feat: Add envFrom for secrets

We can provide sensetive data as environment variables through the Kubernetes Secrets Signed-off-by: Sergiy Kulanov <[email protected]>
equinixmetal-helm · Oct 8, 2024 · 0d91099 · 0d91099
1 parent 6fd3b4b
commit 0d91099
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -76,6 +76,7 @@ please refer to [the official krakend documentation](https://www.krakend.io/docs
 | krakend.config | string, optional | `""` | If set, this key will contain the full configuration of the krakend service |
 | krakend.configFileSource | string, optional | `""` | an external file relative path, will contain the full configuration of the krakend service. useful if config file is generated with flexible config https://www.krakend.io/docs/configuration/flexible-config/ |
 | krakend.env | array | `[]` | The environment variables to use for the krakend container. The default is just the ones needed to enable flexible configuration. |
+| krakend.envFromSecret | string | `""` | The name of the secret containing the environment variables to use for the krakend container. |
 | krakend.extraConfig | object | `{"router":{"@comment":"The health endpoint checks do not show in the logs","logger_skip_paths":["/__health"]}}` | The service-level "extra_config" settings. This will directly be translated to JSON and is added only if you're not fully overriding the configuration via the `config` setting. For more information, see https://www.krakend.io/docs/enterprise/configuration/ |
 | krakend.partials | Object | `{"endpoints.tmpl":"[\n  {\n    \"endpoint\": \"/test\",\n    \"method\": \"GET\",\n    \"backend\": [\n        {\n            \"method\": \"GET\",\n            \"host\": [],\n            \"url_pattern\": \"/__debug/roots\",\n            \"encoding\": \"json\",\n            \"deny\": [\n                \"message\"\n            ]\n        }\n    ],\n    \"extra_config\": {\n        \"proxy\": {\n            \"static\": {\n                \"data\": {\n                    \"collection\": [\n                        {\n                            \"directories\": [\n                                \"Graceland\"\n                            ]\n                        }\n                    ],\n                    \"version\": \"deficient\"\n                },\n                \"strategy\": \"always\"\n            }\n        }\n    },\n    \"output_encoding\": \"json\"\n  }\n]","input_headers.tmpl":"\"input_headers\": [\n  \"Content-Type\",\n  \"ClientId\"\n]","rate_limit_backend.tmpl":"\"qos/ratelimit/proxy\": {\n  \"max_rate\": 0.5,\n  \"capacity\": 1\n}"}` | The default configuration has a partials files that will be used to load several aspects of the configuration. If you want to include expra partials, add or remove them here. |
 | krakend.partialsDirSource | string, optional | `""` | an external file relative path, will contain the partial configuration files of the krakend service. |

diff --git a/templates/deployment.yaml b/templates/deployment.yaml
@@ -78,6 +78,11 @@ spec:
             {{- with .Values.krakend.env }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
+          {{- if .Values.krakend.envFromSecret }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.krakend.envFromSecret }}
+          {{- end }}
           ports:
             - name: http
               containerPort: {{ .Values.service.targetPort }}

diff --git a/values.schema.json b/values.schema.json
@@ -96,6 +96,9 @@
                 "env": {
                     "type": "array"
                 },
+                "envFromSecret": {
+                    "type": "string"
+                },
                 "extraConfig": {
                     "type": "object"
                 },

diff --git a/values.yaml b/values.yaml
@@ -34,6 +34,8 @@ krakend:
   # -- (array) The environment variables to use for the krakend container.
   # The default is just the ones needed to enable flexible configuration.
   env: []
+  # -- (string) The name of the secret containing the environment variables to use for the krakend container.
+  envFromSecret: ""
   # -- (string, optional) If set, this key will contain the full configuration of the krakend service
   config: ""
   # -- (string, optional) an external file relative path, will contain the full