feat: utilize existing secret as env vars

Chart.yaml

@@ -7,7 +7,7 @@ description: A Helm chart template for byzanteam application
 # chart 类型
 type: application
 # chart 版本
-version: 1.2.0
+version: 1.3.0
 # 项目源码的URL列表
 sources:
   - https://github.com/Byzanteam/application-chart-template/

README.md

@@ -22,6 +22,9 @@ A Helm chart template for byzanteam application
 | applicationHosts | list | `[]` |  |
 | applicationTLS | object | `{}` |  |
 | corsSettings | object | `{}` |  |
+| envFromSecrets[].existSecretName | string | `""` | The secret resource name |
+| envFromSecrets[].env[].envName | string | `""` | The env name |
+| envFromSecrets[].env[].secretKey | string | `""` | The secret key name in the resource |
 | env | object | `{}` |  |
 | externalIngressroute | list | `[]` |  |
 | fullnameOverride | string | `""` |  |
@@ -109,6 +112,27 @@ applicationTLS:
     key: key-file base64 encoding
 ```
 
+### 8. 设置已存在的 secret 资源作为环境变量
+```yaml
+envFromSecrets:
+  - existSecretName: "jet-env-secret"
+    env:
+      - envName: "LOG_LEVEL"
+        secretKey: "jet_plugin_level"
+```
+> secret内容如下：
+>
+> ```yaml
+>apiVersion: v1
+> kind: Secret
+> metadata:
+>   name: example-env-secret
+> type: Opaque
+>   data:
+>   example-key1: TnV6YUNYQTlZUUxMOWI= # base64 encoding string
+>   example-key2: aYnlwd1VpcFNlb1FIMVR # base64 encoding string
+>   ```
+
 ## Misc
 ### 应用启动初始化设置
 ```yaml

templates/_helpers.tpl

@@ -72,3 +72,19 @@ Host for access rule
 {{- end }}
 {{- printf "(%s)" (join $orOperator $ruleHosts) }}
 {{- end }}
+
+{/*
+Build secret keys
+*/}
+{{- define "application-chart-template.applicationSecretKeys" -}}
+{{- range $secret := .Values.envFromSecrets }}
+{{- range $env := $secret.env }}
+- name: {{ $env.envName }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ $secret.existSecretName }}
+      key: {{ $env.secretKey | quote }}
+{{- end -}}
+{{- end -}}
+{{- end }}
+

templates/deployment.yaml

@@ -25,6 +25,10 @@ spec:
       {{- end }}
       containers:
         - name: {{ include "application-chart-template.name" . }}
+          {{- if .Values.envFromSecrets }}
+          env:
+            {{- include "application-chart-template.applicationSecretKeys" . | nindent 12 }}
+          {{- end }}
           envFrom:
             - configMapRef:
                 name: {{ include "application-chart-template.fullname" . }}-env

tests/deployment_test.yaml

@@ -76,3 +76,43 @@ tests:
           path: spec.template.spec.containers[0].volumeMounts[0].mountPath
           value: /path/file
 
+  - it: env should be set when envFromSecrets configed
+    set:
+      envFromSecrets:
+        - existSecretName: common
+          env:
+            - envName: "COMMON_ENV_1"
+              secretKey: "common_1"
+            - envName: "COMMON_ENV_2"
+              secretKey: "common_2"
+        - existSecretName: self
+          env:
+            - envName: "SELF_ENV_1"
+              secretKey: "self_1"
+            - envName: "SELF_ENV_2"
+              secretKey: "self_2"
+    asserts:
+      - isSubset:
+          path: spec.template.spec.containers[0]
+          content:
+            env:
+              - name: COMMON_ENV_1
+                valueFrom:
+                  secretKeyRef:
+                    name: common
+                    key: "common_1"
+              - name: COMMON_ENV_2
+                valueFrom:
+                  secretKeyRef:
+                    name: common
+                    key: "common_2"
+              - name: SELF_ENV_1
+                valueFrom:
+                  secretKeyRef:
+                    name: self
+                    key: "self_1"
+              - name: SELF_ENV_2
+                valueFrom:
+                  secretKeyRef:
+                    name: self
+                    key: "self_2"

values.yaml

@@ -118,5 +118,12 @@ volumes: []
   #     path: /local/path
   #     type: DirectoryOrCreate
 
+# 使用已存在的 secret 作为环境变量
+envFromSecrets: []
+  # - existSecretName: "jet-env-secret"
+  #   env:
+  #     - envName: "LOG_LEVEL"
+  #       secretKey: "jet_plugin_level"
+
 # application environment variablea, 根据实际设置
 env: {}