From 14900e532df9c71e741124225c0cdb34158ac1d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Wed, 14 Apr 2021 14:33:52 +0100 Subject: [PATCH] feat(chart): add envVarsFromConfigMap and envFrom support for more options to configure the Helm deployment (#706) * [helm-chart] More options to configure the Helm deployment * Update charts/kubernetes-external-secrets/Chart.yaml Co-authored-by: Markus Maga Co-authored-by: Markus Maga --- charts/kubernetes-external-secrets/README.md | 2 + .../templates/deployment.yaml | 11 +++++ .../kubernetes-external-secrets/values.yaml | 47 +++++++++++++++++-- 3 files changed, 57 insertions(+), 3 deletions(-) diff --git a/charts/kubernetes-external-secrets/README.md b/charts/kubernetes-external-secrets/README.md index ba969614..93b7318c 100644 --- a/charts/kubernetes-external-secrets/README.md +++ b/charts/kubernetes-external-secrets/README.md @@ -63,6 +63,8 @@ The following table lists the configurable parameters of the `kubernetes-externa | `envVarsFromSecret.ALICLOUD_ENDPOINT` | Set ALICLOUD_ENDPOINT for KMS Service in Deployment Pod | | | `envVarsFromSecret.ALICLOUD_ACCESS_KEY_ID` | Set ALICLOUD_ACCESS_KEY_ID (from a secret) in Deployment Pod | | | `envVarsFromSecret.ALICLOUD_ACCESS_KEY_SECRET` | Set ALICLOUD_ACCESS_KEY_SECRET (from a secret) in Deployment Pod | | +| `envVarsFromConfigMap.*` | Set any of the environment variables as `envVarsFromSecret` does but from a `configMap` in Deployment Pod | | +| `envFrom` | Enables the [`envFrom` block](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables) on the Deployment pod | | | `image.repository` | kubernetes-external-secrets Image name | `godaddy/kubernetes-external-secrets` | | `image.tag` | kubernetes-external-secrets Image tag | `7.1.0` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | diff --git a/charts/kubernetes-external-secrets/templates/deployment.yaml b/charts/kubernetes-external-secrets/templates/deployment.yaml index c4cd21f1..7e9ff5b4 100644 --- a/charts/kubernetes-external-secrets/templates/deployment.yaml +++ b/charts/kubernetes-external-secrets/templates/deployment.yaml @@ -59,6 +59,17 @@ spec: name: {{ $value.secretKeyRef | quote }} key: {{ $value.key | quote }} {{- end }} + {{- range $key, $value := .Values.envVarsFromConfigMap }} + - name: {{ $key }} + valueFrom: + configMapKeyRef: + name: {{ $value.configMapKeyRef | quote }} + key: {{ $value.key | quote }} + {{- end }} + {{- if .Values.envFrom }} + envFrom: + {{- .Values.envFrom | toYaml | nindent 12 }} + {{- end }} {{- if or .Values.filesFromSecret .Values.extraVolumeMounts }} volumeMounts: {{- if .Values.extraVolumeMounts }} diff --git a/charts/kubernetes-external-secrets/values.yaml b/charts/kubernetes-external-secrets/values.yaml index 58407877..3d63a16e 100644 --- a/charts/kubernetes-external-secrets/values.yaml +++ b/charts/kubernetes-external-secrets/values.yaml @@ -6,9 +6,9 @@ env: AWS_REGION: us-west-2 AWS_DEFAULT_REGION: us-west-2 - POLLER_INTERVAL_MILLISECONDS: 10000 # Caution, setting this frequency may incur additional charges on some platforms + POLLER_INTERVAL_MILLISECONDS: 10000 # Caution, setting this frequency may incur additional charges on some platforms WATCH_TIMEOUT: 60000 - WATCHED_NAMESPACES: "" # Comma separated list of namespaces, empty or unset means ALL namespaces. + WATCHED_NAMESPACES: "" # Comma separated list of namespaces, empty or unset means ALL namespaces. LOG_LEVEL: info LOG_MESSAGE_KEY: "msg" # Print logs level as string ("info") rather than integer (30) @@ -24,7 +24,7 @@ env: # AWS_SM_ENDPOINT: http://secretsmanager-fips.us-east-1.amazonaws.com # Create environment variables from existing k8s secrets -# envVarsFromSecret: +envVarsFromSecret: {} # AWS_ACCESS_KEY_ID: # secretKeyRef: aws-credentials # key: id @@ -50,6 +50,47 @@ env: # secretKeyRef: azure-credentials # key: clientsecret +# Create environment variables from existing k8s secrets +envVarsFromConfigMap: {} +# AWS_ACCESS_KEY_ID: +# configMapKeyRef: aws-credentials +# key: id +# AWS_SECRET_ACCESS_KEY: +# configMapKeyRef: aws-credentials +# key: key +# ALICLOUD_ENDPOINT: +# configMapKeyRef: alicloud-credentials +# key: endpoint +# ALICLOUD_ACCESS_KEY_ID: +# configMapKeyRef: alicloud-credentials +# key: id +# ALICLOUD_ACCESS_KEY_SECRET: +# configMapKeyRef: alicloud-credentials +# key: secret +# AZURE_TENANT_ID: +# configMapKeyRef: azure-credentials +# key: tenantid +# AZURE_CLIENT_ID: +# configMapKeyRef: azure-credentials +# key: clientid +# AZURE_CLIENT_SECRET: +# configMapKeyRef: azure-credentials +# key: clientsecret + + +# List of sources to populate environment variables in the container. +# The keys defined within a source must be a C_IDENTIFIER. All invalid keys +# will be reported as an event when the container is starting. When a key +# exists in multiple sources, the value associated with the last source will +# take precedence. Values defined by an Env with a duplicate key will take precedence. +# https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +envFrom: {} +# - configMapRef: +# name: special-config +# - secretRef: +# name: special-config + + # Create files from existing k8s secrets # filesFromSecret: # gcp-creds: