Bug in deployment templates to pass environment variables #83
Description
The condition
{{- if and (not .Values.externalSecrets.enabled) (not .Values.externalSecrets.externalSecretsOperator.enabled) }} in deployment_backend and deployment_job template should be removed, as it stops the deployment template to add the required environment variables like LICENSE_KEY, JWT_SECRET, ENCRYPTION_KEY, POSTGRES_PASSWORD.
The same condition is also used to decide if secrets will be created in secrets.yaml
We have our secrets as SealedSecrets in K8s, and as mentioned in the values.yaml file, for example for licenseKey
config:
licenseKey: "EXPIRED-LICENSE-KEY-TRIAL"
# licenseKeySecretName is the name of the secret where the Retool license key is stored (can be used instead of licenseKey)
# licenseKeySecretName:
# licenseKeySecretKey is the key in the k8s secret, default: license-key
# licenseKeySecretKey:
We want to refer to the Name and Key from the sealed secrets in these values not the original licenseKey. But the issue is:
There is this condition in the
deployment_backend.yaml
deployment_job.yaml and
secret.yaml
{{- if and (not .Values.externalSecrets.enabled) (not .Values.externalSecrets.externalSecretsOperator.enabled) }}
if both externalSecrets.enabled and
.Values.externalSecrets.externalSecretsOperator.enabled is set to false , the above condition will be true, if this if condition is true, and secrets will be created from secrets.yaml, it creates an empty secret (with fields which we are not using example: licenseKey)
and in deployments.yaml template, this condition decides if we need to add the secrets references (License, jwtsecret, encryptionkeysecret, postgrespassword)
We want these environment variables to be created, even if we don’t have externalsecrets enabled.