rrGitServer: accept blob-storage env vars from .Values.env#307
Conversation
validateBlobStorage only scanned environmentVariables and environmentSecrets for RR_BLOB_STORAGE_PROVIDER / RR_DEFAULT_*, so deployments that configure those via the .Values.env map had to duplicate them into environmentVariables to satisfy the check. Range over .Values.env (keyed by var name) as well, and mention env in the doc comment and failure message. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ryanartecona
left a comment
ryanartecona
left a comment
There was a problem hiding this comment.
technically env vars can also come from envFrom, i.e. if you have a secret or configmap that you just want to splat all the keys/values in there into env vars on the backend pods. I don't think we can detect at template time at all in that case, but it might be prudent to also add an explicit disable for this sanity check in that case where it needs to be overridden.
The blob-storage guard can only inspect blobStorage / env / environmentVariables / environmentSecrets at template time. Env vars injected via envFrom (a Secret/ConfigMap splat) are invisible to it, so a valid configuration that supplies RR_BLOB_STORAGE_PROVIDER / RR_DEFAULT_* that way would fail the check with no way out. Add rrGitServer.skipBlobStorageValidation (default false) to bypass the check entirely, and point at it from the failure message. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
good call, added a skip |
2 participants
Part of the r2-cleanup integration branch (merges into
r2-cleanup, thenr2via #303).Problem
retool.rrGitServer.validateBlobStorageonly scanned.Values.environmentVariablesand.Values.environmentSecretsforRR_BLOB_STORAGE_PROVIDER/RR_DEFAULT_*. Deployments that set those via the.Values.envmap were forced to duplicate theRR_*vars intoenvironmentVariablesjust to pass the check. And env vars supplied viaenvFrom(Secret/ConfigMap splat) are invisible at template time, so a valid setup using them had no way to satisfy the guard.Fix
.Values.env(keyed by var name) in the same opt-out check.rrGitServer.skipBlobStorageValidation(defaultfalse) as an explicit escape hatch for sources the chart cannot inspect at template time (e.g.envFrom). The failure message now points at this flag.Verification (
helm template, rrGitServer.enabled=true)env.RR_BLOB_STORAGE_PROVIDER=gcsenv.RR_DEFAULT_GCS_BUCKET=...skipBlobStorageValidation=true, nothing elseenv.SOME_OTHER=xrrGitServer.enabled=falseBoth values.yaml copies stay in sync;
helm lintpasses.🤖 Generated with Claude Code