From ab78deb4d3495ceb9bfa8e28084538dc0315e467 Mon Sep 17 00:00:00 2001 From: Martin Othamar Date: Tue, 17 Feb 2026 16:54:31 +0100 Subject: [PATCH] chore: deployment - flexible runtime configuration --- charts/deployment/Chart.yaml | 2 +- charts/deployment/templates/deployment.yaml | 15 +++++++++--- charts/deployment/values.yaml | 26 +++++++++++++++++++++ 3 files changed, 39 insertions(+), 4 deletions(-) diff --git a/charts/deployment/Chart.yaml b/charts/deployment/Chart.yaml index 37d6b32..e99c1f0 100644 --- a/charts/deployment/Chart.yaml +++ b/charts/deployment/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 description: A Helm chart for Kubernetes # name can only be lowercase. It is used in the templates. name: deployment -version: 3.9.0 +version: 3.10.0 diff --git a/charts/deployment/templates/deployment.yaml b/charts/deployment/templates/deployment.yaml index f5035d4..9ca8528 100644 --- a/charts/deployment/templates/deployment.yaml +++ b/charts/deployment/templates/deployment.yaml @@ -75,6 +75,10 @@ spec: fieldPath: metadata.uid - name: OTEL_RESOURCE_ATTRIBUTES value: "k8s.pod.uid=$(POD_UID)" + {{- if .Values.image.envFrom }} + envFrom: + {{- toYaml .Values.image.envFrom | nindent 12 }} + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} resources: @@ -100,7 +104,7 @@ spec: mountPath: {{ $mount.mountPath }} {{- end }} - name: app-secrets-volume - mountPath: /mnt/app-secrets + mountPath: {{ .Values.appSecrets.mountPath }} readOnly: true {{- if .Values.startup.enabled}} startupProbe: @@ -147,5 +151,10 @@ spec: {{- end }} {{- end }} - name: app-secrets-volume - secret: - secretName: {{ template "fullname" . }}-secrets + projected: + sources: + - secret: + name: {{ template "fullname" . }}-secrets +{{- with .Values.appSecrets.additionalSources }} +{{- toYaml . | nindent 14 }} +{{- end }} diff --git a/charts/deployment/values.yaml b/charts/deployment/values.yaml index 8feb0da..5762870 100644 --- a/charts/deployment/values.yaml +++ b/charts/deployment/values.yaml @@ -45,6 +45,14 @@ image: tag: latest pullPolicy: Always pullSecrets: [] + envFrom: [] + # Additional environment variable sources. + # Example: + # envFrom: + # - configMapRef: + # name: apps-runtime-common-config-env + # - secretRef: + # name: apps-runtime-common-secrets-env # - name: myRegistryKeySecretName service: @@ -91,6 +99,24 @@ volumes: secret: secretName: accesstoken +appSecrets: + mountPath: /mnt/app-secrets + additionalSources: [] + # Additional projected volume sources merged into appSecrets.mountPath. + # Example: + # additionalSources: + # - configMap: + # name: apps-runtime-common-config + # items: + # - key: runtime-common.json + # path: runtime-common.json + # - secret: + # name: apps-runtime-common-secrets + # optional: true + # items: + # - key: runtime-common-secrets.json + # path: runtime-common-secrets.json + startup: enabled: false path: /health