From e979feef030f060badbfe1f22be3cdb7223f5365 Mon Sep 17 00:00:00 2001 From: Christopher Kolstad Date: Tue, 14 Feb 2023 14:41:01 +0100 Subject: [PATCH] task: Make proxy chart accept keys from secrets (#65) In addition this extends the chart to also accept environment variables in a list as well as building environment variables from existing secrets. --- charts/unleash-proxy/Chart.yaml | 4 +-- .../examples/addingExistingSecrets.yaml | 23 ++++++++++++++++ .../examples/withApiAndClientKeySecrets.yaml | 11 ++++++++ .../unleash-proxy/templates/deployment.yaml | 27 +++++++++++++++++-- charts/unleash-proxy/values.yaml | 22 +++++++++++++++ 5 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 charts/unleash-proxy/examples/addingExistingSecrets.yaml create mode 100644 charts/unleash-proxy/examples/withApiAndClientKeySecrets.yaml diff --git a/charts/unleash-proxy/Chart.yaml b/charts/unleash-proxy/Chart.yaml index 633f044..16e2117 100644 --- a/charts/unleash-proxy/Chart.yaml +++ b/charts/unleash-proxy/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.1 +version: 0.2.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.11.7" +appVersion: "v0.13.1" maintainers: - name: nkz-soft diff --git a/charts/unleash-proxy/examples/addingExistingSecrets.yaml b/charts/unleash-proxy/examples/addingExistingSecrets.yaml new file mode 100644 index 0000000..021ca79 --- /dev/null +++ b/charts/unleash-proxy/examples/addingExistingSecrets.yaml @@ -0,0 +1,23 @@ +# Adds environment variables +env: + - name: LOG_LEVEL + value: info + +# adds environmentvars for existing secrets to the container via tpl function +existingSecrets: + - name: UNLEASH_SECRET_VALUE + valueFrom: + secretKeyRef: + name: mysecret + key: unleash + +proxy: + serverHost: http://unleash:4242/api + apiTokenSecret: + enabled: true + name: unleash-proxy-secret + key: apiToken + clientKeysSecret: + enabled: true + name: unleash-proxy-secret + key: clientKeys diff --git a/charts/unleash-proxy/examples/withApiAndClientKeySecrets.yaml b/charts/unleash-proxy/examples/withApiAndClientKeySecrets.yaml new file mode 100644 index 0000000..c361d7c --- /dev/null +++ b/charts/unleash-proxy/examples/withApiAndClientKeySecrets.yaml @@ -0,0 +1,11 @@ +proxy: + serverHost: http://unleash:4242/api + # Options + apiTokenSecret: + enabled: true + name: unleash-proxy-secret + key: apiToken + clientKeysSecret: + enabled: true + name: unleash-proxy-secret + key: clientKeys diff --git a/charts/unleash-proxy/templates/deployment.yaml b/charts/unleash-proxy/templates/deployment.yaml index 44745a8..83745b1 100644 --- a/charts/unleash-proxy/templates/deployment.yaml +++ b/charts/unleash-proxy/templates/deployment.yaml @@ -30,12 +30,28 @@ spec: containers: - name: {{ .Chart.Name }} env: - - name: UNLEASH_URL - value: "{{ .Values.proxy.serverHost }}" + {{- if .Values.proxy.apiTokenSecret.enabled }} + - name: UNLEASH_API_TOKEN + valueFrom: + secretKeyRef: + name: "{{ .Values.proxy.apiTokenSecret.name }}" + key: "{{ .Values.proxy.apiTokenSecret.key }}" + {{ else }} - name: UNLEASH_API_TOKEN value: "{{ .Values.proxy.apiToken }}" + {{- end }} + {{- if .Values.proxy.clientKeysSecret.enabled }} + - name: UNLEASH_PROXY_CLIENT_KEYS + valueFrom: + secretKeyRef: + name: "{{ .Values.proxy.clientKeysSecret.name }}" + key: "{{ .Values.proxy.clientKeysSecret.key }}" + {{ else }} - name: UNLEASH_PROXY_CLIENT_KEYS value: "{{ join "," .Values.proxy.clientKeys }}" + {{- end }} + - name: UNLEASH_URL + value: "{{ .Values.proxy.serverHost }}" {{- if .Values.proxy.logLevel }} - name: LOG_LEVEL value: "{{ .Values.proxy.logLevel }}" @@ -52,6 +68,13 @@ spec: - name: UNLEASH_INSTANCE_ID value: "{{ .Values.proxy.unleash_instance_id }}" {{- end }} + {{- if .Values.existingSecrets }} + {{- toYaml .Values.existingSecrets | nindent 12 }} + {{- end }} + {{- if .Values.env }} + {{- toYaml .Values.env | nindent 12 }} + {{- end }} + securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/charts/unleash-proxy/values.yaml b/charts/unleash-proxy/values.yaml index ac9e707..537d8af 100644 --- a/charts/unleash-proxy/values.yaml +++ b/charts/unleash-proxy/values.yaml @@ -81,6 +81,20 @@ tolerations: [] affinity: {} +# Adds environment variables +env: [] +# - name: LOG_LEVEL +# value: info + +# adds environmentvars for existing secrets to the container via tpl function +existingSecrets: + "" + # - name: UNLEASH_API_TOKEN + # valueFrom: + # secretKeyRef: + # name: secretname + # key: secretkey + proxy: serverHost: http://unleash:4242/api apiToken: "default:development.unleash-insecure-api-token" @@ -91,3 +105,11 @@ proxy: unleashAppName: "" environment: "" unleash_instance_id: "" + apiTokenSecret: + enabled: false + name: unleash-proxy-secret + key: apiToken + clientKeysSecret: + enabled: false + name: unleash-proxy-secret + key: clientKeys