fleetdm
Adding a way to the Helm charts to set envrironment variables from Secrets
Problem
Currently, one can add arbitrary environment variables to fleet's k8s deployment through the Helm charts by using https://github.com/fleetdm/fleet/blob/fc2afeb13332412af9c0c28fc21293f1a1e857c0/charts/fleet/values.yaml#L202
Problem is that there is currently no a way to add values from secrets for potentially sensitive data. For deployments that are stored in a git repo is this especially problematic.
Potential solutions
Add a similar section to the environments to the values file called envsFrom or something looking as follows:
envsFrom:
- name: MY_ENV_NAME_1
valueFrom:
configMapKeyRef:
name: game-demo
key: ui_properties_file_name
- name: MYS_ENV_NAME_2
valueFrom:
secretKeyRef:
name: game-demo
key: ui_properties_file_name
In the deployment template somewhere here https://github.com/fleetdm/fleet/blob/152edb838bd0b317a62446c5161686cf7a3b3eb4/charts/fleet/templates/deployment.yaml#L270 add something like the following:
# WARNING: ChatGPT produced garbage
envFrom:
{{- range .Values.envsFrom }}
- name: {{ .name }}
valueFrom:
{{- if .valueFrom.configMapKeyRef }}
configMapKeyRef:
name: {{ .valueFrom.configMapKeyRef.name }}
key: {{ .valueFrom.configMapKeyRef.key }}
{{- else if .valueFrom.secretKeyRef }}
secretKeyRef:
name: {{ .valueFrom.secretKeyRef.name }}
key: {{ .valueFrom.secretKeyRef.key }}
{{- end }}
{{- end }}
Hey @alirezaghey, thanks for the feedback and suggestion.
Please feel free to open a pull request (PR) to the Helm charts!
cc @georgekarrv
Secrets now concealed, In Helm charts, safe and sealed, The code's strength revealed.
