Support envfrom secret #94
Conversation
|
liangliangma seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
There was a problem hiding this comment.
Thank very much for the contribution @futurelm!
There are some conflicts with the main branch, could you solve them please? Also, I might be mistaken but it seems that README was not generated with helm-docs: please give the contribution guide a look.
Also, I left a couple of notes, and would love to hear your thoughts
| {{- $fullName := include "pyroscope.fullname" . -}} | ||
| {{- if .Values.env }} | ||
| env: | ||
| {{- range $k, $v := .Values.env }} | ||
| - name: {{ $k }} | ||
| value: {{ $v }} | ||
| {{- end }} | ||
| {{- if .Values.envFrom }} | ||
| {{- range $key, $val := .Values.envFrom }} | ||
| - name: {{ $key }} | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: {{ $fullName }}-env-secret | ||
| key: {{ $val }} | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- if empty .Values.env }} | ||
| {{- if .Values.envFrom }} | ||
| env: | ||
| {{- range $key, $val := .Values.envFrom }} | ||
| - name: {{ $key }} | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: {{ $fullName }}-env-secret | ||
| key: {{ $val }} | ||
| {{- end }} | ||
| {{- end }} |
There was a problem hiding this comment.
I think envFrom might be misleading as there is k8s directive with the same name already that works slightly differently. Please consider changing .Values.envFrom to .Values.envVars.
Also, it might be better to require a user to provide the full structure rather than forcing them to use predefined secret names like pyroscope-env-secret and to not limit them to secretKeyRefenv var source (there are three more of them)
For example (I did't test it):
values.yaml:
env:
KEY: value
envVars:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
optional: false
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
optional: truedeployment.yaml:
{{- if or .Values.env .Values.envVars }}
env:
{{- range $k, $v := .Values.env }}
- name: {{ $k }}
value: {{ $v }}
{{- end }}
{{- with .Values.envVars }}
{{- toYaml . | indent 12 }} # Not sure about indent
{{- end }}
{{- end }}There was a problem hiding this comment.
sure, it is better to not limit them to secretKeyRefenv var source, i will update to use toYaml
| @@ -191,6 +191,8 @@ extraVolumeMounts: [] | |||
| # -- Extra environment variables | |||
| env: {} | |||
|
|
|||
| envFrom: {} | |||
There was a problem hiding this comment.
It would be great to have a comment here explaining users the difference with env and which option is preferable in a particular case (e.g if one wants to protect sensitive variables)
pass env variables use secret
https://pyroscope.slack.com/archives/C01FJRYENPQ/p1668486401890059
similar open issue: #41