Helm: Add capability to use secrets for environment variables

XMLWordPrintable

    • Type: New Feature Request
    • Resolution: Unresolved
    • Priority: Trivial
    • None
    • Affects Version/s: None
    • Component/s: Installation (I)

      Currently the helm chart only supports specifying environment variables for both the proxy and agent. I would like to propose making it possible to reference existing secrets to set environment variables. This way we can have e.g. ZBX_TLSPSKIDENTITY and ZBX_TLSPSK as secrets and don't expose this in the values file.

      Toady we are patching the helm chart to add this functionality and it works great (patch included in the end). This together with sealed-secrets make it possible to have everything in git and applied via ArgoCD without exposing secrets.

      diff --git a/templates/zabbix-agent.yaml b/templates/zabbix-agent.yaml
index b0bcadd..6368b20 100644
--- a/templates/zabbix-agent.yaml
+++ b/templates/zabbix-agent.yaml
@@ -65,6 +65,9 @@ spec:
             - name: {{ .name }}
               value: {{ .value | quote  }}
            {{- end }}
+          {{- if .Values.zabbixAgent.secretEnv }}
+{{ toYaml .Values.zabbixAgent.secretEnv | nindent 12 }}
+          {{- end }}
           volumeMounts:
             - name: proc
               mountPath: /hostfs/proc
diff --git a/templates/zabbix-proxy.yaml b/templates/zabbix-proxy.yaml
index 17d3e17..9b51e31 100644
--- a/templates/zabbix-proxy.yaml
+++ b/templates/zabbix-proxy.yaml
@@ -73,6 +73,9 @@ spec:
               value: "5"
             {{- end }}
             {{- end }}
+            {{- if .Values.zabbixProxy.secretEnv }}
+{{ toYaml .Values.zabbixProxy.secretEnv | nindent 12 }}
+            {{- end }}
       {{- if .Values.zabbixProxy.image.pullSecrets }}
       imagePullSecrets:
 {{ toYaml .Values.zabbixProxy.image.pullSecrets | indent 6 }}
diff --git a/values.yaml b/values.yaml
index de48da3..2eb9625 100644
--- a/values.yaml
+++ b/values.yaml
@@ -76,6 +76,18 @@ zabbixProxy:
     ## - name: ZBX_LOADMODULE
     ##   value : dummy1.so,dummy2.so
 
+  secretEnv: []
+    ##. - name: ZBX_TLSPSKIDENTITY
+    ##.   valueFrom:
+    ##.     secretKeyRef:
+    ##.       name: zabbix-config
+    ##.       key: proxy.identity
+    ##. - name: ZBX_TLSPSK
+    ##.   valueFrom:
+    ##.     secretKeyRef:
+    ##.       name: zabbix-config
+    ##.       key: proxy.psk
+
   ## The startupProbe, livenessProbe, readinessProbe variables
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
 
@@ -273,6 +285,18 @@ zabbixAgent:
     ## - name: ZBX_LOADMODULE
     ##   value: ''
 
+  secretEnv: []
+    ##  - name: ZBX_TLSPSKIDENTITY
+    ##    valueFrom:
+    ##      secretKeyRef:
+    ##        name: zabbix-config
+    ##        key: agent.identity
+    ##  - name: ZBX_TLSPSK
+    ##    valueFrom:
+    ##      secretKeyRef:
+    ##        name: zabbix-config
+    ##        key: agent.psk
+
   ## The startupProbe, livenessProbe, readinessProbe variables
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
 

      Thanks!

            Assignee:
            dimir
            Reporter:
            Henrik D. (FE)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: