Support to read environment variables from file in init containers (#993)

### Description of the change Gitea supports providing DB and Redis/ValKey secrets via env variables, current chart requires DB and Redis/ ValKey credentials reading from k8s secret as per below values.yaml snippet. This approach requires secret to be created beforehand. ``` - name: GITEA__database__USER valueFrom: secretKeyRef: name: gitea-ha key: db_user - name: GITEA__database__PASSWD valueFrom: secretKeyRef: name: gitea-ha key: db_password ``` Other approach is to provide the credentials in values.yaml which isnt secure. A bash variable file can be created by using vault injector like this, which then can be sourced while running `config_environment.sh` in `init-app-ini` ``` GITEA__database__NAME=gitea GITEA__database__USER=gitea_user ``` Support to read env variables from file Reference: https://developer.hashicorp.com/vault/docs/deploy/kubernetes/injector/examples#environment-variable-example ### Benefits Support to read env variables from file created by vault injector for DB and redis/ valkey credentials Support to set gitea admin user and credentials via env variables from file created by vault injector ### Possible drawbacks N/A ### ⚠ BREAKING No breaking changes ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) --------- Co-authored-by: techknowlogick <techknowlogick@gitea.com> Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/993 Co-authored-by: deepakdeore2004 <deepakdeore2004@noreply.gitea.com> Co-committed-by: deepakdeore2004 <deepakdeore2004@noreply.gitea.com>
2026-03-12 19:12:26 +00:00
parent be3c6f232a
commit e673346bb8
4 changed files with 152 additions and 23 deletions
@@ -446,6 +446,28 @@ gitea:
  ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
  additionalConfigFromEnvs: []

+  ## @param gitea.extraEnvSourceFile Source environment variables from a file during init container startup. This is especially useful for reading environment variable files generated by the Vault agent-injector.
+  ## See the sample annotations below for reference.
+  ## podAnnotations:
+  ##   vault.hashicorp.com/agent-inject: "true"
+  ##   vault.hashicorp.com/agent-init-first: "true"
+  ##   vault.hashicorp.com/agent-inject-secret-gitea: <path/to/secret>
+  ##   vault.hashicorp.com/agent-inject-template-gitea: |
+  ##     {{- with secret "path/to/secret" -}}
+  ##     export GITEA__database__HOST="{{ .Data.data.db_host }}"
+  ##     export GITEA__database__NAME="{{ .Data.data.db_name }}"
+  ##     export GITEA__database__USER="{{ .Data.data.db_user }}"
+  ##     export GITEA__database__PASSWD="{{ .Data.data.db_password }}"
+  ##     export GITEA__queue__CONN_STR="{{ .Data.data.kv_conn_string }}"
+  ##     export GITEA__session__PROVIDER_CONFIG="{{ .Data.data.kv_conn_string }}"
+  ##     export GITEA__cache__HOST="{{ .Data.data.kv_conn_string }}"
+  ##     export GITEA_ADMIN_USERNAME="{{ .Data.data.gitea_admin_user }}"
+  ##     export GITEA_ADMIN_PASSWORD="{{ .Data.data.gitea_admin_password }}"
+  ##     {{- end }}
+
+  # extraEnvSourceFile: /vault/secrets/gitea
+  extraEnvSourceFile:
+
  ## @param gitea.podAnnotations Annotations for the Gitea pod
  podAnnotations: {}