support secret/configmap sources for templated env vars

solo-io · May 22, 2024 · 5373957 · 5373957
1 parent 3e58001
commit 5373957
Show file tree

Hide file tree

Showing 6 changed files with 91 additions and 42 deletions.
diff --git a/changelog/v0.39.1/env-template-sources.yaml b/changelog/v0.39.1/env-template-sources.yaml
@@ -0,0 +1,6 @@
+changelog:
+  - type: FIX
+    issueLink: https://github.com/solo-io/skv2/issues/565
+    description: >
+      Add support for other sources in templated env vars field.
+    skipCI: "false"
diff --git a/codegen/cmd_test.go b/codegen/cmd_test.go
@@ -10,27 +10,26 @@ import (
 	"reflect"
 	"strings"
 
-	goyaml "gopkg.in/yaml.v3"
-	rbacv1 "k8s.io/api/rbac/v1"
-	v12 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	"k8s.io/utils/pointer"
-
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	. "github.com/solo-io/skv2/codegen"
-	"github.com/solo-io/skv2/codegen/model"
-	. "github.com/solo-io/skv2/codegen/model"
-	"github.com/solo-io/skv2/codegen/skv2_anyvendor"
-	"github.com/solo-io/skv2/codegen/util"
-	"github.com/solo-io/skv2/contrib"
+	goyaml "gopkg.in/yaml.v3"
 	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	v12 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	kubeyaml "k8s.io/apimachinery/pkg/util/yaml"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/yaml"
+
+	. "github.com/solo-io/skv2/codegen"
+	. "github.com/solo-io/skv2/codegen/model"
+	"github.com/solo-io/skv2/codegen/skv2_anyvendor"
+	"github.com/solo-io/skv2/codegen/util"
+	"github.com/solo-io/skv2/contrib"
 )
 
 var _ = Describe("Cmd", func() {
@@ -111,6 +110,30 @@ var _ = Describe("Cmd", func() {
 									Repository: "gloo-mesh-mgmt-server",
 									Tag:        "0.0.1",
 								},
+								TemplateEnvVars: []TemplateEnvVar{
+									{
+										Name: "USERNAME",
+										ValueFrom: v1.EnvVarSource{
+											SecretKeyRef: &v1.SecretKeySelector{
+												LocalObjectReference: v1.LocalObjectReference{
+													Name: "{{ $.Values.someSecret }}",
+												},
+												Key: "{{ $.Values.usernameKey }}",
+											},
+										},
+									},
+									{
+										Name: "PASSWORD",
+										ValueFrom: v1.EnvVarSource{
+											ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+												LocalObjectReference: v1.LocalObjectReference{
+													Name: "{{ $.Values.someConfigMap }}",
+												},
+												Key: "{{ $.Values.passwordKey }}",
+											},
+										},
+									},
+								},
 								ContainerPorts: []ContainerPort{{
 									Name: "stats",
 									Port: "{{ $Values.glooMgmtServer.statsPort }}",
@@ -155,6 +178,11 @@ var _ = Describe("Cmd", func() {
 		Expect(deployment).To(ContainSubstring("name: agent-volume"))
 		Expect(deployment).To(ContainSubstring(`{{ index $glooAgent "ports" "grpc" }}`))
 		Expect(deployment).To(ContainSubstring("{{ $Values.glooMgmtServer.statsPort }}"))
+
+		Expect(deployment).To(ContainSubstring("{{ $.Values.usernameKey }}"))
+		Expect(deployment).To(ContainSubstring("{{ $.Values.passwordKey }}"))
+		Expect(deployment).To(ContainSubstring("{{ $.Values.someSecret }}"))
+		Expect(deployment).To(ContainSubstring("{{ $.Values.someConfigMap }}"))
 	})
 	It("generates conditional crds", func() {
 		cmd := &Command{
@@ -772,13 +800,11 @@ var _ = Describe("Cmd", func() {
 			}
 			Expect(renderedDeployment).NotTo(BeNil())
 
-			pointerBool := func(b bool) *bool { return &b }
-			pointerInt64 := func(i int64) *int64 { return &i }
 			defaultSecurityContext := v1.SecurityContext{
-				RunAsNonRoot:             pointerBool(true),
-				RunAsUser:                pointerInt64(10101),
-				ReadOnlyRootFilesystem:   pointerBool(true),
-				AllowPrivilegeEscalation: pointerBool(false),
+				RunAsNonRoot:             ptr.To(true),
+				RunAsUser:                ptr.To[int64](10101),
+				ReadOnlyRootFilesystem:   ptr.To(true),
+				AllowPrivilegeEscalation: ptr.To(false),
 				Capabilities: &v1.Capabilities{
 					Drop: []v1.Capability{"ALL"},
 				},
@@ -798,8 +824,8 @@ var _ = Describe("Cmd", func() {
 		Entry("renders empty map for container security context when set as false via helm cli", nil, true),
 		Entry("overrides container security context with empty map", &v1.SecurityContext{}, false),
 		Entry("overrides container security context", &v1.SecurityContext{
-			RunAsNonRoot: func(b bool) *bool { return &b }(true),
-			RunAsUser:    func(i int64) *int64 { return &i }(20202),
+			RunAsNonRoot: ptr.To(true),
+			RunAsUser:    ptr.To[int64](20202),
 		}, false),
 	)
 
@@ -1928,7 +1954,7 @@ roleRef:
 	)
 
 	DescribeTable("rendering conditional deployment strategy",
-		func(values map[string]any, conditionalStrategy []model.ConditionalStrategy, expectedStrategy appsv1.DeploymentStrategy) {
+		func(values map[string]any, conditionalStrategy []ConditionalStrategy, expectedStrategy appsv1.DeploymentStrategy) {
 			cmd := &Command{
 				Chart: &Chart{
 					Operators: []Operator{
@@ -1999,7 +2025,7 @@ roleRef:
 		),
 		Entry("when the condition is true",
 			map[string]any{"enabled": true, "condition": true},
-			[]model.ConditionalStrategy{
+			[]ConditionalStrategy{
 				{
 					Condition: "$.Values.painter.condition",
 					Strategy: appsv1.DeploymentStrategy{
@@ -2019,7 +2045,7 @@ roleRef:
 		),
 		Entry("when the condition is false",
 			map[string]any{"enabled": true, "condition": false},
-			[]model.ConditionalStrategy{
+			[]ConditionalStrategy{
 				{
 					Condition: "$.Values.painter.condition",
 					Strategy: appsv1.DeploymentStrategy{
@@ -2114,23 +2140,23 @@ roleRef:
 			map[string]interface{}{"fsGroup": 1000},
 			nil,
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1000),
+				FSGroup: ptr.To[int64](1000),
 			}),
 		Entry("when PodSecurityContext is defined only in the operator",
 			nil,
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1000),
+				FSGroup: ptr.To[int64](1000),
 			},
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1000),
+				FSGroup: ptr.To[int64](1000),
 			}),
 		Entry("when PodSecurityContext is defined in both values and the operator",
 			map[string]interface{}{"fsGroup": 1024},
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1000),
+				FSGroup: ptr.To[int64](1000),
 			},
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1024), // should override the value defined in the operator
+				FSGroup: ptr.To[int64](1024), // should override the value defined in the operator
 			}),
 	)
 
@@ -2318,7 +2344,7 @@ roleRef:
 		})
 
 		DescribeTable("validation",
-			func(values map[string]any, defaultVolumes []v1.Volume, conditionalVolumes []model.ConditionalVolume, expected []v1.Volume) {
+			func(values map[string]any, defaultVolumes []v1.Volume, conditionalVolumes []ConditionalVolume, expected []v1.Volume) {
 				cmd := &Command{
 					Chart: &Chart{
 						Operators: []Operator{
@@ -2412,7 +2438,7 @@ roleRef:
 					"condition": "true",
 				},
 				nil,
-				[]model.ConditionalVolume{
+				[]ConditionalVolume{
 					{
 						Condition: "$.Values.painter.condition",
 						Volume: v1.Volume{
@@ -2432,7 +2458,7 @@ roleRef:
 					"condition": "true",
 				},
 				nil,
-				[]model.ConditionalVolume{
+				[]ConditionalVolume{
 					{
 						Condition: "$.Values.painter.invalidCondition",
 						Volume: v1.Volume{
@@ -2452,7 +2478,7 @@ roleRef:
 						Name: "vol-1",
 					},
 				},
-				[]model.ConditionalVolume{
+				[]ConditionalVolume{
 					{
 						Condition: "$.Values.painter.condition",
 						Volume: v1.Volume{
@@ -2484,7 +2510,7 @@ roleRef:
 		})
 
 		DescribeTable("validation",
-			func(values map[string]any, defaultMounts []v1.VolumeMount, conditionalMounts []model.ConditionalVolumeMount, expected []v1.VolumeMount) {
+			func(values map[string]any, defaultMounts []v1.VolumeMount, conditionalMounts []ConditionalVolumeMount, expected []v1.VolumeMount) {
 				cmd := &Command{
 					Chart: &Chart{
 						Operators: []Operator{
@@ -2580,7 +2606,7 @@ roleRef:
 					"condition": "true",
 				},
 				nil,
-				[]model.ConditionalVolumeMount{
+				[]ConditionalVolumeMount{
 					{
 						Condition: "$.Values.painter.condition",
 						VolumeMount: v1.VolumeMount{
@@ -2600,7 +2626,7 @@ roleRef:
 					"condition": "true",
 				},
 				nil,
-				[]model.ConditionalVolumeMount{
+				[]ConditionalVolumeMount{
 					{
 						Condition: "$.Values.painter.invalidCondition",
 						VolumeMount: v1.VolumeMount{
@@ -2620,7 +2646,7 @@ roleRef:
 						Name: "vol-1",
 					},
 				},
-				[]model.ConditionalVolumeMount{
+				[]ConditionalVolumeMount{
 					{
 						Condition: "$.Values.painter.condition",
 						VolumeMount: v1.VolumeMount{

diff --git a/codegen/model/chart.go b/codegen/model/chart.go
@@ -173,6 +173,9 @@ type TemplateEnvVar struct {
 	// Helm value
 	// E.g. {{ .Values.foo.bar }}
 	Value string
+
+	//
+	ValueFrom corev1.EnvVarSource
 }
 
 type ContainerPort struct {

diff --git a/codegen/templates/chart/operator-deployment.yamltmpl b/codegen/templates/chart/operator-deployment.yamltmpl
@@ -147,12 +147,17 @@ spec:
 [[- if $f.Condition ]]
 {{- if [[ $f.Condition ]] }}
 [[- end]]
+          [[- if $f.Value ]]
           - name: [[ $f.Name ]]
             value: [[ $f.Value ]]
+          [[- else if $f.ValueFrom ]]
+          - name: [[ $f.Name ]]
+            valueFrom: [[ $f.ValueFrom | toYaml | nindent 14 ]]
+          [[- end ]]
 [[- if $f.Condition ]]
 {{- end }}
-[[- end]]
-[[- end ]]
+[[- end ]] [[/* end Condition */]]
+[[- end ]] [[/* end TemplateEnvVars */]]
 {{- else if [[ $containerVar ]].extraEnvs }}
         env:
 {{- end }}

diff --git a/codegen/test/api/things.test.io/v1/test_api.pb.go b/codegen/test/api/things.test.io/v1/test_api.pb.go
diff --git a/codegen/test/chart/conditional-sidecar/templates/deployment.yaml b/codegen/test/chart/conditional-sidecar/templates/deployment.yaml
@@ -58,6 +58,16 @@ spec:
 {{- if $glooMgmtServer.env }}
         env:
 {{ toYaml $glooMgmtServer.env | indent 10 }}
+          - name: USERNAME
+            valueFrom: 
+              secretKeyRef:
+                key: '{{ $.Values.usernameKey }}'
+                name: '{{ $.Values.someSecret }}' 
+          - name: PASSWORD
+            valueFrom: 
+              configMapKeyRef:
+                key: '{{ $.Values.passwordKey }}'
+                name: '{{ $.Values.someConfigMap }}'  
 {{- else if $glooMgmtServer.extraEnvs }}
         env:
 {{- end }}
@@ -107,7 +117,7 @@ spec:
         imagePullPolicy: {{ $glooAgentImage.pullPolicy }}
 {{- if $glooAgent.env }}
         env:
-{{ toYaml $glooAgent.env | indent 10 }}
+{{ toYaml $glooAgent.env | indent 10 }} 
 {{- else if $glooAgent.extraEnvs }}
         env:
 {{- end }}
@@ -279,7 +289,7 @@ spec:
         imagePullPolicy: {{ $glooAgentImage.pullPolicy }}
 {{- if $glooAgent.env }}
         env:
-{{ toYaml $glooAgent.env | indent 10 }}
+{{ toYaml $glooAgent.env | indent 10 }} 
 {{- else if $glooAgent.extraEnvs }}
         env:
 {{- end }}