search

curityio / idsvr-helm

This repository contains the Curity Identity Server helm chart source code.
Apache License 2.0
10 stars 21 forks source link

Add support for array of envvar secrets #35

Closed bokristoffersson closed 2 years ago

bokristoffersson commented 2 years ago

We are storing one set of secrets in git (as sealed secrets) and another set is generated when starting the cluster. This PR enable us to use both secrets as source for environment variables.

anestos commented 2 years ago

I have a proposal to make this more clean:

  1. Deprecate curity.config.environmentVariableSecret in the readme, remove it from the default values
  2. In the helpers.tpl create a new array by merging curity.config.environmentVariableSecrets and curity.config.environmentVariableSecret.
  3. In the admin and runtime deployment files, only use the new array (and its length) to perform any checks previously done with .Values.curity.config.environmentVariableSecret
  4. Do the same for the .Values.curity.config. configurationSecret so that too can be an array
anestos commented 2 years ago

This also works, instead of trying to create a new list in _helpers.tpl

{{- range $secret := concat .Values.curity.config.environmentVariableSecrets (list .Values.curity.config.environmentVariableSecret) }}
{{- if $secret }}
  - secretRef:
    name: {{ $secret | quote}}
{{- end }}
{{- end }}
bokristoffersson commented 2 years ago

Using your suggested concat function.