helm-charts
helm-charts copied to clipboard
openfga
feat: add extraEnv configuration for additional environment variables
Description
as much as I like PR #212 I think it doesn't solve more general problem which is "there is so many options people need to provide secrets".
Review Checklist
- [x] I have clicked on "allow edits by maintainers".
- [x] I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev - nope, I do not see anything about helm charts there
- [x] The correct base branch is being used, if not
main - [x] I have added tests to validate that the change in functionality is working as expected - I didn't. I believe simple container verifying that there is some secret present when I add secret, tests kubernetes, not this helm chart. Saying that I did manually executed
helm template -n test-01 openfga .with example configuration uncommented and I got expected result:
---
# Source: openfga/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
...
- name: OPENFGA_METRICS_ADDR
value: "0.0.0.0:2112"
- name: OPENFGA_DATASTORE_USERNAME
valueFrom:
configMapKeyRef:
name: openfga-openfga
key: username
- name: OPENFGA_DATASTORE_PASSWORD
valueFrom:
secretKeyRef:
name: openfga-openfga
key: password
- name: OPENFGA_DATASTORE_URI
value: "postgresql://openfga-openfga-postgresql:5432/openfga?sslmode=disable"
- name: OPENFGA_LOG_LEVEL
value: "debug"
readinessProbe:
...
Summary by CodeRabbit
-
New Features
- Added support for specifying additional environment variables using a new configuration option.
- Users can now define extra environment variables with Helm templating for both the main application and database migration containers.
-
Documentation
- Included example configurations for adding environment variables via the new option in the values file.
The committers listed above are authorized under a signed CLA.
- :white_check_mark: login: mkyc / name: Mateusz Kyc (bd1049c4bebc9c4df6f99a416deaef652bdab007)
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}
I believe this serves the same purpose as the
extraEnvVarsproperty no?
Yes, but extraEnvVars don't use tpl so it's just for plaintext things. I don't mind my PR being closed but extraEnvVars should support more options. I didn't want to change extraEnvVars because I believe that would be breaking change and that has to be introduced with care, and I do not have time for it 😉
For the other PR mentioned, the benefit is mostly around a secret value being kept hidden from the users, which is a good practice.
I need exactly what other PR provides: OPENFGA_AUTHN_PRESHARED_KEYS from external secret, so as long as #212 is merged and released I'm happy. I've noticed it's all green there so I hope it's released soon 👍
BTW, I still believe this PR is better solution. This PR uses:
{{- tpl . $ | nindent 12 }}
while extraEnvVars uses:
{{- toYaml . | nindent 12 }}
difference is that with extraEnvVars I cannot do what is possible with extraEnv:
extraEnv: |
- name: OPENFGA_AUTHN_PRESHARED_KEYS
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-authn
key: preshared_keys
currently with #212 merged I'm forced to use keys (as defined here which is possible, but is not very flexible.
Walkthrough
The changes introduce a new extraEnv configuration option to the OpenFGA Helm chart, allowing users to inject additional environment variables into both the main application container and the migrate-database init container. This is implemented using Helm's templating capabilities, and corresponding schema and documentation updates were made.
Changes
| File(s) | Change Summary |
|---|---|
| charts/openfga/templates/deployment.yaml | Added support for injecting environment variables via extraEnv using Helm tpl templating in both the main and init containers. |
| charts/openfga/values.schema.json | Added the extraEnv property to the schema, allowing templated environment variables as a string. |
| charts/openfga/values.yaml | Introduced the extraEnv configuration with documentation and commented examples. |
Sequence Diagram(s)
sequenceDiagram
participant User
participant Helm
participant Kubernetes
participant OpenFGA Deployment
User->>Helm: Set extraEnv in values.yaml
Helm->>Helm: Process deployment.yaml template with tpl(extraEnv)
Helm->>Kubernetes: Deploy OpenFGA with extra environment variables
Kubernetes->>OpenFGA Deployment: Start containers with injected env vars
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
🪧 Tips
Chat
There are 3 ways to chat with CodeRabbit:
- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
I pushed a fix in commit <commit_id>, please review it.Explain this complex logic.Open a follow-up GitHub issue for this discussion.
- Files and specific lines of code (under the "Files changed" tab): Tag
@coderabbitaiin a new review comment at the desired location with your query. Examples:@coderabbitai explain this code block.@coderabbitai modularize this function.
- PR comments: Tag
@coderabbitaiin a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.@coderabbitai read src/utils.ts and explain its main purpose.@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.@coderabbitai help me debug CodeRabbit configuration file.
Support
Need help? Create a ticket on our support page for assistance with any issues or questions.
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.
CodeRabbit Commands (Invoked using PR comments)
@coderabbitai pauseto pause the reviews on a PR.@coderabbitai resumeto resume the paused reviews.@coderabbitai reviewto trigger an incremental review. This is useful when automatic reviews are disabled for the repository.@coderabbitai full reviewto do a full review from scratch and review all the files again.@coderabbitai summaryto regenerate the summary of the PR.@coderabbitai generate docstringsto generate docstrings for this PR.@coderabbitai generate sequence diagramto generate a sequence diagram of the changes in this PR.@coderabbitai resolveresolve all the CodeRabbit review comments.@coderabbitai configurationto show the current CodeRabbit configuration for the repository.@coderabbitai helpto get help.
Other keywords and placeholders
- Add
@coderabbitai ignoreanywhere in the PR description to prevent this PR from being reviewed. - Add
@coderabbitai summaryto generate the high-level summary at a specific location in the PR description. - Add
@coderabbitaianywhere in the PR title to generate the title automatically.
CodeRabbit Configuration File (.coderabbit.yaml)
- You can programmatically configure CodeRabbit by adding a
.coderabbit.yamlfile to the root of your repository. - Please see the configuration documentation for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation:
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
Documentation and Community
- Visit our Documentation for detailed information on how to use CodeRabbit.
- Join our Discord Community to get help, request features, and share feedback.
- Follow us on X/Twitter for updates and announcements.
![coderabbitai[bot] avatar](https://avatars.githubusercontent.com/in/347564?v=4 "Published by a pub.dev verified publisher"){kind=small}