feat: allow configuring env and conf using existing secret

useful for when the secret is created out of band using a vault api for example
2025-04-28 11:32:38 +02:00 · 2025-01-29 15:48:20 +01:00 · 2025-01-29 15:48:20 +01:00 · e97b619da8
commit e97b619da8
parent 3b9a0c0951
4 changed files with 21 additions and 2 deletions
--- a/charts/umap/templates/deployment.yaml
+++ b/charts/umap/templates/deployment.yaml
@ -66,7 +66,11 @@ spec:
          {{- end }}
          envFrom:
          - secretRef:
+              {{- if .Values.umap.envFromSecret }}
+              name: {{ .Values.umap.envFromSecret }}
+              {{- else }}
              name: {{ include "umap.fullname" . }}-env
+              {{- end }}
          volumeMounts:
            - name: config
              mountPath: /etc/umap/
@ -80,7 +84,11 @@ spec:
      volumes:
        - name: config
          secret:
+            {{- if .Values.umap.configFromSecret }}
+            secretName: {{ .Values.umap.configFromSecret }}
+            {{- else }}
            secretName: {{ include "umap.fullname" . }}-config
+            {{- end }}
        - name: statics
          emptyDir: {}
      {{- if .Values.persistence.enabled }}
--- a/charts/umap/templates/secret-config.yaml
+++ b/charts/umap/templates/secret-config.yaml
@ -1,3 +1,4 @@
+{{ if not .Values.umap.configFromSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@ -7,3 +8,4 @@ metadata:
 type: Opaque
 data:
  umap.conf: {{ .Values.umap.config | b64enc }}
+{{- end }}
--- a/charts/umap/templates/secret-env.yaml
+++ b/charts/umap/templates/secret-env.yaml
@ -1,3 +1,4 @@
+{{ if not .Values.umap.envFromSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@ -9,3 +10,4 @@ data:
 {{- range $key, $value := .Values.umap.environment }}
  {{ $key }}: "{{ $value | b64enc }}"
 {{- end }}
+{{- end }}
--- a/charts/umap/values.yaml
+++ b/charts/umap/values.yaml
@ -77,11 +77,18 @@ umap:
    SECRET_KEY: CHANGE_ME
    STATIC_ROOT: /srv/umap/static
    MEDIA_ROOT: /srv/umap/uploads
+  # Configure environment variables using an existing secret in the same namespace.
+  # In this case the values above are not used
+  envFromSecret: null
+
  # You can also provide umap.conf content here:
  config: |
    from umap.settings.base import *

    # See: https://github.com/umap-project/umap/blob/master/umap/settings/local.py.sample
+  # Configure config file using an existing secret in the same namespace.
+  # In this case the values above are not used
+  configFromSecret: null

 persistence:
  enabled: true