adding envFrom for deployments (#101)

gruntwork-io · Jul 23, 2021 · cb199b7 · cb199b7
1 parent 80ce781
commit cb199b7
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 12 deletions.
diff --git a/charts/k8s-service/templates/_deployment_spec.tpl b/charts/k8s-service/templates/_deployment_spec.tpl
@@ -43,6 +43,8 @@ We need this because certain sections are omitted if there are no volumes or env
     {{- $_ := set $hasInjectionTypes "hasVolume" true -}}
   {{- else if eq (index . "as") "environment" -}}
     {{- $_ := set $hasInjectionTypes "hasEnvVars" true -}}
+  {{- else if eq (index . "as") "envFrom" }}
+    {{- $_ := set $hasInjectionTypes "hasEnvFrom" true -}}
   {{- else if eq (index . "as") "none" -}}
     {{- /* noop */ -}}
   {{- else -}}
@@ -55,6 +57,8 @@ We need this because certain sections are omitted if there are no volumes or env
     {{- $_ := set $hasInjectionTypes "hasVolume" true -}}
   {{- else if eq (index . "as") "environment" -}}
     {{- $_ := set $hasInjectionTypes "hasEnvVars" true -}}
+  {{- else if eq (index . "as") "envFrom" }}
+    {{- $_ := set $hasInjectionTypes "hasEnvFrom" true -}}
   {{- else if eq (index . "as") "none" -}}
     {{- /* noop */ -}}
   {{- else -}}
@@ -261,8 +265,24 @@ spec:
             {{- end }}
             {{- end }}
           {{- end }}
+          {{- if index $hasInjectionTypes "hasEnvFrom" }}
+          envFrom:
+          {{- range $name, $value := .Values.configMaps }}
+            {{- if eq $value.as "envFrom" }}
+            - configMapRef:
+                name: {{ $name }}
+            {{- end }}
+          {{- end }}
+          {{- range $name, $value := .Values.secrets }}
+            {{- if eq $value.as "envFrom" }}
+            - secretRef:
+                name: {{ $name }}
+            {{- end }}
+          {{- end }}
+          {{- end }}
           {{- /* END ENV VAR LOGIC */ -}}
 
+
           {{- /* START VOLUME MOUNT LOGIC */ -}}
           {{- if index $hasInjectionTypes "hasVolume" }}
           volumeMounts:

diff --git a/charts/k8s-service/values.yaml b/charts/k8s-service/values.yaml
@@ -371,11 +371,11 @@ additionalContainerEnv: {}
 # configMaps is a map that specifies the ConfigMap resources that should be exposed to the main application container. Each
 # entry in the map represents a ConfigMap resource. The key refers to the name of the ConfigMap that should be exposed,
 # with the value specifying how to expose the ConfigMap. The value is also a map and has the following attributes:
-#   - as (enum[volume,environment,none]) (required)
+#   - as (enum[volume,environment,envFrom,none]) (required)
 #     : ConfigMaps can be exposed to Pods as a volume mount, or as environment variables. This attribute is a string
-#       enum that is expected to be either "volume" or "environment", specifying that the ConfigMap should be exposed as a
-#       mounted volume or via environment variables respectively. This attribute can also be set to "none", which
-#       disables the `ConfigMap` on the container.
+#       enum that is expected to be either "volume", "environment", or "envFrom", specifying that the ConfigMap should
+#       be exposed as a mounted volume, via environment variables, or loaded as environment variables respectively.
+#       This attribute can also be set to "none", which disables the `ConfigMap` on the container.
 #   - mountPath (string)
 #     : For ConfigMaps mounted as a volume, specify the mount path on the container file system where the config values
 #       will be available.  Required when the ConfigMap is exposed as a volume. Ignored when the ConfigMap is exposed as
@@ -400,7 +400,8 @@ additionalContainerEnv: {}
 # https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/
 #
 # The following example exposes the ConfigMap `myconfig` as a volume mounted to `/etc/myconfig`, while it exposes the
-# ConfigMap `myotherconfig` as an environment variable.
+# ConfigMap `myotherconfig` as an environment variable.  Additionally, it automatically mounts all of the keys
+# `anotherconfig` as environment variables using the `envFrom` keyword.
 #
 # EXAMPLE:
 #
@@ -413,9 +414,11 @@ additionalContainerEnv: {}
 #     items:
 #       foo:
 #         envVarName: CONFIG_FOO
+#   anotherconfig:
+#     as: envFrom
 configMaps: {}
 
-# persistentVolumes is a map that specifies PeristantVolumes that should be mounted on the pod.  Each entry represents a
+# persistentVolumes is a map that specifies PersistentVolumes that should be mounted on the pod.  Each entry represents a
 # persistent volume which should already exist within your cluster. They Key is the name of the persistent volume.
 # The value is also a map and has the following attributes:
 #   - mountPath (string) (required)
@@ -447,11 +450,11 @@ scratchPaths: {}
 # secrets is a map that specifies the Secret resources that should be exposed to the main application container. Each entry in
 # the map represents a Secret resource. The key refers to the name of the Secret that should be exposed, with the value
 # specifying how to expose the Secret. The value is also a map and has the following attributes:
-#   - as (enum[volume,environment,none]) (required)
+#   - as (enum[volume,environment,envFrom,none]) (required)
 #     : Secrets can be exposed to Pods as a volume mount, or as environment variables. This attribute is a string enum
-#       that is expected to be either "volume" or "environment", specifying that the Secret should be exposed as a mounted
-#       volume or via environment variables respectively. This attribute can also be set to "none", which disables the
-#       `Secret` on the container.
+#       that is expected to be either "volume", "environment", or "envFrom", specifying that the Secret should be
+#       exposed as a mounted volume, via environment variables, or loaded in its entirety as environment variables
+#       respectively. This attribute can also be set to "none", which disables the `Secret` on the container.
 #   - mountPath (string)
 #     : For Secrets mounted as a volume, specify the mount path on the container file system where the secrets will be
 #       available. Required when the Secret is exposed as a volume. Ignored when the Secret is exposed as environment
@@ -476,7 +479,8 @@ scratchPaths: {}
 # https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets
 #
 # The following example exposes the Secret `mysecret` as a volume mounted to `/etc/mysecret`, while it exposes the
-# Secret `myothersecret` as an environment variable.
+# Secret `myothersecret` as an environment variable. Additionally, it automatically mounts all of the keys
+# `anothersecret` as environment variables using the `envFrom` keyword.
 #
 # EXAMPLE:
 #
@@ -489,9 +493,10 @@ scratchPaths: {}
 #     items:
 #       foo:
 #         envVarName: SECRET_FOO
+#   anothersecret:
+#     as: envFrom
 secrets: {}
 
-
 # containerResources specifies the amount of resources the application container will require. Only specify if you have
 # specific resource needs.
 # NOTE: This variable is injected directly into the pod spec. See the official documentation for what this might look

diff --git a/test/k8s_service_template_test.go b/test/k8s_service_template_test.go
@@ -794,3 +794,46 @@ func TestK8SServiceFullnameOverride(t *testing.T) {
 
 	assert.Equal(t, deployment.Name, overiddenName)
 }
+
+func TestK8SServiceEnvFrom(t *testing.T) {
+	t.Parallel()
+
+	t.Run("BothConfigMapsAndSecretsEnvFrom", func(t *testing.T) {
+		deployment := renderK8SServiceDeploymentWithSetValues(t,
+			map[string]string{
+				"configMaps.test-configmap.as": "envFrom",
+				"secrets.test-secret.as": "envFrom",
+			},
+		)
+
+		assert.NotNil(t, deployment.Spec.Template.Spec.Containers[0].EnvFrom)
+		assert.Equal(t, len(deployment.Spec.Template.Spec.Containers[0].EnvFrom), 2)
+		assert.Equal(t, deployment.Spec.Template.Spec.Containers[0].EnvFrom[0].ConfigMapRef.Name, "test-configmap")
+		assert.Equal(t, deployment.Spec.Template.Spec.Containers[0].EnvFrom[1].SecretRef.Name, "test-secret")
+	})
+
+	t.Run("OnlyConfigMapsEnvFrom", func(t *testing.T) {
+		deployment := renderK8SServiceDeploymentWithSetValues(t,
+			map[string]string{
+				"configMaps.test-configmap.as": "envFrom",
+			},
+		)
+
+		assert.NotNil(t, deployment.Spec.Template.Spec.Containers[0].EnvFrom)
+		assert.Equal(t, len(deployment.Spec.Template.Spec.Containers[0].EnvFrom), 1)
+		assert.Equal(t, deployment.Spec.Template.Spec.Containers[0].EnvFrom[0].ConfigMapRef.Name, "test-configmap")
+	})
+
+	t.Run("OnlySecretsEnvFrom", func(t *testing.T) {
+		deployment := renderK8SServiceDeploymentWithSetValues(t,
+			map[string]string{
+				"secrets.test-secret.as": "envFrom",
+			},
+		)
+
+		assert.NotNil(t, deployment.Spec.Template.Spec.Containers[0].EnvFrom)
+		assert.Equal(t, len(deployment.Spec.Template.Spec.Containers[0].EnvFrom), 1)
+		assert.Equal(t, deployment.Spec.Template.Spec.Containers[0].EnvFrom[0].SecretRef.Name, "test-secret")
+	})
+
+}