add template env update

solo-io · Jun 25, 2024 · bdf9ed0 · bdf9ed0
1 parent 8697ae4
commit bdf9ed0
Show file tree

Hide file tree

Showing 8 changed files with 84 additions and 49 deletions.
diff --git a/changelog/v0.34.14/env-template-sources.yaml b/changelog/v0.34.14/env-template-sources.yaml
@@ -0,0 +1,6 @@
+changelog:
+  - type: NON_USER_FACING
+    issueLink: 
+    description: >
+      ""
+    skipCI: "false"
diff --git a/changelog/v0.34.14/v0.34.x-env-priority.yaml b/changelog/v0.34.14/v0.34.x-env-priority.yaml
diff --git a/ci/oss_compliance/osa_provided.md b/ci/oss_compliance/osa_provided.md
@@ -52,7 +52,7 @@ Name|Version|License
 [config/v1alpha1](https://k8s.io/component-base/config/v1alpha1)|v0.27.3|Apache License 2.0
 [v2/internal](https://k8s.io/klog/v2/internal)|v2.90.1|Apache License 2.0
 [kube-openapi/pkg](https://k8s.io/kube-openapi/pkg)|v0.0.0-20230501164219-8b0f38b5fd1f|Apache License 2.0
-[k8s.io/utils](https://k8s.io/utils)|v0.0.0-20230209194617-a36077c30491|Apache License 2.0
+[k8s.io/utils](https://k8s.io/utils)|v0.0.0-20240502163921-fe8a2dddb1d0|Apache License 2.0
 [controller-runtime/pkg](https://sigs.k8s.io/controller-runtime/pkg)|v0.15.0|Apache License 2.0
 [encoding/json](https://sigs.k8s.io/json/internal/golang/encoding/json)|v0.0.0-20221116044647-bc3834ca7abd|Apache License 2.0
 [structured-merge-diff/v4](https://sigs.k8s.io/structured-merge-diff/v4)|v4.2.3|Apache License 2.0

diff --git a/codegen/cmd_test.go b/codegen/cmd_test.go
@@ -10,27 +10,26 @@ import (
 	"reflect"
 	"strings"
 
-	goyaml "gopkg.in/yaml.v3"
-	rbacv1 "k8s.io/api/rbac/v1"
-	v12 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	"k8s.io/utils/pointer"
-
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	. "github.com/solo-io/skv2/codegen"
-	"github.com/solo-io/skv2/codegen/model"
-	. "github.com/solo-io/skv2/codegen/model"
-	"github.com/solo-io/skv2/codegen/skv2_anyvendor"
-	"github.com/solo-io/skv2/codegen/util"
-	"github.com/solo-io/skv2/contrib"
+	goyaml "gopkg.in/yaml.v3"
 	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	v12 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	kubeyaml "k8s.io/apimachinery/pkg/util/yaml"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/yaml"
+
+	. "github.com/solo-io/skv2/codegen"
+	. "github.com/solo-io/skv2/codegen/model"
+	"github.com/solo-io/skv2/codegen/skv2_anyvendor"
+	"github.com/solo-io/skv2/codegen/util"
+	"github.com/solo-io/skv2/contrib"
 )
 
 var _ = Describe("Cmd", func() {
@@ -171,6 +170,30 @@ var _ = Describe("Cmd", func() {
 									Repository: "gloo-mesh-mgmt-server",
 									Tag:        "0.0.1",
 								},
+								TemplateEnvVars: []TemplateEnvVar{
+									{
+										Name: "USERNAME",
+										ValueFrom: v1.EnvVarSource{
+											SecretKeyRef: &v1.SecretKeySelector{
+												LocalObjectReference: v1.LocalObjectReference{
+													Name: "{{ $.Values.someSecret }}",
+												},
+												Key: "{{ $.Values.usernameKey }}",
+											},
+										},
+									},
+									{
+										Name: "PASSWORD",
+										ValueFrom: v1.EnvVarSource{
+											ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+												LocalObjectReference: v1.LocalObjectReference{
+													Name: "{{ $.Values.someConfigMap }}",
+												},
+												Key: "{{ $.Values.passwordKey }}",
+											},
+										},
+									},
+								},
 								ContainerPorts: []ContainerPort{{
 									Name: "stats",
 									Port: "{{ $Values.glooMgmtServer.statsPort }}",
@@ -215,6 +238,11 @@ var _ = Describe("Cmd", func() {
 		Expect(deployment).To(ContainSubstring("name: agent-volume"))
 		Expect(deployment).To(ContainSubstring(`{{ index $glooAgent "ports" "grpc" }}`))
 		Expect(deployment).To(ContainSubstring("{{ $Values.glooMgmtServer.statsPort }}"))
+
+		Expect(deployment).To(ContainSubstring("{{ $.Values.usernameKey }}"))
+		Expect(deployment).To(ContainSubstring("{{ $.Values.passwordKey }}"))
+		Expect(deployment).To(ContainSubstring("{{ $.Values.someSecret }}"))
+		Expect(deployment).To(ContainSubstring("{{ $.Values.someConfigMap }}"))
 	})
 	It("generates conditional crds", func() {
 		cmd := &Command{
@@ -834,13 +862,11 @@ var _ = Describe("Cmd", func() {
 			}
 			Expect(renderedDeployment).NotTo(BeNil())
 
-			pointerBool := func(b bool) *bool { return &b }
-			pointerInt64 := func(i int64) *int64 { return &i }
 			defaultSecurityContext := v1.SecurityContext{
-				RunAsNonRoot:             pointerBool(true),
-				RunAsUser:                pointerInt64(10101),
-				ReadOnlyRootFilesystem:   pointerBool(true),
-				AllowPrivilegeEscalation: pointerBool(false),
+				RunAsNonRoot:             ptr.To(true),
+				RunAsUser:                ptr.To[int64](10101),
+				ReadOnlyRootFilesystem:   ptr.To(true),
+				AllowPrivilegeEscalation: ptr.To(false),
 				Capabilities: &v1.Capabilities{
 					Drop: []v1.Capability{"ALL"},
 				},
@@ -860,8 +886,8 @@ var _ = Describe("Cmd", func() {
 		Entry("renders empty map for container security context when set as false via helm cli", nil, true),
 		Entry("overrides container security context with empty map", &v1.SecurityContext{}, false),
 		Entry("overrides container security context", &v1.SecurityContext{
-			RunAsNonRoot: func(b bool) *bool { return &b }(true),
-			RunAsUser:    func(i int64) *int64 { return &i }(20202),
+			RunAsNonRoot: ptr.To(true),
+			RunAsUser:    ptr.To[int64](20202),
 		}, false),
 	)
 
@@ -1986,7 +2012,7 @@ roleRef:
 	)
 
 	DescribeTable("rendering conditional deployment strategy",
-		func(values map[string]any, conditionalStrategy []model.ConditionalStrategy, expectedStrategy appsv1.DeploymentStrategy) {
+		func(values map[string]any, conditionalStrategy []ConditionalStrategy, expectedStrategy appsv1.DeploymentStrategy) {
 			cmd := &Command{
 				Chart: &Chart{
 					Operators: []Operator{
@@ -2057,7 +2083,7 @@ roleRef:
 		),
 		Entry("when the condition is true",
 			map[string]any{"enabled": true, "condition": true},
-			[]model.ConditionalStrategy{
+			[]ConditionalStrategy{
 				{
 					Condition: "$.Values.painter.condition",
 					Strategy: appsv1.DeploymentStrategy{
@@ -2077,7 +2103,7 @@ roleRef:
 		),
 		Entry("when the condition is false",
 			map[string]any{"enabled": true, "condition": false},
-			[]model.ConditionalStrategy{
+			[]ConditionalStrategy{
 				{
 					Condition: "$.Values.painter.condition",
 					Strategy: appsv1.DeploymentStrategy{
@@ -2172,23 +2198,23 @@ roleRef:
 			map[string]interface{}{"fsGroup": 1000},
 			nil,
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1000),
+				FSGroup: ptr.To[int64](1000),
 			}),
 		Entry("when PodSecurityContext is defined only in the operator",
 			nil,
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1000),
+				FSGroup: ptr.To[int64](1000),
 			},
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1000),
+				FSGroup: ptr.To[int64](1000),
 			}),
 		Entry("when PodSecurityContext is defined in both values and the operator",
 			map[string]interface{}{"fsGroup": 1024},
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1000),
+				FSGroup: ptr.To[int64](1000),
 			},
 			&v1.PodSecurityContext{
-				FSGroup: pointer.Int64(1024), // should override the value defined in the operator
+				FSGroup: ptr.To[int64](1024), // should override the value defined in the operator
 			}),
 	)
 
@@ -2378,7 +2404,7 @@ roleRef:
 		})
 
 		DescribeTable("validation",
-			func(values map[string]string, defaultVolumes []v1.Volume, conditionalVolumes []model.ConditionalVolume, expected []v1.Volume) {
+			func(values map[string]string, defaultVolumes []v1.Volume, conditionalVolumes []ConditionalVolume, expected []v1.Volume) {
 				cmd := &Command{
 					Chart: &Chart{
 						Operators: []Operator{
@@ -2471,7 +2497,7 @@ roleRef:
 					"condition": "true",
 				},
 				nil,
-				[]model.ConditionalVolume{
+				[]ConditionalVolume{
 					{
 						Condition: "$.Values.painter.condition",
 						Volume: v1.Volume{
@@ -2490,7 +2516,7 @@ roleRef:
 					"condition": "true",
 				},
 				nil,
-				[]model.ConditionalVolume{
+				[]ConditionalVolume{
 					{
 						Condition: "$.Values.painter.invalidCondition",
 						Volume: v1.Volume{
@@ -2509,7 +2535,7 @@ roleRef:
 						Name: "vol-1",
 					},
 				},
-				[]model.ConditionalVolume{
+				[]ConditionalVolume{
 					{
 						Condition: "$.Values.painter.condition",
 						Volume: v1.Volume{
@@ -2541,7 +2567,7 @@ roleRef:
 		})
 
 		DescribeTable("validation",
-			func(values map[string]string, defaultMounts []v1.VolumeMount, conditionalMounts []model.ConditionalVolumeMount, expected []v1.VolumeMount) {
+			func(values map[string]string, defaultMounts []v1.VolumeMount, conditionalMounts []ConditionalVolumeMount, expected []v1.VolumeMount) {
 				cmd := &Command{
 					Chart: &Chart{
 						Operators: []Operator{
@@ -2636,7 +2662,7 @@ roleRef:
 					"condition": "true",
 				},
 				nil,
-				[]model.ConditionalVolumeMount{
+				[]ConditionalVolumeMount{
 					{
 						Condition: "$.Values.painter.condition",
 						VolumeMount: v1.VolumeMount{
@@ -2655,7 +2681,7 @@ roleRef:
 					"condition": "true",
 				},
 				nil,
-				[]model.ConditionalVolumeMount{
+				[]ConditionalVolumeMount{
 					{
 						Condition: "$.Values.painter.invalidCondition",
 						VolumeMount: v1.VolumeMount{
@@ -2674,7 +2700,7 @@ roleRef:
 						Name: "vol-1",
 					},
 				},
-				[]model.ConditionalVolumeMount{
+				[]ConditionalVolumeMount{
 					{
 						Condition: "$.Values.painter.condition",
 						VolumeMount: v1.VolumeMount{

diff --git a/codegen/model/chart.go b/codegen/model/chart.go
@@ -173,6 +173,9 @@ type TemplateEnvVar struct {
 	// Helm value
 	// E.g. {{ .Values.foo.bar }}
 	Value string
+
+	//
+	ValueFrom corev1.EnvVarSource
 }
 
 type ContainerPort struct {

diff --git a/codegen/test/chart/conditional-sidecar/templates/deployment.yaml b/codegen/test/chart/conditional-sidecar/templates/deployment.yaml
@@ -55,9 +55,17 @@ spec:
         ports:
         - name: stats
           containerPort: {{ $Values.glooMgmtServer.statsPort }}
-  {{- if or $glooMgmtServer.env $glooMgmtServer.extraEnvs }}
         env:
-  {{- end }}
+          - name: USERNAME
+            valueFrom: 
+              secretKeyRef:
+                key: '{{ $.Values.usernameKey }}'
+                name: '{{ $.Values.someSecret }}'
+          - name: PASSWORD
+            valueFrom: 
+              configMapKeyRef:
+                key: '{{ $.Values.passwordKey }}'
+                name: '{{ $.Values.someConfigMap }}'
 {{- if $glooMgmtServer.env }}
 {{- toYaml $glooMgmtServer.env | nindent 10 }}
 {{- end }}

diff --git a/go.mod b/go.mod
@@ -53,7 +53,7 @@ require (
 	k8s.io/client-go v0.27.3
 	k8s.io/code-generator v0.27.3
 	k8s.io/klog/v2 v2.90.1
-	k8s.io/utils v0.0.0-20230209194617-a36077c30491
+	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0
 	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/yaml v1.3.0
 )

diff --git a/go.sum b/go.sum
@@ -1333,8 +1333,8 @@ k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/metrics v0.18.0/go.mod h1:8aYTW18koXqjLVKL7Ds05RPMX9ipJZI3mywYvBOxXd4=
 k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20200603063816-c1c6865ac451/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
-k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak=
+k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/letsencrypt v0.0.1/go.mod h1:buyQKZ6IXrRnB7TdkHP0RyEybLx18HHyOSoTyoOLqNY=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=