[stable/gangway] add logic for applying env vars and pod annotations (h…

…elm#20486) * Added logic to allow loading secrets from ENV Vars and apply pod annotations Signed-off-by: cten <cxtenberge5@gmail.com> * Added logic to allow loading secrets from ENV Vars and apply pod annotations Signed-off-by: cten <cxtenberge5@gmail.com> * Bumped version Signed-off-by: cten <cxtenberge5@gmail.com>
includerandom · Jul 19, 2020 · be055cd · be055cd
1 parent 64875b3
commit be055cd
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 2 deletions.
diff --git a/stable/gangway/Chart.yaml b/stable/gangway/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 description: An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster.
 name: gangway
-version: 0.4.1
+version: 0.4.2
 appVersion: 3.3.0
 home: https://github.com/heptiolabs/gangway
 sources:

diff --git a/stable/gangway/README.md b/stable/gangway/README.md
@@ -35,6 +35,7 @@ At a minimum you *must* configure any of the values marked as **required** in th
 | Parameter                        | Description                                                                                                                                                                                                     | Default                                            |
 | -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
 | `affinity`                       | List of affinities (requires Kubernetes >=1.6)                                                                                                                                                                  | `{}`                                               |
+| `env`                            | Environment variables to apply to the pod.                                                                                                                                                                      | `{}`                                               |
 | `extraVolumes`                   | List of extra volumes                                                                                                                                                                                           | `[]`                                               |
 | `extraVolumeMounts`              | List of extra volumeMounts                                                                                                                                                                                      | `[]`                                               |
 | `gangway.allowEmptyClientSecret` | Some identity providers accept an empty client secret, this is not generally considered a good idea. If you have to use an empty secret and accept the risks that come with that then you can set this to true. | `false`                                            |

diff --git a/stable/gangway/templates/deployment.yaml b/stable/gangway/templates/deployment.yaml
@@ -21,6 +21,9 @@ spec:
       annotations:
         check/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         check/values: {{ .Files.Get   "../values.yaml"   | sha256sum }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | trim | indent 8 }}  
+{{- end }}
     spec:
       {{- if .Values.image.pullSecrets }}
       imagePullSecrets:
@@ -35,11 +38,17 @@ spec:
         - -config
         - /gangway/gangway.yaml
         env:
+{{- if not .Values.env.GANGWAY_SESSION_SECURITY_KEY }}
         - name: GANGWAY_SESSION_SECURITY_KEY
           valueFrom:
             secretKeyRef:
               key: sessionkey
               name: {{ include "gangway.fullname" . }}-key
+{{- end }}
+{{- range $k, $v := .Values.env }}
+        - name: {{ $k }}
+          value: {{ $v }}
+{{- end }}
         ports:
         - name: http
           containerPort: {{ .Values.gangway.port }}

diff --git a/stable/gangway/templates/key.yaml b/stable/gangway/templates/key.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.env.GANGWAY_SESSION_SECURITY_KEY -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -9,4 +10,5 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 type: Opaque
 data:
-  sessionkey: {{ ( default ( randAlphaNum 32 ) .Values.gangway.sessionKey ) | b64enc | quote }}
+  sessionkey: {{ ( default ( randAlphaNum 32 ) .Values.gangway.sessionKey ) | b64enc | quote }}
+{{- end -}}
diff --git a/stable/gangway/values.yaml b/stable/gangway/values.yaml
@@ -19,6 +19,12 @@ fullnameOverride: ""
 #  ...
 #  -----END CERTIFICATE-----
 
+# Add Env Variables to pod
+env: {}
+
+# Add annotations to the pod
+podAnnotations: {}
+
 gangway:
   # The address to listen on. Defaults to 0.0.0.0 to listen on all interfaces.
   # Env var: GANGWAY_HOST