fix: add support for global connector envFromSecret, env, volumes, and volumeMounts. (#82)

Add support for global connector values for envFromSecret, env, volumes, and volumeMounts.

Co-authored-by: Joe Skora <jskora@eitccorp.com>

Author: jskora

charts/opencti/templates/connector/deployment.yaml

@@ -1,3 +1,4 @@
+{{- $connectorsGlobal := .Values.connectorsGlobal }}
 {{- range .Values.connectors }}
 {{- $connectorName := .name }}
 
@@ -81,6 +82,7 @@ spec:
           env:
           # Variables from secrets have precedence
           {{- $envList := dict -}}
+          # Connector specific env from secrets
           {{- if .envFromSecrets }}
           {{- range $key, $value := .envFromSecrets }}
           - name: {{ $key | upper }}
@@ -90,6 +92,19 @@ spec:
                 key: {{ $value.key | default $key }}
           {{- $_ := set $envList $key true }}
           {{- end }}
+          {{- end }}
+          # Connectors global env from secrets
+          {{- if $connectorsGlobal.envFromSecret }}
+          {{- range $key, $value := $connectorsGlobal.envFromSecret }}
+          {{- if not (hasKey $envList $key) }}
+          - name: {{ $key | upper }}
+            valueFrom:
+              secretKeyRef:
+                name: {{ $value.name }}
+                key: {{ $value.key | default $key }}
+          {{- $_ := set $envList $key true }}
+          {{- end }}
+          {{- end }}
           {{- end }}
            # Add variables in plain text if they were not already added from secrets
           {{- if .env }}
@@ -101,6 +116,16 @@ spec:
           {{- end }}
           {{- end }}
           {{- end }}
+          # Connectors global env from secrets
+          {{- if $connectorsGlobal.env }}
+          {{- range $key, $value := $connectorsGlobal.env }}
+          {{- if not (hasKey $envList $key) }}
+          - name: {{ $key | upper }}
+            value: {{ $value | quote }}
+          {{- $_ := set $envList $key true }}
+          {{- end }}
+          {{- end }}
+          {{- end }}
           # Special handling for OPENCTI_URL which is constructed from other values
           {{- if not (hasKey $envList "OPENCTI_URL") }}
           {{- if eq $.Values.env.APP__BASE_PATH "/" }}
@@ -123,7 +148,17 @@ spec:
           {{- end }}
           resources:
             {{- toYaml .resources | nindent 12 }}
+          # Connectors global volumeMounts if defined
+          {{- with $connectorsGlobal.volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
       terminationGracePeriodSeconds: {{ .terminationGracePeriodSeconds | default 30 }}
+      {{- with $connectorsGlobal.volumes }}
+      # Connectors global volumes if defined
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/opencti/values.yaml

@@ -348,10 +348,31 @@ topologySpreadConstraints: []
   #   topologyKey: zone
   #   whenUnsatisfiable: DoNotSchedule
 
-# -- Connector Global environment
-connectorsGlobalEnv: {}
+# -- Connectors Globals
+connectorsGlobal:
+  # -- Secrets from variables
+  envFromSecrets: {}
+  # MY_VARIABLE:
+  #  name: <release-name>-credentials
+  #  key: secret_key
+
+  # -- Additional environment variables on the output connector definition
+  env: {}
   # MY_VARIABLE: my_value
 
+  # -- Additional volumes on the output connector Deployment definition
+  volumes: []
+  # - name: foo
+  #   secret:
+  #     secretName: mysecret
+  #     optional: false
+
+  # -- Additional volumeMounts on the output connector Deployment definition
+  volumeMounts: []
+  # - name: foo
+  #   mountPath: "/etc/foo"
+  #   readOnly: true
+
 # -- Connectors
 # </br> Ref: https://github.com/OpenCTI-Platform/connectors/tree/master
 connectors: []