certs-dir {{- end }} {{- if .Values.configAsCode.enabled }} - name: config-as-code-mountpoint mountPath: /usr/share/jenkins/ref/casc_configs {{- end }} {{- if or .Values.initScripts .Values.initScriptsCM .Values.initScriptsSecret }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d/ {{- end }} {{- if or .Values.initHookScripts .Values.initHookScriptsCM .Values.initHookScriptsSecret }} - name: jenkins-init-hook-scripts mountPath: /usr/share/jenkins/ref/init.groovy.d/ {{- end }} {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if and .Values.configAsCode.enabled .Values.configAsCode.autoReload.enabled }} - name: reload-configuration-as-code image: {{ include "jenkins.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.configAsCode.autoReload.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.configAsCode.autoReload.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.configAsCode.autoReload.command "context" $) | nindent 12 }} {{- else }} command: - /bin/bash {{- end }} {{- if .Values.configAsCode.autoReload.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.configAsCode.autoReload.args "context" $) | nindent 12 }} {{- else }} args: - -ec - | set -o errexit set -o nounset set -o pipefail . /opt/bitnami/scripts/libjenkins.sh get_configmap() { local -r print_output=${1:-false} local -r apiserver="https://kubernetes.default.svc" local -r sa_dir="/var/run/secrets/kubernetes.io/serviceaccount" local -r token=$(cat "${sa_dir}/token") local -r ca_cert="${sa_dir}/ca.crt" local -r url="${apiserver}/api/v1/namespaces/${NAMESPACE}/configmaps/${CONFIGMAP_NAME}" local command=("curl" "-s" --cacert "${ca_cert}" "-H" "Authorization: Bearer ${token}" "-H" "Accept: application/json" "${url}") if ! is_boolean_yes "$print_output"; then command+=("--fail" "-o" "/old_copy/cm.json") fi "${command[@]}" } trigger_config_reload() { local -r jenkins_host="http://localhost:{{ .Values.containerPorts.http }}" local -r url="${jenkins_host}/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)" local command=("curl" "-s" "--fail" "-X" "POST" "${url}") "${command[@]}" } # Variables k8s_api_retries=12 k8s_api_sleep=5 jenkins_casc_reload_retries={{ .Values.configAsCode.autoReload.reqRetries | int }} jenkins_casc_reload_sleep={{ .Values.configAsCode.autoReload.interval | int }} sleep {{ .Values.configAsCode.autoReload.initialDelay | int | quote }} while true; do # Download configmap content if ! retry_while 'get_configmap' "$k8s_api_retries" "$k8s_api_sleep"; then error "Failed to obtain the ConfigMap. Please check the following error message:\n $(get_configmap "true")" exit 1 else if [[ -d "/bitnami/jenkins/home/casc_configs" ]]; then # Remove existing config-as-code files rm -rf /bitnami/jenkins/home/casc_configs fi # Create target directories mkdir -p /bitnami/jenkins/home/casc_configs /old_copy/casc_configs # Copy files defined in the ConfigMap for file in $(jq -rc '.data | keys[]' "/old_copy/cm.json"); do jq -r ".data.\"${file}\"" "/old_copy/cm.json" > "/bitnami/jenkins/home/casc_configs/${file}" done # Remove configmap json file rm /old_copy/cm.json # Compare running configuration and new configuration if [[ -d /old_copy/casc_configs && -d /bitnami/jenkins/home/casc_configs ]] && ! diff -q /old_copy/casc_configs /bitnami/jenkins/home/casc_configs; then if ! retry_while "trigger_config_reload" "$jenkins_casc_reload_retries" "$jenkins_casc_reload_sleep"; then error "Failed to trigger config reload." else info "Configuration successfully applied" # Copy running configuration to compare in the next iteration cp -rf /bitnami/jenkins/home/casc_configs /old_copy/ fi fi fi sleep {{ default "60" .Values.configAsCode.autoReload.interval }} done {{- end }} env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: CONFIGMAP_NAME value: {{ template "jenkins.configAsCodeCM" . }} - name: NAMESPACE value: {{ include "common.names.namespace" . | quote }} {{- if .Values.configAsCode.autoReload.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.configAsCode.autoReload.extraEnvVars "context" $) | nindent 12 }} {{- end }} {{- if .Values.configAsCode.autoReload.resources }} resources: {{- toYaml .Values.configAsCode.autoReload.resources | nindent 12 }} {{- else if ne .Values.configAsCode.autoReload.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.configAsCode.autoReload.resourcesPreset) | nindent 12 }} {{- end }} {{- if or .Values.configAsCode.autoReload.extraEnvVarsCM .Values.configAsCode.autoReload.extraEnvVarsSecret }} envFrom: {{- if .Values.configAsCode.autoReload.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.configAsCode.autoReload.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.configAsCode.autoReload.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.configAsCode.autoReload.extraEnvVarsSecret "context" $) }} {{- end }} {{- end }} volumeMounts: - name: empty-dir mountPath: /tmp subPath: tmp-dir - name: jenkins-data mountPath: /bitnami/jenkins - name: empty-dir mountPath: /old_copy subPath: app-casc-tmp-dir {{- if .Values.configAsCode.autoReload.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.configAsCode.autoReload.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- end}} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: - name: empty-dir emptyDir: {} - name: jenkins-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ default (include "common.names.fullname" .) (tpl .Values.persistence.existingClaim $) }} {{- else }} emptyDir: {} {{- end }} {{- if or .Values.tls.autoGenerated .Values.tls.existingSecret }} - name: certs secret: secretName: {{ include "jenkins.tlsSecretName" . }} {{- end }} {{- if .Values.configAsCode.enabled }} - name: config-as-code-mountpoint configMap: name: {{ template "jenkins.configAsCodeCM" . }} {{- end }} {{- if or .Values.initScripts .Values.initScriptsCM .Values.initScriptsSecret }} - name: custom-init-scripts projected: sources: {{- if or .Values.initScripts .Values.initScriptsCM }} - configMap: name: {{ template "jenkins.initScriptsName" . }} {{- end }} {{- if .Values.initScriptsSecret }} - secret: secretName: {{ print (tpl .Values.initScriptsSecret .) }} defaultMode: 0755 {{- end }} {{- end }} {{- if or .Values.initHookScripts .Values.initHookScriptsCM .Values.initHookScriptsSecret }} - name: jenkins-init-hook-scripts projected: sources: {{- if or .Values.initHookScripts .Values.initHookScriptsCM }} - configMap: name: {{ template "jenkins.initHookScriptsName" . }} {{- end }} {{- if .Values.initHookScriptsSecret }} - secret: secretName: {{ print (tpl .Values.initHookScriptsSecret .) }} defaultMode: 0755 {{- end }} {{- end }} {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }}