-
-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: Secret Environment Variables #95
Feat: Secret Environment Variables #95
Conversation
# helm template verdaccio --set remoteAuthHeaders.foo=bar -s templates/secret.yaml -s templates/deployment.yaml ./charts/verdaccio
---
# Source: verdaccio/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: verdaccio
labels:
helm.sh/chart: verdaccio-4.8.0
app.kubernetes.io/name: verdaccio
app.kubernetes.io/instance: verdaccio
app.kubernetes.io/version: "5.5.0"
app.kubernetes.io/managed-by: Helm
app: verdaccio
stringData:
AUTH_FOO: bar
---
# Source: verdaccio/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: verdaccio
labels:
helm.sh/chart: verdaccio-4.8.0
app.kubernetes.io/name: verdaccio
app.kubernetes.io/instance: verdaccio
app.kubernetes.io/version: "5.5.0"
app.kubernetes.io/managed-by: Helm
app: verdaccio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: verdaccio
app.kubernetes.io/instance: verdaccio
[...]
containers:
- name: verdaccio
image: "verdaccio/verdaccio:5.2.0"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: verdaccio
ports:
- containerPort: 4873
name: http
[...] |
ba1c2e1
to
c6ba771
Compare
I'm keeping this as a WIP/Draft PR as I don't have a k8s cluster at hand to test that the environment variables are successfully injected into the pod. @juanpicado, does Verdaccio currently look for |
Nop |
Tested $ env | grep AUTH
AUTH_FOO=bar |
Seeing as you can specify an env variable for verdaccio to grab a token from (docs), I think I'm going to remove the Edit: Maybe change this from |
* Add optional `remoteAuthHeaders` value * Populating the value creates a Kubernetes Secret * `envFrom` is used to inject secret keys/values as environment variables
c6ba771
to
4a30c90
Compare
* Make it more generic so you can inject sensitive env vars via k8s secret
cc74b83
to
1487208
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM great addition @rblaine95
* Add checksum of env secret to annotations * Change in checksum triggers deployment rollout
I think this worth to be mentioned either
Probably first, according my stats people rarely arrive on this repo. |
I'll merge, thanks @rblaine95 I don't want to delay more this interesting feature |
Thank you @juanpicado Would you like me to take a look at updating the documentation at verdaccio/verdaccio/website/docs/uplinks.md and/or verdaccio/verdaccio/website/docs/kubernetes.md to reference this feature? |
Yes please, that would be awesome, I'm now fully focused on rewrite the core 😓 for v6. |
Original PR Description:
remoteAuthHeaders
valueenvFrom
is used to inject secret keys/values as environmentvariables
My take on #94
Updated:
Made the feature more generic and renamed it to
secretEnvVars
Allows you to pass sensitive environment variables to the container via a k8s secret.
Use case would be similar to #94 (comment)