From 6b3d40a9afa480e99f0774b2164766609cedd93e Mon Sep 17 00:00:00 2001
From: tunde <tunde@oteemo.com>
Date: Thu, 8 Apr 2021 17:20:13 +0000
Subject: [PATCH] Support environment variable value  from Secret

---
 CHANGELOG.md                    |  5 ++++
 chart/Chart.yaml                |  2 +-
 chart/templates/env-secret.yaml | 28 ++++++++++++++++++++
 chart/templates/mattermost.yaml | 45 ++++++++++++++++++++++++++-------
 chart/values.yaml               | 16 ++++++++++++
 5 files changed, 86 insertions(+), 10 deletions(-)
 create mode 100644 chart/templates/env-secret.yaml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf9a2b2..bdd2d90 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ---
 
+## [0.1.3-bb.0] - 2021-04-08
+### Added
+- Values passthroughs for secret env values
+- Moved all envs to a secret that chart creates
+
 ## [0.1.2-bb.0] - 2021-04-05
 ### Changed
 - Modified the way affinity is passed to simplify and standardize
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 3bf84af..797db35 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,7 +2,7 @@
 apiVersion: v2
 name: mattermost
 type: application
-version: "0.1.2-bb.0"
+version: "0.1.3-bb.0"
 appVersion: "5.32.1"
 description: "Deployment of mattermost"
 keywords: 
diff --git a/chart/templates/env-secret.yaml b/chart/templates/env-secret.yaml
new file mode 100644
index 0000000..792de57
--- /dev/null
+++ b/chart/templates/env-secret.yaml
@@ -0,0 +1,28 @@
+{{- if or .Values.mattermostEnvs .Values.sso.enabled .Values.minio.install }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mattermost-envs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{ include "mattermost.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "envs"
+  annotations:
+    "helm.sh/hook": "pre-install,pre-upgrade"
+type: Opaque
+stringData:
+  {{- if .Values.mattermostEnvs }}
+  {{ tpl (toYaml .Values.mattermostEnvs) . | nindent 2}}
+  {{- end }}
+  {{- if .Values.sso.enabled }}
+  MM_GITLABSETTINGS_ENABLE: "{{ .Values.sso.enabled }}"
+  MM_GITLABSETTINGS_ID: "{{ .Values.sso.client_id }}"
+  MM_GITLABSETTINGS_SECRET: "{{ .Values.sso.client_secret }}"
+  MM_GITLABSETTINGS_AUTHENDPOINT: "{{ .Values.sso.auth_endpoint }}"
+  MM_GITLABSETTINGS_TOKENENDPOINT: "{{ .Values.sso.token_endpoint }}"
+  MM_GITLABSETTINGS_USERAPIENDPOINT: "{{ .Values.sso.user_api_endpoint }}"
+  {{- end }}
+  {{- if .Values.minio.install }}
+  MM_FILESETTINGS_AMAZONS3SSL: "false"
+  {{- end }}
+{{- end }}
diff --git a/chart/templates/mattermost.yaml b/chart/templates/mattermost.yaml
index aeb23f6..d625eb4 100644
--- a/chart/templates/mattermost.yaml
+++ b/chart/templates/mattermost.yaml
@@ -24,29 +24,56 @@ spec:
   licenseSecret: "mattermost-license"
   {{- end }}
 
-  {{- if or .Values.mattermostEnvs .Values.sso.enabled .Values.minio.install }}
+  {{- if or .Values.mattermostEnvs .Values.sso.enabled .Values.minio.install .Values.existingSecretEnvs }}
   mattermostEnv:
   {{- range $k, $v := .Values.mattermostEnvs }}
   - name: {{ $k }}
-    value: {{ $v | quote }}
+    valueFrom:
+      secretKeyRef:
+        key: {{ $k }}
+        name: "mattermost-envs"
   {{- end }}
   {{- if .Values.sso.enabled }}
   - name: MM_GITLABSETTINGS_ENABLE
-    value: "{{ .Values.sso.enabled }}"
+    valueFrom:
+      secretKeyRef:
+        key: MM_GITLABSETTINGS_ENABLE
+        name: "mattermost-envs"
   - name: MM_GITLABSETTINGS_ID
-    value: "{{ .Values.sso.client_id }}"
+    valueFrom:
+      secretKeyRef:
+        key: MM_GITLABSETTINGS_ID
+        name: "mattermost-envs"
   - name: MM_GITLABSETTINGS_SECRET
-    value: "{{ .Values.sso.client_secret }}"
+    valueFrom:
+      secretKeyRef:
+        key: MM_GITLABSETTINGS_SECRET
+        name: "mattermost-envs"
   - name: MM_GITLABSETTINGS_AUTHENDPOINT
-    value: "{{ .Values.sso.auth_endpoint }}"
+    valueFrom:
+      secretKeyRef:
+        key: MM_GITLABSETTINGS_AUTHENDPOINT
+        name: "mattermost-envs"
   - name: MM_GITLABSETTINGS_TOKENENDPOINT
-    value: "{{ .Values.sso.token_endpoint }}"
+    valueFrom:
+      secretKeyRef:
+        key: MM_GITLABSETTINGS_TOKENENDPOINT
+        name: "mattermost-envs"
   - name: MM_GITLABSETTINGS_USERAPIENDPOINT
-    value: "{{ .Values.sso.user_api_endpoint }}"
+    valueFrom:
+      secretKeyRef:
+        key: MM_GITLABSETTINGS_USERAPIENDPOINT
+        name: "mattermost-envs"
   {{- end }}
   {{- if .Values.minio.install }}
   - name: MM_FILESETTINGS_AMAZONS3SSL
-    value: "false"
+    valueFrom:
+      secretKeyRef:
+        key: MM_FILESETTINGS_AMAZONS3SSL
+        name: "mattermost-envs"
+  {{- end }}
+  {{- range .Values.existingSecretEnvs }}
+  - {{ tpl (toYaml .) $ | nindent 4 }}
   {{- end }}
   {{- end }}
 
diff --git a/chart/values.yaml b/chart/values.yaml
index b84e400..10f87f4 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -77,7 +77,23 @@ affinity: {}
 nodeSelector: {}
   # node-type: mattermost
 
+# Any ENVs provided here get put into a `mattermost-envs` secret and pulled into the env
 mattermostEnvs: {}
+  # MM_ENV_NAME: "{{ .Values.users }}"
+  # ANOTHER_ENV_NAME: "anothervalue"
+
+# Use this to point to pull in ENV values from existing secrets
+existingSecretEnvs: {}
+  # - name: MM_SQLSETTINGS_DATASOURCEREPLICAS
+  #   valueFrom:
+  #     secretKeyRef:
+  #       key: READER_DB_CONNECTION_STRING
+  #       name: '{{ .Values.database.secret | default (printf "%s-dbcreds" (include "mattermost.fullname" .)) }}'
+  # - name: MM_ANOTHER_VAR
+  #   valueFrom:
+  #     secretKeyRef:
+  #       key: DB_CONNECTION_CHECK_URL
+  #       name: "mysecretname"
 
 minio:
   install: false
-- 
GitLab