Allow injection of env vars in any deployment#120
Allow injection of env vars in any deployment#120cognifloyd merged 6 commits intoStackStorm:masterfrom
Conversation
pull-request-size
bot
added
the
size/L
values.yaml
Outdated
| # TODO: Alternatively as part of reorganizing Helm values, consider moving values to existing `st2` and `st2web` sections ? (#14) | ||
| secrets: | ||
| st2: | ||
| st2chatops: |
There was a problem hiding this comment.
Any reason this is secrets.st2.st2chatops instead of secrets.st2chatops (i.e. why the nesting under st2)?
There was a problem hiding this comment.
Also, any reason not to put the secrets specific to st2chatops under st2chatops (and the same for all other services) instead of aggregating all secrets to a central place?
i.e. instead of
secrets:
st2:
st2chatops:
foo: bar
do
st2chatops:
secrets:
foo: bar
?
There was a problem hiding this comment.
Any reason this is
secrets.st2.st2chatopsinstead ofsecrets.st2chatops(i.e. why the nesting underst2)?
For this part, no particular reason, it's true that it's a bit too verbose.
Also, any reason not to put the secrets specific to st2chatops under st2chatops (and the same for all other services) instead of aggregating all secrets to a central place?
See issue #14 :)
There was a problem hiding this comment.
Makes sense. I think it'd be preferable to spread the secrets out into their respective services, but we can tackle that when we tackle #14
Thanks!
There was a problem hiding this comment.
I agree that secrets.st2.st2chatops looks too verbose and even counter-intuitive.
This also raises some inconsistencies in the context of #119 discussion. I'm thinking about exploring the alternatives for the Helm values definition.
mickmcgrath13
left a comment
mickmcgrath13
left a comment
There was a problem hiding this comment.
The changes look good to me. I haven't tested them, though..
values.yaml
Outdated
| # TODO: Alternatively as part of reorganizing Helm values, consider moving values to existing `st2` and `st2web` sections ? (#14) | ||
| secrets: | ||
| st2: | ||
| st2chatops: |
There was a problem hiding this comment.
I agree that secrets.st2.st2chatops looks too verbose and even counter-intuitive.
This also raises some inconsistencies in the context of #119 discussion. I'm thinking about exploring the alternatives for the Helm values definition.
templates/secrets_st2chatops.yaml
Outdated
| type: Opaque | ||
| data: | ||
| {{- range $env, $value := .Values.st2chatops.env }} | ||
| {{- range $env, $value := .Values.secrets.st2.st2chatops.env }} |
There was a problem hiding this comment.
I think there is at least an agreement about the 💯 need of raw ENV for every Pod and that's super helpful.
Can we keep raw ENV functionality in this PR to be able to merge it asap, but split the st2chatops secrets ENV enhancement into another PR?
| {{- if .Values.st2auth.env }} | ||
| env: | ||
| {{- range $env, $value := .Values.st2auth.env }} | ||
| - name: {{ $env | quote }} | ||
| value: {{ $value | quote }} | ||
| {{- end }} | ||
| {{- end }} |
There was a problem hiding this comment.
I think this could be extracted into a helper to avoid some repetition.
So, here it would have:
{{ include "custom-env" .Values.st2auth | indent 8 }}
And then the template would be:
{{- define "custom-env" -}}
{{- if .env }}
env:
{{- range $env, $value := .env }}
- name: {{ $env | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end -}}
| {{- if .env }} | ||
| env: | ||
| {{- range $env, $value := .env }} | ||
| - name: {{ $env | quote }} | ||
| value: {{ $value | quote }} | ||
| {{- end }} | ||
| {{- end }} |
There was a problem hiding this comment.
And the template here would just be:
{{ include "custom-env" . | indent 8 }}
templates/deployments.yaml
Outdated
| {{- range $env, $value := .Values.st2chatops.env }} | ||
| - name: {{ $env | quote }} | ||
| value: {{ $value | quote }} | ||
| {{- end }} |
There was a problem hiding this comment.
I think I would drop this, and leave the st2chatops env as is (in envFrom[1].secretRef below).
| {{- range $env, $value := .Values.st2chatops.env }} | |
| - name: {{ $env | quote }} | |
| value: {{ $value | quote }} | |
| {{- end }} |
templates/deployments.yaml
Outdated
| {{- range $env, $value := .Values.st2client.env }} | ||
| - name: {{ $env | quote }} | ||
| value: {{ $value | quote }} | ||
| {{- end }} |
There was a problem hiding this comment.
A couple of jobs also have an env: block already. So, we could split the template into two to accommodate this usage.
{{- define "custom-env-entries" -}}
{{- range $env, $value := .env }}
- name: {{ $env | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end -}}
{{- define "custom-env" -}}
{{- if .env }}
env:
{{ include "custom-env-entries" . }}
{{- end }}
{{- end -}}
Which would make this block be:
{{ include "custom-env-entries" .Values.st2client }}
| env: {} | ||
| # HTTP_PROXY: http://proxy:1234 |
There was a problem hiding this comment.
Nice. I like the commented example. 👍
pull-request-size
bot
added
size/M
|
I want to clear out old PRs by merging them if possible. I think a Changelog entry is the only thing left before merging this. @angrydeveloper what do you think of these changes? |
arm4b
left a comment
arm4b
left a comment
There was a problem hiding this comment.
The changes look really helpful! 👍
Thanks @cognifloyd. I think it's also OK to inject the changelog as well to merge it.
4 participants
This allows the user to inject any custom env variable in any deployment.
The need was the ability to configure a proxy so that
st2 pack installdoesn't fail when behind said proxy. The env variable needed to be injected in thest2actionrunnerdeployments.There is a BC break on
st2chatopsconfiguration, if secrets are provided, they need to be added tosecrets.st2.st2chatops.envinstead ofst2chatops.env.This should also closes #119 and partially solves #14.