Adding the ability to set custom environment variables on the injecto…

…r, connect, and operator containers

charts/connect/templates/connect-deployment.yaml

@@ -84,6 +84,10 @@ spec:
             - name: OP_LOG_LEVEL
               value: "{{ .Values.connect.api.logLevel }}"
             {{- include "onepassword-connect.profilerConfig" . | indent 12 -}}
+            {{- range .Values.connect.customEnvVars}}
+            - name: {{ .name }}
+              value: {{ .value }}
+            {{- end }} 
           {{- if .Values.connect.probes.readiness }}
           readinessProbe:
             httpGet:

charts/connect/templates/operator-deployment.yaml

@@ -72,6 +72,10 @@ spec:
                   key: {{ .Values.operator.token.key }}
             - name: AUTO_RESTART
               value: "{{ .Values.operator.autoRestart }}"
+            {{- range .Values.operator.customEnvVars}}
+            - name: {{ .name }}
+              value: {{ .value }}
+            {{- end }} 
           resources:
             {{- toYaml .Values.operator.resources | nindent 12 }}
 {{- end }}

charts/connect/values.yaml

@@ -146,9 +146,11 @@ connect:
   # In order to expose the service, use the route section below
   ingress:
     enabled: false
-    labels: {}
+    labels:
+      {}
       # traffic: external
-    annotations: {}
+    annotations:
+      {}
       # |
       # kubernetes.io/ingress.class: nginx
       # kubernetes.io/tls-acme: "true"
@@ -189,6 +191,12 @@ connect:
     # Number of profiler snapshots to keep.
     keepLast: 12
 
+  # 1Password Connect Custom Container Environment Variables
+  # Must be written in the following format:
+  # - name: VARIABLE_NAME
+  #   value: VARIABLE_VALUE
+  customEnvVars: {}
+
 # This section of values is for 1Password Operator Configuration
 operator:
   # Denotes whether the 1Password Operator will be deployed
@@ -286,6 +294,12 @@ operator:
   # 1Password Operator Log Level Configuration
   logLevel: info
 
+  # 1Password Operator Custom Container Environment Variables
+  # Must be written in the following format:
+  # - name: VARIABLE_NAME
+  #   value: VARIABLE_VALUE
+  customEnvVars: {}
+
 # 1Password Acceptance Tests Functionality
 acceptanceTests:
   enabled: false

charts/secrets-injector/README.md

@@ -1,35 +1,54 @@
 # 1Password Kubernetes Secrets Injector Helm chart
 
 ## Installation
+
 Installing the Helm Chart with default configurations will deploy 1Password Kubernetes Secrets Injector in your default Namespace.
+
 ```
 helm install --generate-name 1password/secrets-injector
 ```
 
 ## Configuration Values
+
 The 1Password Kubernetes Secrets Injector Helm chart offers many configuration options for deployment. Please refer to the list below for information on what configuration options are available as well as what the default configuration options are.
 
 [From the Official Helm Install Guide](https://helm.sh/docs/helm/helm_install/#helm-install):
 
->To override values in a chart, use either the '--values' flag and pass in a file or use the '--set' flag and pass configuration from the command line, to force a string value use '--set-string'. In case a value is large and therefore you want not to use neither '--values' nor '--set', use '--set-file' to read the single large value from file.
+> To override values in a chart, use either the '--values' flag and pass in a file or use the '--set' flag and pass configuration from the command line, to force a string value use '--set-string'. In case a value is large and therefore you want not to use neither '--values' nor '--set', use '--set-file' to read the single large value from file.
+
+For example:
 
-For example: 
 ```bash
 $ helm install -f myvalues.yaml injector ./secrets-injector
 ```
 
-or 
+or
 
 ```bash
 $ helm install --set injector.applicationName=injector injector ./secrets-injector
 ```
 
 ### Values
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application |
-| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
-| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository |
-| injector.port | string | `443` | The port the Secrets Injector exposes |
-| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod |
-| injector.version         | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. |
+
+| Key                      | Type    | Default                                   | Description                                                                                                                               |
+| ------------------------ | ------- | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
+| injector.applicationName | string  | `"secrets-injector"`                      | The name of 1Password Kubernetes Secrets Injector Application                                                                             |
+| injector.imagePullPolicy | string  | `"IfNotPresent"`                          | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
+| injector.imageRepository | string  | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository                                                                                    |
+| injector.port            | string  | `443`                                     | The port the Secrets Injector exposes                                                                                                     |
+| injector.targetPort      | integer | `8443`                                    | The port the Secrets Injector API sends requests to the pod                                                                               |
+| injector.version         | string  | `{{.Chart.AppVersion}}`                   | The 1Password Secrets Injector version to pull.                                                                                           |
+| injector.customEnvVars   | map     | `{}`                                      | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart.                      |
+
+#### Custom Environment Variables
+
+The injector container supports additional environment variables beyond those explicitly defined in the Helm chart. These can be defined using a key map for each custom variable. An example is shown below:
+
+```yaml
+injector:
+  customEnvVars:
+    - name: "CUSTOM_ENV_VAR1"
+      value: "customvar2"
+    - name: "CUSTOM_ENV_VAR2"
+      value: "customvar2"
+```

charts/secrets-injector/templates/deployment.yaml

@@ -32,6 +32,10 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          {{- range .Values.operator.customEnvVars}}
+          - name: {{ .name }}
+            value: {{ .value }}
+          {{- end }} 
           lifecycle:
             preStop:
               exec:

charts/secrets-injector/values.yaml

@@ -5,3 +5,8 @@ injector:
   port: 443
   targetPort: 8443
   version: "{{ .Chart.AppVersion }}"
+  # 1Password Operator Custom Container Environment Variables
+  # Must be written in the following format:
+  # - name: VARIABLE_NAME
+  #   value: VARIABLE_VALUE
+  customEnvVars: {}