From a5a3fadd33687143d61dc6278765882662b56564 Mon Sep 17 00:00:00 2001 From: Sergiy Kulanov Date: Sun, 6 Oct 2024 19:49:52 +0300 Subject: [PATCH] feat: Add envFrom for secrets We can provide sensetive data as environment variables through the Kubernetes Secrets Signed-off-by: Sergiy Kulanov --- README.md | 1 + templates/deployment.yaml | 5 +++++ values.schema.json | 3 +++ values.yaml | 2 ++ 4 files changed, 11 insertions(+) diff --git a/README.md b/README.md index 6ff59df..a2deec6 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ please refer to [the official krakend documentation](https://www.krakend.io/docs | krakend.config | string, optional | `""` | If set, this key will contain the full configuration of the krakend service | | krakend.configFileSource | string, optional | `""` | an external file relative path, will contain the full configuration of the krakend service. useful if config file is generated with flexible config https://www.krakend.io/docs/configuration/flexible-config/ | | krakend.env | array | `[]` | The environment variables to use for the krakend container. The default is just the ones needed to enable flexible configuration. | +| krakend.envFromSecret | string | `""` | The name of the secret containing the environment variables to use for the krakend container. | | krakend.extraConfig | object | `{"router":{"@comment":"The health endpoint checks do not show in the logs","logger_skip_paths":["/__health"]}}` | The service-level "extra_config" settings. This will directly be translated to JSON and is added only if you're not fully overriding the configuration via the `config` setting. For more information, see https://www.krakend.io/docs/enterprise/configuration/ | | krakend.partials | Object | `{"endpoints.tmpl":"[\n {\n \"endpoint\": \"/test\",\n \"method\": \"GET\",\n \"backend\": [\n {\n \"method\": \"GET\",\n \"host\": [],\n \"url_pattern\": \"/__debug/roots\",\n \"encoding\": \"json\",\n \"deny\": [\n \"message\"\n ]\n }\n ],\n \"extra_config\": {\n \"proxy\": {\n \"static\": {\n \"data\": {\n \"collection\": [\n {\n \"directories\": [\n \"Graceland\"\n ]\n }\n ],\n \"version\": \"deficient\"\n },\n \"strategy\": \"always\"\n }\n }\n },\n \"output_encoding\": \"json\"\n }\n]","input_headers.tmpl":"\"input_headers\": [\n \"Content-Type\",\n \"ClientId\"\n]","rate_limit_backend.tmpl":"\"qos/ratelimit/proxy\": {\n \"max_rate\": 0.5,\n \"capacity\": 1\n}"}` | The default configuration has a partials files that will be used to load several aspects of the configuration. If you want to include expra partials, add or remove them here. | | krakend.partialsDirSource | string, optional | `""` | an external file relative path, will contain the partial configuration files of the krakend service. | diff --git a/templates/deployment.yaml b/templates/deployment.yaml index bd771c8..9f85a8d 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -78,6 +78,11 @@ spec: {{- with .Values.krakend.env }} {{- toYaml . | nindent 12 }} {{- end }} + {{- if .Values.krakend.envFromSecret }} + envFrom: + - secretRef: + name: {{ .Values.krakend.envFromSecret }} + {{- end }} ports: - name: http containerPort: {{ .Values.service.targetPort }} diff --git a/values.schema.json b/values.schema.json index b2739dc..a06da89 100644 --- a/values.schema.json +++ b/values.schema.json @@ -96,6 +96,9 @@ "env": { "type": "array" }, + "envFromSecret": { + "type": "string" + }, "extraConfig": { "type": "object" }, diff --git a/values.yaml b/values.yaml index 5875b68..de545fb 100644 --- a/values.yaml +++ b/values.yaml @@ -34,6 +34,8 @@ krakend: # -- (array) The environment variables to use for the krakend container. # The default is just the ones needed to enable flexible configuration. env: [] + # -- (string) The name of the secret containing the environment variables to use for the krakend container. + envFromSecret: "" # -- (string, optional) If set, this key will contain the full configuration of the krakend service config: "" # -- (string, optional) an external file relative path, will contain the full