Support extraEnv on every workload

benbz · benbz · commit 5f914324f359 · 2025-05-02T16:27:48.000+01:00
diff --git a/charts/matrix-stack/source/haproxy.json b/charts/matrix-stack/source/haproxy.json
@@ -16,6 +16,9 @@
     "annotations": {
       "$ref": "file://common/workloadAnnotations.json"
     },
+    "extraEnv": {
+      "$ref": "file://common/extraEnv.json"
+    },
     "containersSecurityContext": {
       "$ref": "file://common/containersSecurityContext.json"
     },
diff --git a/charts/matrix-stack/source/init-secrets.json b/charts/matrix-stack/source/init-secrets.json
@@ -20,6 +20,9 @@
     "annotations": {
       "$ref": "file://common/workloadAnnotations.json"
     },
+    "extraEnv": {
+      "$ref": "file://common/extraEnv.json"
+    },
     "containersSecurityContext": {
       "$ref": "file://common/containersSecurityContext.json"
     },
diff --git a/charts/matrix-stack/source/postgres.json b/charts/matrix-stack/source/postgres.json
@@ -9,15 +9,15 @@
     "image": {
       "$ref": "file://common/image.json"
     },
-    "extraEnv": {
-      "$ref": "file://common/extraEnv.json"
-    },
     "postgresExporter": {
       "type": "object",
       "properties": {
         "image": {
           "$ref": "file://common/image.json"
         },
+        "extraEnv": {
+          "$ref": "file://common/extraEnv.json"
+        },
         "containersSecurityContext": {
           "$ref": "file://common/containersSecurityContext.json"
         },
@@ -49,6 +49,9 @@
     "annotations": {
       "$ref": "file://common/workloadAnnotations.json"
     },
+    "extraEnv": {
+      "$ref": "file://common/extraEnv.json"
+    },
     "containersSecurityContext": {
       "$ref": "file://common/containersSecurityContext.json"
     },
diff --git a/charts/matrix-stack/source/synapse.json b/charts/matrix-stack/source/synapse.json
@@ -249,6 +249,9 @@
         "annotations": {
           "$ref": "file://common/workloadAnnotations.json"
         },
+        "extraEnv": {
+          "$ref": "file://common/extraEnv.json"
+        },
         "containersSecurityContext": {
           "$ref": "file://common/containersSecurityContext.json"
         },
diff --git a/charts/matrix-stack/templates/haproxy/deployment.yaml b/charts/matrix-stack/templates/haproxy/deployment.yaml
@@ -84,6 +84,10 @@ spec:
 {{- with .containersSecurityContext }}
         securityContext:
           {{- toYaml . | nindent 10 }}
+{{- end }}
+{{- with .extraEnv }}
+        env:
+          {{- toYaml . | nindent 10 }}
 {{- end }}
         ports:
 {{- if $.Values.synapse.enabled }}
diff --git a/charts/matrix-stack/templates/init-secrets/_helpers.tpl b/charts/matrix-stack/templates/init-secrets/_helpers.tpl
@@ -84,3 +84,20 @@ app.kubernetes.io/version: {{ include "element-io.ess-library.labels.makeSafe" $
 {{- end }}
 {{- end }}
 {{- end }}
+
+{{- define "element-io.init-secrets.env" }}
+{{- $root := .root -}}
+{{- with required "element-io.init-secrets.env missing context" .context -}}
+{{- $resultEnv := dict -}}
+{{- range $envEntry := .extraEnv -}}
+{{- $_ := set $resultEnv $envEntry.name $envEntry.value -}}
+{{- end -}}
+{{- $overrideEnv := dict "NAMESPACE" $root.Release.Namespace
+-}}
+{{- $resultEnv := mustMergeOverwrite $resultEnv $overrideEnv -}}
+{{- range $key, $value := $resultEnv }}
+- name: {{ $key | quote }}
+  value: {{ $value | quote }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/matrix-stack/templates/init-secrets/job.yaml b/charts/matrix-stack/templates/init-secrets/job.yaml
@@ -58,8 +58,7 @@ spec:
           {{- toYaml . | nindent 10 }}
 {{- end }}
         env:
-        - name: NAMESPACE
-          value: {{ $.Release.Namespace }}
+        {{- include "element-io.init-secrets.env" (dict "root" $ "context" .) | nindent 8 }}
         command:
         - "/matrix-tools"
         - "generate-secrets"
diff --git a/charts/matrix-stack/templates/postgres/_helpers.tpl b/charts/matrix-stack/templates/postgres/_helpers.tpl
@@ -122,6 +122,24 @@ true
 {{- end -}}
 {{- end -}}
 
+{{- define "element-io.postgres.exporter-env" }}
+{{- $root := .root -}}
+{{- with required "element-io.postgres.exporter-env missing context" .context -}}
+{{- $resultEnv := dict -}}
+{{- range $envEntry := .extraEnv -}}
+{{- $_ := set $resultEnv $envEntry.name $envEntry.value -}}
+{{- end -}}
+{{- $overrideEnv := dict "DATA_SOURCE_URI" "localhost?sslmode=disable"
+                         "DATA_SOURCE_USER" "postgres"
+-}}
+{{- $resultEnv := mustMergeOverwrite $resultEnv $overrideEnv -}}
+{{- range $key, $value := $resultEnv }}
+- name: {{ $key | quote }}
+  value: {{ $value | quote }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
 
 {{- define "element-io.postgres.configmap-data" -}}
 {{- $root := .root -}}
diff --git a/charts/matrix-stack/templates/postgres/statefulset.yaml b/charts/matrix-stack/templates/postgres/statefulset.yaml
@@ -191,10 +191,7 @@ spec:
         - name: metrics
           containerPort: 9187
         env:
-        - name: DATA_SOURCE_URI
-          value: "localhost?sslmode=disable"
-        - name: DATA_SOURCE_USER
-          value: "postgres"
+        {{- include "element-io.postgres.exporter-env" (dict "root" $ "context" .) | nindent 8 }}
         startupProbe:
           httpGet:
             path: /metrics
diff --git a/charts/matrix-stack/templates/synapse/redis_deployment.yaml b/charts/matrix-stack/templates/synapse/redis_deployment.yaml
@@ -57,6 +57,10 @@ spec:
 {{- with .containersSecurityContext }}
         securityContext:
           {{- toYaml . | nindent 10 }}
+{{- end }}
+{{- with .extraEnv }}
+        env:
+          {{- toYaml . | nindent 10 }}
 {{- end }}
         ports:
         - containerPort: 6379
diff --git a/charts/matrix-stack/values.schema.json b/charts/matrix-stack/values.schema.json
@@ -298,6 +298,25 @@
             "type": "string"
           }
         },
+        "extraEnv": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": [
+              "name",
+              "value"
+            ],
+            "properties": {
+              "name": {
+                "type": "string"
+              },
+              "value": {
+                "type": "string"
+              }
+            },
+            "additionalProperties": false
+          }
+        },
         "containersSecurityContext": {
           "properties": {
             "allowPrivilegeEscalation": {
@@ -1961,6 +1980,25 @@
             "type": "string"
           }
         },
+        "extraEnv": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": [
+              "name",
+              "value"
+            ],
+            "properties": {
+              "name": {
+                "type": "string"
+              },
+              "value": {
+                "type": "string"
+              }
+            },
+            "additionalProperties": false
+          }
+        },
         "containersSecurityContext": {
           "properties": {
             "allowPrivilegeEscalation": {
@@ -2986,25 +3024,6 @@
           },
           "additionalProperties": false
         },
-        "extraEnv": {
-          "type": "array",
-          "items": {
-            "type": "object",
-            "required": [
-              "name",
-              "value"
-            ],
-            "properties": {
-              "name": {
-                "type": "string"
-              },
-              "value": {
-                "type": "string"
-              }
-            },
-            "additionalProperties": false
-          }
-        },
         "postgresExporter": {
           "type": "object",
           "properties": {
@@ -3049,6 +3068,25 @@
               },
               "additionalProperties": false
             },
+            "extraEnv": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "required": [
+                  "name",
+                  "value"
+                ],
+                "properties": {
+                  "name": {
+                    "type": "string"
+                  },
+                  "value": {
+                    "type": "string"
+                  }
+                },
+                "additionalProperties": false
+              }
+            },
             "containersSecurityContext": {
               "properties": {
                 "allowPrivilegeEscalation": {
@@ -3221,6 +3259,25 @@
             "type": "string"
           }
         },
+        "extraEnv": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": [
+              "name",
+              "value"
+            ],
+            "properties": {
+              "name": {
+                "type": "string"
+              },
+              "value": {
+                "type": "string"
+              }
+            },
+            "additionalProperties": false
+          }
+        },
         "containersSecurityContext": {
           "properties": {
             "allowPrivilegeEscalation": {
@@ -6374,6 +6431,25 @@
                 "type": "string"
               }
             },
+            "extraEnv": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "required": [
+                  "name",
+                  "value"
+                ],
+                "properties": {
+                  "name": {
+                    "type": "string"
+                  },
+                  "value": {
+                    "type": "string"
+                  }
+                },
+                "additionalProperties": false
+              }
+            },
             "containersSecurityContext": {
               "properties": {
                 "allowPrivilegeEscalation": {
diff --git a/tests/manifests/__init__.py b/tests/manifests/__init__.py
@@ -65,7 +65,6 @@ class DeployableDetails(abc.ABC):
 
     has_db: bool = field(default=False, hash=False)
     has_image: bool = field(default=None, hash=False)  # type: ignore[assignment]
-    has_extra_env: bool = field(default=None, hash=False)  # type: ignore[assignment]
     has_ingress: bool = field(default=True, hash=False)
     has_workloads: bool = field(default=True, hash=False)
     has_service_monitor: bool = field(default=None, hash=False)  # type: ignore[assignment]
@@ -80,8 +79,6 @@ def __post_init__(self):
             self.helm_keys = (self.name,)
         if self.has_image is None:
             self.has_image = self.has_workloads
-        if self.has_extra_env is None:
-            self.has_extra_env = self.has_workloads
         if self.has_service_monitor is None:
             self.has_service_monitor = self.has_workloads
         if self.has_topology_spread_constraints is None:
@@ -275,22 +272,19 @@ def owns_manifest_named(self, manifest_name: str) -> bool:
         helm_keys=("initSecrets",),
         has_image=False,
         has_ingress=False,
-        has_extra_env=False,
         has_service_monitor=False,
         has_topology_spread_constraints=False,
         is_shared_component=True,
     ),
     ComponentDetails(
         name="haproxy",
         has_ingress=False,
-        has_extra_env=False,
         is_shared_component=True,
         skip_path_consistency_for_files=("haproxy.cfg", "429.http", "path_map_file", "path_map_file_get"),
     ),
     ComponentDetails(
         name="postgres",
         has_ingress=False,
-        has_extra_env=False,
         has_storage=True,
         sidecars=(
             SidecarDetails(
@@ -300,7 +294,6 @@ def owns_manifest_named(self, manifest_name: str) -> bool:
                     # No manifests of its own, so no labels to set
                     PropertyType.Labels: None,
                 },
-                has_extra_env=False,
                 has_ingress=False,
                 has_service_monitor=False,
             ),
@@ -359,23 +352,23 @@ def owns_manifest_named(self, manifest_name: str) -> bool:
                 name="synapse-redis",
                 helm_keys=("synapse", "redis"),
                 has_ingress=False,
-                has_extra_env=False,
                 has_service_monitor=False,
                 has_topology_spread_constraints=False,
             ),
             SubComponentDetails(
                 name="synapse-check-config-hook",
                 helm_keys=("synapse", "checkConfigHook"),
                 helm_keys_overrides={
-                    # has_extra_env but comes from synapse.extraEnv
+                    # has_workloads but comes from synapse.extraEnv
                     PropertyType.Env: None,
                     # has_workloads and so comes from synapse.image
                     PropertyType.Image: None,
                     # has_workloads and so podSecurityContext but comes from synapse.podSecurityContext
                     PropertyType.PodSecurityContext: None,
                     # has_workloads and so tolerations but comes from synapse.tolerations
                     PropertyType.Tolerations: None,
-                    # has_workloads and so topologySpreadConstraints but comes from synapse.topologySpreadConstraints
+                    # has_topology_spread_constraints and so topologySpreadConstraints
+                    # but comes from synapse.topologySpreadConstraints
                     PropertyType.TopologySpreadConstraints: None,
                 },
                 has_ingress=False,
diff --git a/tests/manifests/test_pod_env.py b/tests/manifests/test_pod_env.py
