Merge pull request #559 from element-hq/bbz/no-env-overwriting

`extraEnv` consistency

Author: benbz

charts/matrix-stack/source/haproxy.yaml.j2

@@ -11,6 +11,7 @@ replicas: 1
 {{- sub_schema_values.labels() }}
 {{- sub_schema_values.workloadAnnotations() }}
 {{- sub_schema_values.containersSecurityContext() }}
+{{- sub_schema_values.extraEnv() }}
 {{- sub_schema_values.nodeSelector() }}
 {{- sub_schema_values.podSecurityContext(user_id='10001', group_id='10001') }}
 {{- sub_schema_values.resources(requests_memory='100Mi', requests_cpu='100m', limits_memory='200Mi') }}

charts/matrix-stack/source/matrix-rtc.yaml.j2

@@ -17,14 +17,13 @@ enabled: true
   {#- We set `initSecret=false` because we are describing the mechanism in the comment parameter #}
   {{- sub_schema_values.credential("The secret for the LiveKit SFU.\n## This is required if `sfu.enabled` and `keysYaml` is not used. It will be generated by the `initSecrets` job if it is empty", "secret", initIfAbsent=False, commented=True) | indent(2) }}
 
-{{- sub_schema_values.ingress() -}}
-{{- sub_schema_values.extraEnv() }}
-
 replicas: 1
+{{- sub_schema_values.ingress() }}
 {{- sub_schema_values.image(registry='ghcr.io', repository='element-hq/lk-jwt-service', tag='0.2.3') }}
 {{- sub_schema_values.labels() }}
 {{- sub_schema_values.workloadAnnotations() }}
 {{- sub_schema_values.containersSecurityContext() }}
+{{- sub_schema_values.extraEnv() }}
 {{- sub_schema_values.nodeSelector() }}
 {{- sub_schema_values.podSecurityContext(user_id='10033', group_id='10033') }}
 {{- sub_schema_values.resources(requests_memory='20Mi', requests_cpu='50m', limits_memory='20Mi') }}

charts/matrix-stack/source/matrixAuthenticationService.yaml.j2

@@ -68,6 +68,7 @@ syn2mas:
   {{- sub_schema_values.podSecurityContext(user_id='10005', group_id='10005') | indent(2) -}}
   {{- sub_schema_values.resources(requests_memory='50Mi', requests_cpu='50m', limits_memory='350Mi') | indent(2) -}}
   {{- sub_schema_values.serviceAccount() | indent(2) -}}
+  {{- sub_schema_values.extraEnv() | indent(2) -}}
   {{- sub_schema_values.tolerations() | indent(2) }}
 
   ## Runs the syn2mas process in dryRun mode.

charts/matrix-stack/source/postgres.yaml.j2

@@ -8,7 +8,8 @@ enabled: true
 postgresExporter:
   {{- sub_schema_values.image(registry='docker.io', repository='prometheuscommunity/postgres-exporter', tag='v0.17.0') | indent(2) }}
   {{- sub_schema_values.resources(requests_memory='10Mi', requests_cpu='10m', limits_memory='500Mi')| indent(2) }}
-  {{- sub_schema_values.containersSecurityContext()| indent(2) }}
+  {{- sub_schema_values.containersSecurityContext() | indent(2) }}
+  {{- sub_schema_values.extraEnv() | indent(2) }}
   {{- sub_schema_values.probe("liveness", periodSeconds=6, timeoutSeconds=2) | indent(2) }}
   {{- sub_schema_values.probe("readiness", periodSeconds=2, successThreshold=2, timeoutSeconds=2) | indent(2) }}
   {{- sub_schema_values.probe("startup", failureThreshold=20, periodSeconds=2) | indent(2) }}

charts/matrix-stack/templates/deployment-markers/_helpers.tpl

@@ -77,19 +77,11 @@ app.kubernetes.io/version: {{ include "element-io.ess-library.labels.makeSafe" $
 {{- end }}
 {{- end }}
 
-{{- define "element-io.deployment-markers.env" }}
+{{- define "element-io.deployment-markers.overrideEnv" }}
 {{- $root := .root -}}
-{{- with required "element-io.deployment-markers.env missing context" .context -}}
-{{- $resultEnv := dict -}}
-{{- range $envEntry := .extraEnv -}}
-{{- $_ := set $resultEnv $envEntry.name $envEntry.value -}}
-{{- end -}}
-{{- $overrideEnv := dict "NAMESPACE" $root.Release.Namespace
--}}
-{{- $resultEnv := mustMergeOverwrite $resultEnv $overrideEnv -}}
-{{- range $key, $value := $resultEnv }}
-- name: {{ $key | quote }}
-  value: {{ $value | quote }}
-{{- end -}}
+{{- with required "element-io.deployment-markers.overrideEnv missing context" .context -}}
+env:
+- name: "NAMESPACE"
+  value: {{ $root.Release.Namespace | quote }}
 {{- end -}}
 {{- end -}}

charts/matrix-stack/templates/deployment-markers/job.yaml

@@ -57,8 +57,7 @@ spec:
         resources:
           {{- toYaml . | nindent 10 }}
 {{- end }}
-        env:
-        {{- include "element-io.deployment-markers.env" (dict "root" $ "context" .) | nindent 8 }}
+        {{- include "element-io.ess-library.pods.env" (dict "root" $ "context" (dict "componentValues" . "componentName" "deployment-markers")) | nindent 8 }}
         command:
         - "/matrix-tools"
         - "deployment-markers"

charts/matrix-stack/templates/element-web/_helpers.tpl

@@ -26,24 +26,18 @@ app.kubernetes.io/version: {{ include "element-io.ess-library.labels.makeSafe" .
 {{- end }}
 {{- end }}
 
-{{- define "element-io.element-web.env" -}}
+{{- define "element-io.element-web.overrideEnv" -}}
 {{- $root := .root -}}
-{{- with required "element-io.element-web.env missing context" .context -}}
-{{- $resultEnv := dict -}}
+{{- with required "element-io.element-web.overrideEnv missing context" .context -}}
 {{- /*
 https://github.com/nginxinc/docker-nginx/blob/1.26.1/entrypoint/20-envsubst-on-templates.sh#L31-L45
 If pods run with a GID of 0 this makes $output_dir to appear writable to sh, however
 due to running with a read-only FS the actual writing later fails. We short circuit this by using an
 invalid template directory and so templating as a whole is skipped by the script
 */ -}}
-{{- $_ := set $resultEnv "NGINX_ENVSUBST_TEMPLATE_DIR" "/non-existant-so-that-this-works-with-read-only-root-filesystem" -}}
-{{- range $envEntry := .extraEnv -}}
-{{- $_ := set $resultEnv $envEntry.name $envEntry.value -}}
-{{- end -}}
-{{- range $key, $value := $resultEnv }}
-- name: {{ $key | quote }}
-  value: {{ $value | quote }}
-{{- end -}}
+env:
+- name: "NGINX_ENVSUBST_TEMPLATE_DIR"
+  value: "/non-existant-so-that-this-works-with-read-only-root-filesystem"
 {{- end -}}
 {{- end -}}
 

charts/matrix-stack/templates/element-web/deployment.yaml

@@ -43,8 +43,7 @@ spec:
         imagePullPolicy: {{ .pullPolicy | default "Always" }}
 {{- end }}
 {{- end }}
-        env:
-        {{- include "element-io.element-web.env" (dict "root" $ "context" .) | nindent 10 }}
+        {{- include "element-io.ess-library.pods.env" (dict "root" $ "context" (dict "componentValues" . "componentName" "element-web")) | nindent 8 }}
 {{- with .containersSecurityContext }}
         securityContext:
           {{- toYaml . | nindent 10 }}

charts/matrix-stack/templates/ess-library/_pods.tpl

@@ -118,3 +118,27 @@ successThreshold: {{ . }}
 timeoutSeconds: {{ . }}
 {{- end }}
 {{- end }}
+
+{{- define "element-io.ess-library.pods.env" -}}
+{{- $root := .root -}}
+{{- with required "element-io.ess-library.pods.env missing context" .context -}}
+{{- $componentValues := required "element-io.ess-library.pods.env missing context.componentValues" .componentValues -}}
+{{- $resultEnv := dict -}}
+{{- range $envEntry := $componentValues.extraEnv -}}
+{{- $_ := set $resultEnv $envEntry.name $envEntry -}}
+{{- end -}}
+{{- $componentName := required "element-io.ess-library.pods.env missing context.componentName" .componentName -}}
+{{- $overrideEnvType := .overrideEnvSuffix | default "overrideEnv" -}}
+{{- $overrideEnvDocument := include (printf "element-io.%s.%s" $componentName $overrideEnvType) (dict "root" $root "context" $componentValues) -}}
+{{- $overrideEnvYaml := $overrideEnvDocument | fromYaml -}}
+{{- range $envEntry := $overrideEnvYaml.env -}}
+{{- $_ := set $resultEnv $envEntry.name $envEntry -}}
+{{- end -}}
+{{- with $resultEnv }}
+env:
+{{- range $key, $fullEnvEntry := . }}
+- {{ $fullEnvEntry | toYaml | indent 2 | trim }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}

charts/matrix-stack/templates/ess-library/_render_config.tpl

@@ -53,9 +53,7 @@ SPDX-License-Identifier: AGPL-3.0-only
     {{- range $overrides }}
   - /config-templates/{{ . }}
     {{- end }}
-  env:
-  {{- include (printf "element-io.%s.matrixToolsEnv" $nameSuffix) (dict "root" $root "context" .) | nindent 2 }}
-  {{- include (printf "element-io.%s.env" $nameSuffix) (dict "root" $root "context" .) | nindent 2 }}
+  {{- include "element-io.ess-library.pods.env" (dict "root" $root "context" (dict "componentValues" . "componentName" $nameSuffix "overrideEnvSuffix" "renderConfigOverrideEnv")) | nindent 2 }}
 {{- with .resources }}
   resources:
     {{- toYaml . | nindent 4 }}