From ab4da322d5b4a1843b48699caa69229cc240adf2 Mon Sep 17 00:00:00 2001 From: YkeLit Date: Fri, 1 Mar 2024 16:01:46 +0800 Subject: [PATCH 1/5] feat: utilize existing secret as env vars --- README.md | 27 +++++++++++++++++++++++++++ templates/_helpers.tpl | 14 ++++++++++++++ templates/deployment.yaml | 4 ++++ values.yaml | 5 +++++ 4 files changed, 50 insertions(+) diff --git a/README.md b/README.md index 51c9359..ac5cebc 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,8 @@ A Helm chart template for byzanteam application | applicationHosts | list | `[]` | | | applicationTLS | object | `{}` | | | corsSettings | object | `{}` | | +| existEnvSecret.sourceName | string | `""` | The secret resource name | +| existEnvSecret.secretKyes | object | `[]` | The secret key name in the resource | | env | object | `{}` | | | externalIngressroute | list | `[]` | | | fullnameOverride | string | `""` | | @@ -109,6 +111,31 @@ applicationTLS: key: key-file base64 encoding ``` +### 8. 设置已存在的 secret 资源作为环境变量 +```yaml +existEnvSecret: + sourceName: example-env-secret + secretKyes: + - example-key1 + - example-key2 +``` +> 注:`secretKyes` 为环境变量名小写英文字母,单词之间使用 `-` 连接 +> +> secret内容如下: +> +> ```yaml +> apiVersion: v1 +> kind: Secret +> metadata: +> name: example-env-secret +> type: Opaque +> data: +> example-key1: TnV6YUNYQTlZUUxMOWI= # base64 encoding string +> example-key2: aYnlwd1VpcFNlb1FIMVR # base64 encoding string +> ``` +> +> + ## Misc ### 应用启动初始化设置 ```yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 3bd52bb..3f3fe92 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -72,3 +72,17 @@ Host for access rule {{- end }} {{- printf "(%s)" (join $orOperator $ruleHosts) }} {{- end }} + +{/* +Build secret keys +*/} +{{- define "application-chart-template.applicationSecretKeys" -}} +{{- range $key := .Values.existEnvSecret.secretKyes }} +- name: {{ $key | quote | replace "-" "_" | upper }} + valueFrom: + secretKeyRef: + name: {{ $.Values.existEnvSecret.sourceName }} + key: {{ $key | quote }} +{{- end -}} +{{- end }} + diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 6a8846e..595878d 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -25,6 +25,10 @@ spec: {{- end }} containers: - name: {{ include "application-chart-template.name" . }} + {{- if .Values.existEnvSecret }} + env: + {{- include "application-chart-template.applicationSecretKeys" . | nindent 12 }} + {{- end }} envFrom: - configMapRef: name: {{ include "application-chart-template.fullname" . }}-env diff --git a/values.yaml b/values.yaml index 6d434a0..9fadf00 100644 --- a/values.yaml +++ b/values.yaml @@ -118,5 +118,10 @@ volumes: [] # path: /local/path # type: DirectoryOrCreate +# 使用已存在的 secret 作为环境变量 +existEnvSecret: + sourceName: + secretKyes: [] + # application environment variablea, 根据实际设置 env: {} From e2dffd3dc1a25b9adcc85b99737ba57581ff65bc Mon Sep 17 00:00:00 2001 From: YkeLit Date: Fri, 1 Mar 2024 17:35:51 +0800 Subject: [PATCH 2/5] feat: support multiple secrets --- templates/_helpers.tpl | 6 ++++-- values.yaml | 6 +++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 3f3fe92..548e136 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -77,12 +77,14 @@ Host for access rule Build secret keys */} {{- define "application-chart-template.applicationSecretKeys" -}} -{{- range $key := .Values.existEnvSecret.secretKyes }} +{{- range $secret := .Values.existEnvSecret }} +{{- range $key := $secret.secretKyes }} - name: {{ $key | quote | replace "-" "_" | upper }} valueFrom: secretKeyRef: - name: {{ $.Values.existEnvSecret.sourceName }} + name: {{ $secret.sourceName }} key: {{ $key | quote }} {{- end -}} +{{- end -}} {{- end }} diff --git a/values.yaml b/values.yaml index 9fadf00..c3899f5 100644 --- a/values.yaml +++ b/values.yaml @@ -119,9 +119,9 @@ volumes: [] # type: DirectoryOrCreate # 使用已存在的 secret 作为环境变量 -existEnvSecret: - sourceName: - secretKyes: [] +existEnvSecret: [] + # - sourceName: "" + # secretKyes: [] # application environment variablea, 根据实际设置 env: {} From 3b58a7d5d600def5051a498036a65c2b18d82166 Mon Sep 17 00:00:00 2001 From: YkeLit Date: Fri, 1 Mar 2024 17:39:36 +0800 Subject: [PATCH 3/5] docs: improve structure of env secrets, accommodating multiple sources --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index ac5cebc..1eec0bd 100644 --- a/README.md +++ b/README.md @@ -22,8 +22,8 @@ A Helm chart template for byzanteam application | applicationHosts | list | `[]` | | | applicationTLS | object | `{}` | | | corsSettings | object | `{}` | | -| existEnvSecret.sourceName | string | `""` | The secret resource name | -| existEnvSecret.secretKyes | object | `[]` | The secret key name in the resource | +| existEnvSecret[].sourceName | string | `""` | The secret resource name | +| existEnvSecret[].secretKyes | object | `[]` | The secret key name in the resource | | env | object | `{}` | | | externalIngressroute | list | `[]` | | | fullnameOverride | string | `""` | | @@ -114,10 +114,10 @@ applicationTLS: ### 8. 设置已存在的 secret 资源作为环境变量 ```yaml existEnvSecret: - sourceName: example-env-secret - secretKyes: - - example-key1 - - example-key2 + - sourceName: example-env-secret + secretKyes: + - example-key1 + - example-key2 ``` > 注:`secretKyes` 为环境变量名小写英文字母,单词之间使用 `-` 连接 > @@ -134,7 +134,7 @@ existEnvSecret: > example-key2: aYnlwd1VpcFNlb1FIMVR # base64 encoding string > ``` > -> +> ## Misc ### 应用启动初始化设置 From 9ad329d97d53e7d0c12ca8c78534942572eec036 Mon Sep 17 00:00:00 2001 From: YkeLit Date: Tue, 5 Mar 2024 12:20:23 +0800 Subject: [PATCH 4/5] chore: update env secret names --- README.md | 25 +++++++++++------------- templates/_helpers.tpl | 10 +++++----- templates/deployment.yaml | 2 +- tests/deployment_test.yaml | 40 ++++++++++++++++++++++++++++++++++++++ values.yaml | 8 +++++--- 5 files changed, 62 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 1eec0bd..a9db36c 100644 --- a/README.md +++ b/README.md @@ -22,8 +22,9 @@ A Helm chart template for byzanteam application | applicationHosts | list | `[]` | | | applicationTLS | object | `{}` | | | corsSettings | object | `{}` | | -| existEnvSecret[].sourceName | string | `""` | The secret resource name | -| existEnvSecret[].secretKyes | object | `[]` | The secret key name in the resource | +| envFromSecrets[].existSecretName | string | `""` | The secret resource name | +| envFromSecrets[].env[].envName | string | `""` | The env name | +| envFromSecrets[].env[].secretKey | string | `""` | The secret key name in the resource | | env | object | `{}` | | | externalIngressroute | list | `[]` | | | fullnameOverride | string | `""` | | @@ -113,28 +114,24 @@ applicationTLS: ### 8. 设置已存在的 secret 资源作为环境变量 ```yaml -existEnvSecret: - - sourceName: example-env-secret - secretKyes: - - example-key1 - - example-key2 +envFromSecrets: + - existSecretName: "jet-env-secret" + env: + - envName: "LOG_LEVEL" + secretKey: "jet_plugin_level" ``` -> 注:`secretKyes` 为环境变量名小写英文字母,单词之间使用 `-` 连接 -> > secret内容如下: > > ```yaml -> apiVersion: v1 +>apiVersion: v1 > kind: Secret > metadata: > name: example-env-secret > type: Opaque -> data: +> data: > example-key1: TnV6YUNYQTlZUUxMOWI= # base64 encoding string > example-key2: aYnlwd1VpcFNlb1FIMVR # base64 encoding string -> ``` -> -> +> ``` ## Misc ### 应用启动初始化设置 diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 548e136..12e0edd 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -77,13 +77,13 @@ Host for access rule Build secret keys */} {{- define "application-chart-template.applicationSecretKeys" -}} -{{- range $secret := .Values.existEnvSecret }} -{{- range $key := $secret.secretKyes }} -- name: {{ $key | quote | replace "-" "_" | upper }} +{{- range $secret := .Values.envFromSecrets }} +{{- range $env := $secret.env }} +- name: {{ $env.envName }} valueFrom: secretKeyRef: - name: {{ $secret.sourceName }} - key: {{ $key | quote }} + name: {{ $secret.existSecretName }} + key: {{ $env.secretKey | quote }} {{- end -}} {{- end -}} {{- end }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 595878d..068617f 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -25,7 +25,7 @@ spec: {{- end }} containers: - name: {{ include "application-chart-template.name" . }} - {{- if .Values.existEnvSecret }} + {{- if .Values.envFromSecrets }} env: {{- include "application-chart-template.applicationSecretKeys" . | nindent 12 }} {{- end }} diff --git a/tests/deployment_test.yaml b/tests/deployment_test.yaml index 5668301..e1b41a4 100644 --- a/tests/deployment_test.yaml +++ b/tests/deployment_test.yaml @@ -76,3 +76,43 @@ tests: path: spec.template.spec.containers[0].volumeMounts[0].mountPath value: /path/file + - it: env should be set when envFromSecrets configed + set: + envFromSecrets: + - existSecretName: common + env: + - envName: "COMMON_ENV_1" + secretKey: "common_1" + - envName: "COMMON_ENV_2" + secretKey: "common_2" + - existSecretName: self + env: + - envName: "SELF_ENV_1" + secretKey: "self_1" + - envName: "SELF_ENV_2" + secretKey: "self_2" + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: COMMON_ENV_1 + valueFrom: + secretKeyRef: + name: common + key: "common_1" + - name: COMMON_ENV_2 + valueFrom: + secretKeyRef: + name: common + key: "common_2" + - name: SELF_ENV_1 + valueFrom: + secretKeyRef: + name: self + key: "self_1" + - name: SELF_ENV_2 + valueFrom: + secretKeyRef: + name: self + key: "self_2" diff --git a/values.yaml b/values.yaml index c3899f5..63d080c 100644 --- a/values.yaml +++ b/values.yaml @@ -119,9 +119,11 @@ volumes: [] # type: DirectoryOrCreate # 使用已存在的 secret 作为环境变量 -existEnvSecret: [] - # - sourceName: "" - # secretKyes: [] +envFromSecrets: [] + # - existSecretName: "jet-env-secret" + # env: + # - envName: "LOG_LEVEL" + # secretKey: "jet_plugin_level" # application environment variablea, 根据实际设置 env: {} From 4a43df084e15684441a726c5de17b0a3605d1d4e Mon Sep 17 00:00:00 2001 From: YkeLit Date: Tue, 5 Mar 2024 12:22:56 +0800 Subject: [PATCH 5/5] feat: update chart version to 1.3.0 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index abc2112..abc7f77 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -7,7 +7,7 @@ description: A Helm chart template for byzanteam application # chart 类型 type: application # chart 版本 -version: 1.2.0 +version: 1.3.0 # 项目源码的URL列表 sources: - https://github.com/Byzanteam/application-chart-template/