N8N to use preexisting secrets? (handle env valueFrom)
Spritekin opened this issue · 1 comments
Hi,
It looks like the chart is heavily reliant in using its own defined secret which is saved with the name of the chart, however my email credentials are already in a different secret.
After reading the chart I notice:
a. Env vars in extraEnv are key:value pairs only and translated into the deployment as an env array as:
env:
- name: <key>
value: <value>
b. Any value in extraSecretEnv are key:value pairs as well, in this case the pair is written as part of the chart secret and the value encoded as base64, so now way to read another secret in that way.
My suggestion would be to add an entry in values.yaml called rawEnv where we can write any env as raw Kubernetes list like:
rawEnv:
- name: N8N_EMAIL_MODE
value: smtp
- name: N8N_SMTP_USER
valueFrom:
secretKeyRef:
name: emailcredentials
key: user
- name: N8N_SMTP_PASS
valueFrom:
secretKeyRef:
name: emailcredentials
key: password
Then it can be added to the helpers.tpl as:
{{- define "n8n.env" -}}
env:
{{- range $key, $value := .Values.extraEnv }}
- name: {{ $key }}
value: {{ $value | quote}}
{{ end }}
- name: "N8N_PORT" #! we better set the port once again as ENV Var, see: https://community.n8n.io/t/default-config-is-not-set-or-the-port-to-be-more-precise/3158/3?u=vad1mo
value: {{ get .Values.config "port" | default "5678" | quote }}
{{- if or .Values.config .Values.secret }}
- name: "N8N_CONFIG_FILES"
value: {{ include "n8n.configFiles" . | quote }}
{{ end }}
{{- toYaml .Values.rawEnv | nindent 2 }} <<<<< RENDER ALL ENTRY AS-IS
envFrom:
- secretRef:
name: {{ include "n8n.fullname" . | quote }}
{{- end -}}
Of course it would be responsibility of the user to see the values are valid and correctly formatted.
@Spritekin I have clear ideas how to address this and ready to contribute, but my test PR #149 is just ignored :(