task: Make proxy chart accept keys from secrets (#65)

In addition this extends the chart to also accept environment variables in a list as well as building environment variables from existing secrets.
Unleash · Feb 14, 2023 · e979fee · e979fee
1 parent 44a70d6
commit e979fee
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 4 deletions.
diff --git a/charts/unleash-proxy/Chart.yaml b/charts/unleash-proxy/Chart.yaml
@@ -15,12 +15,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.1
+version: 0.2.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.11.7"
+appVersion: "v0.13.1"
 maintainers:
   - name: nkz-soft
diff --git a/charts/unleash-proxy/examples/addingExistingSecrets.yaml b/charts/unleash-proxy/examples/addingExistingSecrets.yaml
@@ -0,0 +1,23 @@
+# Adds environment variables
+env: 
+  - name: LOG_LEVEL
+    value: info
+
+# adds environmentvars for existing secrets to the container via tpl function
+existingSecrets:
+  - name: UNLEASH_SECRET_VALUE
+    valueFrom:
+      secretKeyRef:
+        name: mysecret
+        key: unleash
+
+proxy:
+  serverHost: http://unleash:4242/api
+  apiTokenSecret:
+    enabled: true
+    name: unleash-proxy-secret
+    key: apiToken
+  clientKeysSecret:
+    enabled: true
+    name: unleash-proxy-secret
+    key: clientKeys
diff --git a/charts/unleash-proxy/examples/withApiAndClientKeySecrets.yaml b/charts/unleash-proxy/examples/withApiAndClientKeySecrets.yaml
@@ -0,0 +1,11 @@
+proxy:
+  serverHost: http://unleash:4242/api
+  # Options
+  apiTokenSecret:
+    enabled: true
+    name: unleash-proxy-secret
+    key: apiToken
+  clientKeysSecret:
+    enabled: true
+    name: unleash-proxy-secret
+    key: clientKeys
diff --git a/charts/unleash-proxy/templates/deployment.yaml b/charts/unleash-proxy/templates/deployment.yaml
@@ -30,12 +30,28 @@ spec:
       containers:
         - name: {{ .Chart.Name }}
           env:
-            - name: UNLEASH_URL
-              value: "{{ .Values.proxy.serverHost }}"
+            {{- if .Values.proxy.apiTokenSecret.enabled }}
+            - name: UNLEASH_API_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.proxy.apiTokenSecret.name }}"
+                  key: "{{ .Values.proxy.apiTokenSecret.key }}"
+            {{ else }}
             - name: UNLEASH_API_TOKEN
               value: "{{ .Values.proxy.apiToken }}"
+            {{- end }}            
+            {{- if .Values.proxy.clientKeysSecret.enabled }}
+            - name: UNLEASH_PROXY_CLIENT_KEYS
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.proxy.clientKeysSecret.name }}"
+                  key: "{{ .Values.proxy.clientKeysSecret.key }}"
+            {{ else }}
             - name: UNLEASH_PROXY_CLIENT_KEYS
               value: "{{ join "," .Values.proxy.clientKeys }}"
+            {{- end }}
+            - name: UNLEASH_URL
+              value: "{{ .Values.proxy.serverHost }}"
            {{- if .Values.proxy.logLevel }}
             - name: LOG_LEVEL
               value: "{{ .Values.proxy.logLevel }}"
@@ -52,6 +68,13 @@ spec:
             - name: UNLEASH_INSTANCE_ID
               value: "{{ .Values.proxy.unleash_instance_id }}"
            {{- end }}
+           {{- if .Values.existingSecrets }}
+             {{- toYaml .Values.existingSecrets | nindent 12 }}
+           {{- end }}
+           {{- if .Values.env }}
+            {{- toYaml .Values.env | nindent 12 }}
+           {{- end }}
+
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"

diff --git a/charts/unleash-proxy/values.yaml b/charts/unleash-proxy/values.yaml
@@ -81,6 +81,20 @@ tolerations: []
 
 affinity: {}
 
+# Adds environment variables
+env: []
+#  - name: LOG_LEVEL
+#    value: info
+
+# adds environmentvars for existing secrets to the container via tpl function
+existingSecrets:
+  ""
+  # - name: UNLEASH_API_TOKEN
+  #   valueFrom:
+  #     secretKeyRef:
+  #       name: secretname
+  #       key: secretkey
+
 proxy:
   serverHost: http://unleash:4242/api
   apiToken: "default:development.unleash-insecure-api-token"
@@ -91,3 +105,11 @@ proxy:
   unleashAppName: ""
   environment: ""
   unleash_instance_id: ""
+  apiTokenSecret:
+    enabled: false
+    name: unleash-proxy-secret
+    key: apiToken
+  clientKeysSecret:
+    enabled: false
+    name: unleash-proxy-secret
+    key: clientKeys