From be055cd7e45a3eb7f1007760423157cd0b1bb368 Mon Sep 17 00:00:00 2001 From: cten Date: Thu, 19 Mar 2020 10:29:23 -0400 Subject: [PATCH] [stable/gangway] add logic for applying env vars and pod annotations (#20486) * Added logic to allow loading secrets from ENV Vars and apply pod annotations Signed-off-by: cten * Added logic to allow loading secrets from ENV Vars and apply pod annotations Signed-off-by: cten * Bumped version Signed-off-by: cten --- stable/gangway/Chart.yaml | 2 +- stable/gangway/README.md | 1 + stable/gangway/templates/deployment.yaml | 9 +++++++++ stable/gangway/templates/key.yaml | 4 +++- stable/gangway/values.yaml | 6 ++++++ 5 files changed, 20 insertions(+), 2 deletions(-) diff --git a/stable/gangway/Chart.yaml b/stable/gangway/Chart.yaml index 293653a5405f..c5a36d3ed190 100644 --- a/stable/gangway/Chart.yaml +++ b/stable/gangway/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster. name: gangway -version: 0.4.1 +version: 0.4.2 appVersion: 3.3.0 home: https://github.com/heptiolabs/gangway sources: diff --git a/stable/gangway/README.md b/stable/gangway/README.md index 69e9ebb4af09..b29cb1bf7bcd 100644 --- a/stable/gangway/README.md +++ b/stable/gangway/README.md @@ -35,6 +35,7 @@ At a minimum you *must* configure any of the values marked as **required** in th | Parameter | Description | Default | | -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | | `affinity` | List of affinities (requires Kubernetes >=1.6) | `{}` | +| `env` | Environment variables to apply to the pod. | `{}` | | `extraVolumes` | List of extra volumes | `[]` | | `extraVolumeMounts` | List of extra volumeMounts | `[]` | | `gangway.allowEmptyClientSecret` | Some identity providers accept an empty client secret, this is not generally considered a good idea. If you have to use an empty secret and accept the risks that come with that then you can set this to true. | `false` | diff --git a/stable/gangway/templates/deployment.yaml b/stable/gangway/templates/deployment.yaml index 99aa68305fce..7d1403fc0ee9 100644 --- a/stable/gangway/templates/deployment.yaml +++ b/stable/gangway/templates/deployment.yaml @@ -21,6 +21,9 @@ spec: annotations: check/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} check/values: {{ .Files.Get "../values.yaml" | sha256sum }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | trim | indent 8 }} +{{- end }} spec: {{- if .Values.image.pullSecrets }} imagePullSecrets: @@ -35,11 +38,17 @@ spec: - -config - /gangway/gangway.yaml env: +{{- if not .Values.env.GANGWAY_SESSION_SECURITY_KEY }} - name: GANGWAY_SESSION_SECURITY_KEY valueFrom: secretKeyRef: key: sessionkey name: {{ include "gangway.fullname" . }}-key +{{- end }} +{{- range $k, $v := .Values.env }} + - name: {{ $k }} + value: {{ $v }} +{{- end }} ports: - name: http containerPort: {{ .Values.gangway.port }} diff --git a/stable/gangway/templates/key.yaml b/stable/gangway/templates/key.yaml index c034336476e6..1fb1ea8bed62 100644 --- a/stable/gangway/templates/key.yaml +++ b/stable/gangway/templates/key.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.env.GANGWAY_SESSION_SECURITY_KEY -}} apiVersion: v1 kind: Secret metadata: @@ -9,4 +10,5 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} type: Opaque data: - sessionkey: {{ ( default ( randAlphaNum 32 ) .Values.gangway.sessionKey ) | b64enc | quote }} \ No newline at end of file + sessionkey: {{ ( default ( randAlphaNum 32 ) .Values.gangway.sessionKey ) | b64enc | quote }} +{{- end -}} \ No newline at end of file diff --git a/stable/gangway/values.yaml b/stable/gangway/values.yaml index 094443587579..063800d33c4f 100644 --- a/stable/gangway/values.yaml +++ b/stable/gangway/values.yaml @@ -19,6 +19,12 @@ fullnameOverride: "" # ... # -----END CERTIFICATE----- +# Add Env Variables to pod +env: {} + +# Add annotations to the pod +podAnnotations: {} + gangway: # The address to listen on. Defaults to 0.0.0.0 to listen on all interfaces. # Env var: GANGWAY_HOST