From ebfb72282cd2473c6bb1079c25fc70935b773e33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikke=20Schir=C3=A9n?= Date: Wed, 25 Sep 2024 13:20:58 +0200 Subject: [PATCH 1/4] add the posibility to add external secrets as env variables --- .../chart/zulip/templates/statefulset.yaml | 5 +++++ kubernetes/chart/zulip/values.yaml | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/kubernetes/chart/zulip/templates/statefulset.yaml b/kubernetes/chart/zulip/templates/statefulset.yaml index 1accf07197..5cd38ca6d3 100644 --- a/kubernetes/chart/zulip/templates/statefulset.yaml +++ b/kubernetes/chart/zulip/templates/statefulset.yaml @@ -52,6 +52,11 @@ spec: mountPath: /data/post-setup.d env: {{ include "zulip.env" . | nindent 12 }} + {{- if .Values.envSecrets }} + envFrom: + - secretRef: + name: {{ .Values.zulip.envSecrets }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- if .Values.livenessProbe.enabled }} diff --git a/kubernetes/chart/zulip/values.yaml b/kubernetes/chart/zulip/values.yaml index fdb842ff92..bb554b2300 100644 --- a/kubernetes/chart/zulip/values.yaml +++ b/kubernetes/chart/zulip/values.yaml @@ -139,6 +139,22 @@ zulip: SETTING_EMAIL_USE_SSL: "False" SETTING_EMAIL_USE_TLS: "True" ZULIP_AUTH_BACKENDS: "EmailAuthBackend" + # -- Mount a environment variables from secrets. Name the secret name. + # If you have a secret with env. variables created named zulip-secrets + # you will add: + # `envSecrets: zulip-secrets` + # The secrets file you manually create in the namespace, can look something + # like this (secrets need to be base64 encoded): + # --- + # apiVersion: v1 + # kind: Secret + # metadata: + # name: zulip-secrets + # type: Opaque + # data: + # SECRETS_email_password: MTIzNDU2Nzg5 + # MY_OTHER_SECRET: Zm9vaXNiYXI= + envSecrets: # -- If `persistence.existingClaim` is not set, a PVC is generated with these # specifications. persistence: From 0f8a051b460892ee6da180fed827e4df24f62b7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikke=20Schir=C3=A9n?= Date: Wed, 25 Sep 2024 13:24:58 +0200 Subject: [PATCH 2/4] improve language --- kubernetes/chart/zulip/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/chart/zulip/values.yaml b/kubernetes/chart/zulip/values.yaml index bb554b2300..a3ac7f8949 100644 --- a/kubernetes/chart/zulip/values.yaml +++ b/kubernetes/chart/zulip/values.yaml @@ -139,7 +139,7 @@ zulip: SETTING_EMAIL_USE_SSL: "False" SETTING_EMAIL_USE_TLS: "True" ZULIP_AUTH_BACKENDS: "EmailAuthBackend" - # -- Mount a environment variables from secrets. Name the secret name. + # -- Mount environment variables from secrets. Use the secret name. # If you have a secret with env. variables created named zulip-secrets # you will add: # `envSecrets: zulip-secrets` From 75c4f1966fe5fa8a3734a978202606c43a4fb245 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikke=20Schir=C3=A9n?= Date: Thu, 26 Sep 2024 13:57:20 +0200 Subject: [PATCH 3/4] helm: set the possibility to add several external secrets --- kubernetes/chart/zulip/templates/statefulset.yaml | 6 ++++-- kubernetes/chart/zulip/values.yaml | 9 ++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/kubernetes/chart/zulip/templates/statefulset.yaml b/kubernetes/chart/zulip/templates/statefulset.yaml index 5cd38ca6d3..7acb1a9598 100644 --- a/kubernetes/chart/zulip/templates/statefulset.yaml +++ b/kubernetes/chart/zulip/templates/statefulset.yaml @@ -52,10 +52,12 @@ spec: mountPath: /data/post-setup.d env: {{ include "zulip.env" . | nindent 12 }} - {{- if .Values.envSecrets }} + {{- if .Values.zulip.envSecrets }} envFrom: + {{- range .Values.zulip.envSecrets }} - secretRef: - name: {{ .Values.zulip.envSecrets }} + name: {{ . }} + {{- end }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/kubernetes/chart/zulip/values.yaml b/kubernetes/chart/zulip/values.yaml index a3ac7f8949..15c5caea52 100644 --- a/kubernetes/chart/zulip/values.yaml +++ b/kubernetes/chart/zulip/values.yaml @@ -142,7 +142,10 @@ zulip: # -- Mount environment variables from secrets. Use the secret name. # If you have a secret with env. variables created named zulip-secrets # you will add: - # `envSecrets: zulip-secrets` + # ``` + # envSecrets: + # - zulip-secrets + # - other-secrets # The secrets file you manually create in the namespace, can look something # like this (secrets need to be base64 encoded): # --- @@ -153,8 +156,8 @@ zulip: # type: Opaque # data: # SECRETS_email_password: MTIzNDU2Nzg5 - # MY_OTHER_SECRET: Zm9vaXNiYXI= - envSecrets: + # SECRET: Zm9vaXNiYXI= + envSecrets: [] # -- If `persistence.existingClaim` is not set, a PVC is generated with these # specifications. persistence: From 9416ffb938aad33bc00f58d45ea9351d51d80862 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikke=20Schir=C3=A9n?= Date: Thu, 26 Sep 2024 14:01:05 +0200 Subject: [PATCH 4/4] helm: fix syntax for values for envSecrets --- kubernetes/chart/zulip/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kubernetes/chart/zulip/values.yaml b/kubernetes/chart/zulip/values.yaml index 15c5caea52..bb2616356b 100644 --- a/kubernetes/chart/zulip/values.yaml +++ b/kubernetes/chart/zulip/values.yaml @@ -157,7 +157,8 @@ zulip: # data: # SECRETS_email_password: MTIzNDU2Nzg5 # SECRET: Zm9vaXNiYXI= - envSecrets: [] + envSecrets: + [] # -- If `persistence.existingClaim` is not set, a PVC is generated with these # specifications. persistence: