From 384f505ac45c2a33963697501e1b3ed1ab898574 Mon Sep 17 00:00:00 2001
From: Marian Poeschmann <github@mail.itsmethemojo.eu>
Date: Thu, 15 Sep 2022 22:55:50 +0200
Subject: [PATCH] add env variables stored in secrets to default create
 template

Signed-off-by: Marian Poeschmann <github@mail.itsmethemojo.eu>
---
 cmd/helm/create_test.go      |  4 +--
 pkg/chartutil/create.go      | 48 ++++++++++++++++++++++++++++++++----
 pkg/chartutil/create_test.go |  1 +
 3 files changed, 46 insertions(+), 7 deletions(-)

diff --git a/cmd/helm/create_test.go b/cmd/helm/create_test.go
index 4a3e0b33d..e6ea12716 100644
--- a/cmd/helm/create_test.go
+++ b/cmd/helm/create_test.go
@@ -105,7 +105,7 @@ func TestCreateStarterCmd(t *testing.T) {
 		t.Errorf("Wrong API version: %q", c.Metadata.APIVersion)
 	}
 
-	expectedNumberOfTemplates := 9
+	expectedNumberOfTemplates := 10
 	if l := len(c.Templates); l != expectedNumberOfTemplates {
 		t.Errorf("Expected %d templates, got %d", expectedNumberOfTemplates, l)
 	}
@@ -173,7 +173,7 @@ func TestCreateStarterAbsoluteCmd(t *testing.T) {
 		t.Errorf("Wrong API version: %q", c.Metadata.APIVersion)
 	}
 
-	expectedNumberOfTemplates := 9
+	expectedNumberOfTemplates := 10
 	if l := len(c.Templates); l != expectedNumberOfTemplates {
 		t.Errorf("Expected %d templates, got %d", expectedNumberOfTemplates, l)
 	}
diff --git a/pkg/chartutil/create.go b/pkg/chartutil/create.go
index e43aaf479..f27fc20bc 100644
--- a/pkg/chartutil/create.go
+++ b/pkg/chartutil/create.go
@@ -56,6 +56,8 @@ const (
 	IngressFileName = TemplatesDir + sep + "ingress.yaml"
 	// DeploymentName is the name of the example deployment file.
 	DeploymentName = TemplatesDir + sep + "deployment.yaml"
+	// EnvSecretName is the name of the example secret file for env vars.
+	EnvSecretName = TemplatesDir + sep + "secret-env.yaml"
 	// ServiceName is the name of the example service file.
 	ServiceName = TemplatesDir + sep + "service.yaml"
 	// ServiceAccountName is the name of the example serviceaccount file.
@@ -129,6 +131,10 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
+env: {}
+  # Specify multiple environment parameters for the container
+  # EXAMPLE_KEY: example-value
+
 podAnnotations: {}
 podLabels: {}
 
@@ -305,9 +311,9 @@ spec:
       {{- include "<CHARTNAME>.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
+      {{- with include "<CHARTNAME>.podAnnotations" . }}
       annotations:
-        {{- toYaml . | nindent 8 }}
+        {{- . | nindent 8 }}
       {{- end }}
       labels:
         {{- include "<CHARTNAME>.labels" . | nindent 8 }}
@@ -342,9 +348,10 @@ spec:
               port: http
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-          {{- with .Values.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
+          {{- with .Values.env }}
+          envFrom:
+            - secretRef:
+                name: {{ include "<CHARTNAME>.fullname" $ }}-env
           {{- end }}
       {{- with .Values.volumes }}
       volumes:
@@ -364,6 +371,19 @@ spec:
       {{- end }}
 `
 
+const defaultenvSecret = `{{- if .Values.env -}}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ include "<CHARTNAME>.fullname" . }}-env
+  labels:
+    {{- include "<CHARTNAME>.labels" . | nindent 4 }}
+stringData:
+  {{- toYaml .Values.env | nindent 2 }}
+{{- end }}
+`
+
 const defaultService = `apiVersion: v1
 kind: Service
 metadata:
@@ -516,6 +536,19 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create a checksum for all env parameters in the secret.
+Adds the checksum to podAnnotations to ensure pod reloads on env secret changes.
+*/}}
+{{- define "<CHARTNAME>.podAnnotations" -}}
+{{- if .Values.env -}}
+{{- $envChecksum := .Values.env | toYaml | sha256sum | printf "%.*s" 60 -}}
+{{ toYaml (set .Values.podAnnotations "env-checksum" $envChecksum) }}
+{{- else -}}
+{{ toYaml .Values.podAnnotations }}
+{{- end -}}
+{{- end -}}
 `
 
 const defaultTestConnection = `apiVersion: v1
@@ -646,6 +679,11 @@ func Create(name, dir string) (string, error) {
 			path:    filepath.Join(cdir, DeploymentName),
 			content: transform(defaultDeployment, name),
 		},
+		{
+			// env-secret.yaml
+			path:    filepath.Join(cdir, EnvSecretName),
+			content: transform(defaultenvSecret, name),
+		},
 		{
 			// service.yaml
 			path:    filepath.Join(cdir, ServiceName),
diff --git a/pkg/chartutil/create_test.go b/pkg/chartutil/create_test.go
index 1697c4218..57e2ac34a 100644
--- a/pkg/chartutil/create_test.go
+++ b/pkg/chartutil/create_test.go
@@ -48,6 +48,7 @@ func TestCreate(t *testing.T) {
 	for _, f := range []string{
 		ChartfileName,
 		DeploymentName,
+		EnvSecretName,
 		HelpersName,
 		IgnorefileName,
 		NotesName,