From b3177e36ee4886636ec84a1e2a6767885e377a60 Mon Sep 17 00:00:00 2001 From: Filip Chlebowski Date: Wed, 31 Dec 2025 13:28:34 +0100 Subject: [PATCH 1/2] feat(chart): Add support for gateway API --- .../chainloop/templates/cas/httproute.yaml | 55 +++++++++ .../chainloop/templates/cas/service-grpc.yaml | 1 + .../templates/controlplane/httproute.yaml | 55 +++++++++ .../templates/controlplane/service-grpc.yaml | 1 + deployment/chainloop/values.yaml | 109 +++++++++++++++++- 5 files changed, 220 insertions(+), 1 deletion(-) create mode 100644 deployment/chainloop/templates/cas/httproute.yaml create mode 100644 deployment/chainloop/templates/controlplane/httproute.yaml diff --git a/deployment/chainloop/templates/cas/httproute.yaml b/deployment/chainloop/templates/cas/httproute.yaml new file mode 100644 index 000000000..af202d1ed --- /dev/null +++ b/deployment/chainloop/templates/cas/httproute.yaml @@ -0,0 +1,55 @@ +{{- if or .Values.cas.httpRoute.enabled .Values.httpRoute.enabled }} +{{- /* +Copyright Chainloop, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- $fullName := include "chainloop.cas.fullname" . -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ $fullName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "chainloop.cas.labels" . | nindent 4 }} + {{- if or .Values.cas.httpRoute.annotations .Values.httpRoute.annotations }} + annotations: + {{- if .Values.cas.httpRoute.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.cas.httpRoute.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.httpRoute.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.httpRoute.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + parentRefs: + {{- if .Values.cas.httpRoute.parentRefs }} + {{- include "common.tplvalues.render" (dict "value" .Values.httpRoute.parentRefs "context" .) | nindent 4 }} + {{- else }} + - name: gateway + namespace: {{ include "common.names.namespace" . | quote }} + {{- end }} + hostnames: {{- include "common.tplvalues.render" (dict "value" .Values.cas.httpRoute.hostnames "context" .) | nindent 4 }} + rules: + {{- $port := coalesce .Values.cas.service.port .Values.cas.service.ports.http }} + - backendRefs: + - name: {{ include "chainloop.cas.fullname" . }} + port: {{ $port }} + {{- if .Values.cas.httpRoute.matches }} + matches: {{- include "common.tplvalues.render" (dict "value" .Values.cas.httpRoute.matches "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.cas.httpRoute.filters }} + filters: {{- include "common.tplvalues.render" (dict "value" .Values.cas.httpRoute.filters "context" .) | nindent 8 }} + {{- end }} + - matches: + - headers: + - name: content-type + value: application/grpc + {{- $portAPI := coalesce .Values.cas.serviceAPI.port .Values.cas.serviceAPI.ports.http }} + backendRefs: + - name: {{ include "chainloop.cas.fullname" . }}-api + kind: Service + namespace: {{ include "common.names.namespace" . | quote }} + port: {{ $portAPI }} + {{- if .Values.cas.httpRoute.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.cas.httpRoute.extraRules "context" .) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/deployment/chainloop/templates/cas/service-grpc.yaml b/deployment/chainloop/templates/cas/service-grpc.yaml index 972aeba99..b30c9426c 100644 --- a/deployment/chainloop/templates/cas/service-grpc.yaml +++ b/deployment/chainloop/templates/cas/service-grpc.yaml @@ -40,6 +40,7 @@ spec: {{- if not (eq $port .Values.cas.containerPorts.grpc) }} targetPort: {{ .Values.cas.containerPorts.grpc }} {{- end }} + appProtocol: kubernetes.io/h2c protocol: TCP {{- if and (or (eq .Values.cas.serviceAPI.type "NodePort") (eq .Values.cas.serviceAPI.type "LoadBalancer")) (not (empty .Values.cas.serviceAPI.nodePorts.http)) }} nodePort: {{ .Values.cas.serviceAPI.nodePorts.http }} diff --git a/deployment/chainloop/templates/controlplane/httproute.yaml b/deployment/chainloop/templates/controlplane/httproute.yaml new file mode 100644 index 000000000..b535407c5 --- /dev/null +++ b/deployment/chainloop/templates/controlplane/httproute.yaml @@ -0,0 +1,55 @@ +{{- if or .Values.controlplane.httpRoute.enabled .Values.httpRoute.enabled }} +{{- /* +Copyright Chainloop, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- $fullName := include "chainloop.controlplane.fullname" . -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ $fullName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "chainloop.controlplane.labels" . | nindent 4 }} + {{- if or .Values.controlplane.httpRoute.annotations .Values.httpRoute.annotations }} + annotations: + {{- if .Values.controlplane.httpRoute.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.controlplane.httpRoute.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.httpRoute.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.httpRoute.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + parentRefs: + {{- if .Values.controlplane.httpRoute.parentRefs }} + {{- include "common.tplvalues.render" (dict "value" .Values.httpRoute.parentRefs "context" .) | nindent 4 }} + {{- else }} + - name: gateway + namespace: {{ include "common.names.namespace" . | quote }} + {{- end }} + hostnames: {{- include "common.tplvalues.render" (dict "value" .Values.controlplane.httpRoute.hostnames "context" .) | nindent 4 }} + rules: + {{- $port := coalesce .Values.controlplane.service.port .Values.controlplane.service.ports.http }} + - backendRefs: + - name: {{ include "chainloop.controlplane.fullname" . }} + port: {{ $port }} + {{- if .Values.controlplane.httpRoute.matches }} + matches: {{- include "common.tplvalues.render" (dict "value" .Values.controlplane.httpRoute.matches "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.controlplane.httpRoute.filters }} + filters: {{- include "common.tplvalues.render" (dict "value" .Values.controlplane.httpRoute.filters "context" .) | nindent 8 }} + {{- end }} + - matches: + - headers: + - name: content-type + value: application/grpc + {{- $portAPI := coalesce .Values.controlplane.serviceAPI.port .Values.controlplane.serviceAPI.ports.http }} + backendRefs: + - name: {{ include "chainloop.controlplane.fullname" . }}-api + kind: Service + namespace: {{ include "common.names.namespace" . | quote }} + port: {{ $portAPI }} + {{- if .Values.controlplane.httpRoute.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.controlplane.httpRoute.extraRules "context" .) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/deployment/chainloop/templates/controlplane/service-grpc.yaml b/deployment/chainloop/templates/controlplane/service-grpc.yaml index 83a96201c..86c543aa8 100644 --- a/deployment/chainloop/templates/controlplane/service-grpc.yaml +++ b/deployment/chainloop/templates/controlplane/service-grpc.yaml @@ -41,6 +41,7 @@ spec: targetPort: {{ .Values.controlplane.containerPorts.grpc }} {{- end }} protocol: TCP + appProtocol: kubernetes.io/h2c {{- if and (or (eq .Values.controlplane.serviceAPI.type "NodePort") (eq .Values.controlplane.serviceAPI.type "LoadBalancer")) (not (empty .Values.controlplane.serviceAPI.nodePorts.http)) }} nodePort: {{ .Values.controlplane.serviceAPI.nodePorts.http }} {{- else if eq .Values.controlplane.serviceAPI.type "ClusterIP" }} diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml index 4f30c64de..c9c56cb1a 100644 --- a/deployment/chainloop/values.yaml +++ b/deployment/chainloop/values.yaml @@ -601,6 +601,60 @@ controlplane: ## name: http ## extraRules: [] + ## Gateway API HTTP routing parameters + ## ref: https://gateway-api.sigs.k8s.io/guides/http-routing/ + ## + httpRoute: + ## @param httpRoute.enabled Enable HTTPRoute generation for WordPress + ## + enabled: false + ## @param httpRoute.annotations Additional annotations for the HTTPRoute resource + ## + annotations: {} + ## @param httpRoute.labels Additional labels for the HTTPRoute resource + ## + labels: {} + ## @param httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. + ## e.g: + ## parentRefs: + ## - name: my-gateway + ## sectionName: http + ## namespace: default + ## + parentRefs: [] + ## @param httpRoute.hostnames [array] List of hostnames matching HTTP header + ## + hostnames: + - cp.dev.local + ## @param httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference + ## + matches: + - path: + type: PathPrefix + value: / + ## @param httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference + ## + filters: [] + ## @param httpRoute.extraRules List of extra rules applied to the HTTPRoute + ## e.g: + ## extraRules: + ## - matches: + ## - path: + ## type: PathPrefix + ## value: /login + ## filters: + ## - type: RequestHeaderModifier + ## requestHeaderModifier: + ## set: + ## - name: My-Overwrite-Header + ## value: this-is-the-only-value + ## remove: + ## - User-Agent + ## backendRefs: + ## - name: wordpress + ## port: 80 + ## + extraRules: [] ## @section Controlplane Misc @@ -1349,7 +1403,60 @@ cas: ## name: http ## extraRules: [] - + ## Gateway API HTTP routing parameters + ## ref: https://gateway-api.sigs.k8s.io/guides/http-routing/ + ## + httpRoute: + ## @param httpRoute.enabled Enable HTTPRoute generation for WordPress + ## + enabled: false + ## @param httpRoute.annotations Additional annotations for the HTTPRoute resource + ## + annotations: {} + ## @param httpRoute.labels Additional labels for the HTTPRoute resource + ## + labels: {} + ## @param httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. + ## e.g: + ## parentRefs: + ## - name: my-gateway + ## sectionName: http + ## namespace: default + ## + parentRefs: [] + ## @param httpRoute.hostnames [array] List of hostnames matching HTTP header + ## + hostnames: + - cas.dev.local + ## @param httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference + ## + matches: + - path: + type: PathPrefix + value: / + ## @param httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference + ## + filters: [] + ## @param httpRoute.extraRules List of extra rules applied to the HTTPRoute + ## e.g: + ## extraRules: + ## - matches: + ## - path: + ## type: PathPrefix + ## value: /login + ## filters: + ## - type: RequestHeaderModifier + ## requestHeaderModifier: + ## set: + ## - name: My-Overwrite-Header + ## value: this-is-the-only-value + ## remove: + ## - User-Agent + ## backendRefs: + ## - name: wordpress + ## port: 80 + ## + extraRules: [] ## @section CAS Misc ## @param cas.sentry.enabled Enable sentry.io alerting ## @param cas.sentry.dsn DSN endpoint From ffba4cad8e915ce47962d050d122e86d53f32b0b Mon Sep 17 00:00:00 2001 From: Filip Chlebowski Date: Fri, 2 Jan 2026 13:23:49 +0100 Subject: [PATCH 2/2] feat(chart): Update readme with httproute params --- deployment/chainloop/README.md | 49 +++++++++++++++++++----------- deployment/chainloop/values.yaml | 52 +++++++++++++++++--------------- 2 files changed, 60 insertions(+), 41 deletions(-) diff --git a/deployment/chainloop/README.md b/deployment/chainloop/README.md index 13449556c..f8a5c0989 100644 --- a/deployment/chainloop/README.md +++ b/deployment/chainloop/README.md @@ -671,6 +671,14 @@ Once done, you can access with [two predefined users](https://github.com/chainlo | `controlplane.ingressAPI.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | | `controlplane.ingressAPI.secrets` | Custom TLS certificates as secrets | `[]` | | `controlplane.ingressAPI.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `controlplane.httpRoute.enabled` | Enable HTTPRoute generation for controlplane | `false` | +| `controlplane.httpRoute.annotations` | Additional annotations for the HTTPRoute resource | `{}` | +| `controlplane.httpRoute.labels` | Additional labels for the HTTPRoute resource | `{}` | +| `controlplane.httpRoute.parentRefs` | Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. | `[]` | +| `controlplane.httpRoute.hostnames` | List of hostnames matching HTTP header | `[]` | +| `controlplane.httpRoute.matches` | List of match rules applied to the HTTPRoute for the default svc backend reference | `[]` | +| `controlplane.httpRoute.filters` | List of filter rules applied to the HTTPRoute for the default svc backend reference | `[]` | +| `controlplane.httpRoute.extraRules` | List of extra rules applied to the HTTPRoute | `[]` | ### Controlplane Misc @@ -847,6 +855,14 @@ Once done, you can access with [two predefined users](https://github.com/chainlo | `cas.ingressAPI.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | | `cas.ingressAPI.secrets` | Custom TLS certificates as secrets | `[]` | | `cas.ingressAPI.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `cas.httpRoute.enabled` | Enable HTTPRoute generation for CAS | `false` | +| `cas.httpRoute.annotations` | Additional annotations for the HTTPRoute resource | `{}` | +| `cas.httpRoute.labels` | Additional labels for the HTTPRoute resource | `{}` | +| `cas.httpRoute.parentRefs` | Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. | `[]` | +| `cas.httpRoute.hostnames` | List of hostnames matching HTTP header | `[]` | +| `cas.httpRoute.matches` | List of match rules applied to the HTTPRoute for the default svc backend reference | `[]` | +| `cas.httpRoute.filters` | List of filter rules applied to the HTTPRoute for the default svc backend reference | `[]` | +| `cas.httpRoute.extraRules` | List of extra rules applied to the HTTPRoute | `[]` | ### CAS Misc @@ -928,23 +944,22 @@ Once done, you can access with [two predefined users](https://github.com/chainlo ### Dependencies -| Name | Description | Value | -| ------------------------------------ | ------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------- | -| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` | -| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `false` | -| `postgresql.auth.username` | Name for a custom user to create | `chainloop` | -| `postgresql.auth.password` | Password for the custom user to create | `chainlooppwd` | -| `postgresql.auth.database` | Name for a custom database to create | `chainloop-cp` | -| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` | -| `vault.server.args` | Arguments to pass to the vault server. This is useful for setting the server in development mode | `["server","-dev"]` | -| `vault.server.config` | Configuration for the vault server. Small override of default Bitnami configuration | `storage "inmem" {} -disable_mlock = true -ui = true -service_registration "kubernetes" {}` | -| `vault.server.extraEnvVars[0].name` | Root token for the vault server | `VAULT_DEV_ROOT_TOKEN_ID` | -| `vault.server.extraEnvVars[0].value` | The value of the root token. Default: notasecret | `notasecret` | -| `vault.server.extraEnvVars[1].name` | Address to listen on development mode | `VAULT_DEV_LISTEN_ADDRESS` | -| `vault.server.extraEnvVars[1].value` | The address to listen on. Default: [::]:8200 | `[::]:8200` | +| Name | Description | Value | +| ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------------------------------- | +| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` | +| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `false` | +| `postgresql.auth.username` | Name for a custom user to create | `chainloop` | +| `postgresql.auth.password` | Password for the custom user to create | `chainlooppwd` | +| `postgresql.auth.database` | Name for a custom database to create | `chainloop-cp` | +| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` | +| `vault.server.command` | Override default container command | `["/vault-init.sh"]` | +| `vault.server.args` | Override default container args | `[""]` | +| `vault.server.extraVolumes[0].name` | Name of the extra volume | `vault-init` | +| `vault.server.extraVolumes[0].configMap.name` | Name of the ConfigMap to mount | `{{ include "vault.server.fullname" . }}-init` | +| `vault.server.extraVolumes[0].configMap.defaultMode` | Default mode for the ConfigMap files | `755` | +| `vault.server.extraVolumeMounts[0].name` | Name of the volume to mount | `vault-init` | +| `vault.server.extraVolumeMounts[0].mountPath` | Path where the volume should be mounted | `/vault-init.sh` | +| `vault.server.extraVolumeMounts[0].subPath` | Subpath within the volume to mount | `vault-init.sh` | ## License diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml index c9c56cb1a..38fb7a644 100644 --- a/deployment/chainloop/values.yaml +++ b/deployment/chainloop/values.yaml @@ -605,16 +605,16 @@ controlplane: ## ref: https://gateway-api.sigs.k8s.io/guides/http-routing/ ## httpRoute: - ## @param httpRoute.enabled Enable HTTPRoute generation for WordPress + ## @param controlplane.httpRoute.enabled Enable HTTPRoute generation for controlplane ## enabled: false - ## @param httpRoute.annotations Additional annotations for the HTTPRoute resource + ## @param controlplane.httpRoute.annotations Additional annotations for the HTTPRoute resource ## annotations: {} - ## @param httpRoute.labels Additional labels for the HTTPRoute resource + ## @param controlplane.httpRoute.labels Additional labels for the HTTPRoute resource ## labels: {} - ## @param httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. + ## @param controlplane.httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. ## e.g: ## parentRefs: ## - name: my-gateway @@ -622,20 +622,20 @@ controlplane: ## namespace: default ## parentRefs: [] - ## @param httpRoute.hostnames [array] List of hostnames matching HTTP header + ## @param controlplane.httpRoute.hostnames [array] List of hostnames matching HTTP header ## hostnames: - cp.dev.local - ## @param httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference + ## @param controlplane.httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference ## matches: - path: type: PathPrefix value: / - ## @param httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference + ## @param controlplane.httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference ## filters: [] - ## @param httpRoute.extraRules List of extra rules applied to the HTTPRoute + ## @param controlplane.httpRoute.extraRules List of extra rules applied to the HTTPRoute ## e.g: ## extraRules: ## - matches: @@ -651,7 +651,7 @@ controlplane: ## remove: ## - User-Agent ## backendRefs: - ## - name: wordpress + ## - name: chainloop-controlplane ## port: 80 ## extraRules: [] @@ -1407,16 +1407,16 @@ cas: ## ref: https://gateway-api.sigs.k8s.io/guides/http-routing/ ## httpRoute: - ## @param httpRoute.enabled Enable HTTPRoute generation for WordPress + ## @param cas.httpRoute.enabled Enable HTTPRoute generation for CAS ## enabled: false - ## @param httpRoute.annotations Additional annotations for the HTTPRoute resource + ## @param cas.httpRoute.annotations Additional annotations for the HTTPRoute resource ## annotations: {} - ## @param httpRoute.labels Additional labels for the HTTPRoute resource + ## @param cas.httpRoute.labels Additional labels for the HTTPRoute resource ## labels: {} - ## @param httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. + ## @param cas.httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. ## e.g: ## parentRefs: ## - name: my-gateway @@ -1424,20 +1424,20 @@ cas: ## namespace: default ## parentRefs: [] - ## @param httpRoute.hostnames [array] List of hostnames matching HTTP header + ## @param cas.httpRoute.hostnames [array] List of hostnames matching HTTP header ## hostnames: - cas.dev.local - ## @param httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference + ## @param cas.httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference ## matches: - path: type: PathPrefix value: / - ## @param httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference + ## @param cas.httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference ## filters: [] - ## @param httpRoute.extraRules List of extra rules applied to the HTTPRoute + ## @param cas.httpRoute.extraRules List of extra rules applied to the HTTPRoute ## e.g: ## extraRules: ## - matches: @@ -1453,7 +1453,7 @@ cas: ## remove: ## - User-Agent ## backendRefs: - ## - name: wordpress + ## - name: chainloop-cas ## port: 80 ## extraRules: [] @@ -1790,12 +1790,16 @@ postgresql: ## Bitnami Hashicorp Vault chart configuration ## ref: https://github.com/bitnami/charts/blob/main/bitnami/vault/values.yaml -## @param vault.server.args Arguments to pass to the vault server. This is useful for setting the server in development mode -## @param vault.server.config Configuration for the vault server. Small override of default Bitnami configuration -## @param vault.server.extraEnvVars[0].name Root token for the vault server -## @param vault.server.extraEnvVars[0].value The value of the root token. Default: notasecret -## @param vault.server.extraEnvVars[1].name Address to listen on development mode -## @param vault.server.extraEnvVars[1].value The address to listen on. Default: [::]:8200 +## @skip vault.extraDeploy Array of extra objects to deploy with Vault (evaluated as a template) +## @param vault.server.command Override default container command +## @param vault.server.args Override default container args +## @skip vault.server.config Configuration for the vault server +## @param vault.server.extraVolumes[0].name Name of the extra volume +## @param vault.server.extraVolumes[0].configMap.name Name of the ConfigMap to mount +## @param vault.server.extraVolumes[0].configMap.defaultMode Default mode for the ConfigMap files +## @param vault.server.extraVolumeMounts[0].name Name of the volume to mount +## @param vault.server.extraVolumeMounts[0].mountPath Path where the volume should be mounted +## @param vault.server.extraVolumeMounts[0].subPath Subpath within the volume to mount vault: extraDeploy: - |