Add ability to set extra environmental variables through downward API

hashicorp · Nov 25, 2024 · e3a6901 · e3a6901
1 parent 272d04e
commit e3a6901
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 0 deletions.
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -1003,6 +1003,20 @@ Inject extra environment vars in the format key:value, if populated
 {{- end -}}
 {{- end -}}
 
+{{/*
+Inject extra environment vars via fields available through the downward API
+*/}}
+{{- define "vault.extraEnvironmentVarsFieldPath" -}}
+{{- if .extraEnvironmentVarsFieldPath -}}
+{{- range $key, $value := .extraEnvironmentVarsFieldPath }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  valueFrom:
+    fieldRef:
+      fieldPath: {{ $value }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Inject extra environment populated by secrets, if populated
 */}}

diff --git a/templates/injector-deployment.yaml b/templates/injector-deployment.yaml
@@ -54,6 +54,7 @@ spec:
           imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
           {{- template "injector.securityContext.container" . }}
           env:
+            {{- include "vault.extraEnvironmentVarsFieldPath" .Values.injector | nindent 12 }}
             - name: AGENT_INJECT_LISTEN
               value: {{ printf ":%v" .Values.injector.port  }}
             - name: AGENT_INJECT_LOG_LEVEL

diff --git a/test/unit/injector-deployment.bats b/test/unit/injector-deployment.bats
@@ -696,6 +696,32 @@ EOF
   [ "${value}" = "sanitized" ]
 }
 
+#--------------------------------------------------------------------
+# extraEnvironmentVarsFieldPath
+
+@test "injector/deployment: set extraEnvironmentVarsFieldPath" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/injector-deployment.yaml  \
+      --set "injector.extraEnvironmentVarsFieldPath.FOO=metadata.labels['test']" \
+      --set 'injector.extraEnvironmentVarsFieldPath.FOOBAR=spec.nodeName' \
+      --set 'injector.extraEnvironmentVarsFieldPath.lower\.case=sanitized' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="FOO")) | .[] .valueFrom.fieldRef.fieldPath' | tee /dev/stderr)
+  [ "${value}" = "metadata.labels['test']" ]
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="FOOBAR")) | .[] .valueFrom.fieldRef.fieldPath' | tee /dev/stderr)
+  [ "${value}" = "spec.nodeName" ]
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="LOWER_CASE")) | .[] .valueFrom.fieldRef.fieldPath' | tee /dev/stderr)
+  [ "${value}" = "sanitized" ]
+}
+
 #--------------------------------------------------------------------
 # extra annotations
 

diff --git a/values.schema.json b/values.schema.json
@@ -374,6 +374,9 @@
                 "extraEnvironmentVars": {
                     "type": "object"
                 },
+                "extraEnvironmentVarsFieldPath": {
+                    "type": "object"
+                },
                 "extraLabels": {
                     "type": "object"
                 },

diff --git a/values.yaml b/values.yaml
@@ -281,6 +281,12 @@ injector:
   extraEnvironmentVars: {}
     # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
 
+  # extraEnvironmentVarsFieldPath is a list of extra environment variables to set in the
+  # injector deployment using the downward API.
+  extraEnvironmentVarsFieldPath: {}
+    # CLUSTERID: metadata.labels['clusterID']
+    # CLUSTERENVIRONMENT: metadata.annotations['clusterEnvironment']
+
   # Affinity Settings for injector pods
   # This can either be a multi-line string or YAML matching the PodSpec's affinity field.
   # Commenting out or setting as empty the affinity variable, will allow