feat(chart): add envVarsFromConfigMap and envFrom support for more op…

…tions to configure the Helm deployment (#706)

* [helm-chart] More options to configure the Helm deployment

* Update charts/kubernetes-external-secrets/Chart.yaml

Co-authored-by: Markus Maga <[email protected]>

Co-authored-by: Markus Maga <[email protected]>

charts/kubernetes-external-secrets/README.md

@@ -63,6 +63,8 @@ The following table lists the configurable parameters of the `kubernetes-externa
 | `envVarsFromSecret.ALICLOUD_ENDPOINT`     | Set ALICLOUD_ENDPOINT for KMS Service in Deployment Pod                                                                           |                                       |
 | `envVarsFromSecret.ALICLOUD_ACCESS_KEY_ID`     | Set ALICLOUD_ACCESS_KEY_ID (from a secret) in Deployment Pod                                                                 |                                       |
 | `envVarsFromSecret.ALICLOUD_ACCESS_KEY_SECRET` | Set ALICLOUD_ACCESS_KEY_SECRET (from a secret) in Deployment Pod                                                             |                                       |
+| `envVarsFromConfigMap.*` | Set any of the environment variables as `envVarsFromSecret` does but from a `configMap` in Deployment Pod                                                             |                                       |
+| `envFrom` | Enables the [`envFrom` block](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables) on the Deployment pod                                                              |                                       |
 | `image.repository`                        | kubernetes-external-secrets Image name                                                                                            | `godaddy/kubernetes-external-secrets` |
 | `image.tag`                               | kubernetes-external-secrets Image tag                                                                                             | `7.1.0`                               |
 | `image.pullPolicy`                        | Image pull policy                                                                                                                 | `IfNotPresent`                        |

charts/kubernetes-external-secrets/templates/deployment.yaml

@@ -59,6 +59,17 @@ spec:
                 name: {{ $value.secretKeyRef | quote }}
                 key: {{ $value.key | quote }}
           {{- end }}
+          {{- range $key, $value := .Values.envVarsFromConfigMap }}
+          - name: {{ $key }}
+            valueFrom:
+              configMapKeyRef:
+                name: {{ $value.configMapKeyRef | quote }}
+                key: {{ $value.key | quote }}
+          {{- end }}
+          {{- if .Values.envFrom }}
+          envFrom:
+          {{- .Values.envFrom | toYaml | nindent 12 }}
+          {{- end }}
           {{- if or .Values.filesFromSecret .Values.extraVolumeMounts }}
           volumeMounts:
           {{- if .Values.extraVolumeMounts }}

charts/kubernetes-external-secrets/values.yaml

@@ -6,9 +6,9 @@
 env:
   AWS_REGION: us-west-2
   AWS_DEFAULT_REGION: us-west-2
-  POLLER_INTERVAL_MILLISECONDS: 10000 # Caution, setting this frequency may incur additional charges on some platforms
+  POLLER_INTERVAL_MILLISECONDS: 10000  # Caution, setting this frequency may incur additional charges on some platforms
   WATCH_TIMEOUT: 60000
-  WATCHED_NAMESPACES: "" # Comma separated list of namespaces, empty or unset means ALL namespaces.
+  WATCHED_NAMESPACES: ""  # Comma separated list of namespaces, empty or unset means ALL namespaces.
   LOG_LEVEL: info
   LOG_MESSAGE_KEY: "msg"
   # Print logs level as string ("info") rather than integer (30)
@@ -24,7 +24,7 @@ env:
   # AWS_SM_ENDPOINT: http://secretsmanager-fips.us-east-1.amazonaws.com
 
 # Create environment variables from existing k8s secrets
-# envVarsFromSecret:
+envVarsFromSecret: {}
 #  AWS_ACCESS_KEY_ID:
 #    secretKeyRef: aws-credentials
 #    key: id
@@ -50,6 +50,47 @@ env:
 #    secretKeyRef: azure-credentials
 #    key: clientsecret
 
+# Create environment variables from existing k8s secrets
+envVarsFromConfigMap: {}
+#  AWS_ACCESS_KEY_ID:
+#    configMapKeyRef: aws-credentials
+#    key: id
+#  AWS_SECRET_ACCESS_KEY:
+#    configMapKeyRef: aws-credentials
+#    key: key
+#  ALICLOUD_ENDPOINT:
+#    configMapKeyRef: alicloud-credentials
+#    key: endpoint
+#  ALICLOUD_ACCESS_KEY_ID:
+#    configMapKeyRef: alicloud-credentials
+#    key: id
+#  ALICLOUD_ACCESS_KEY_SECRET:
+#    configMapKeyRef: alicloud-credentials
+#    key: secret
+#  AZURE_TENANT_ID:
+#    configMapKeyRef: azure-credentials
+#    key: tenantid
+#  AZURE_CLIENT_ID:
+#    configMapKeyRef: azure-credentials
+#    key: clientid
+#  AZURE_CLIENT_SECRET:
+#    configMapKeyRef: azure-credentials
+#    key: clientsecret
+
+
+# List of sources to populate environment variables in the container.
+# The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+# will be reported as an event when the container is starting. When a key
+# exists in multiple sources, the value associated with the last source will
+# take precedence. Values defined by an Env with a duplicate key will take precedence.
+# https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
+envFrom: {}
+# - configMapRef:
+#     name: special-config
+# - secretRef:
+#     name: special-config
+
+
 # Create files from existing k8s secrets
 # filesFromSecret:
 #   gcp-creds: