Feat: Secret Environment Variables

[rblaine95]

Original PR Description:

• Add optional remoteAuthHeaders value
• Populating the value creates a Kubernetes Secret
• envFrom is used to inject secret keys/values as environment
  variables

My take on #94

Updated:
Made the feature more generic and renamed it to secretEnvVars
Allows you to pass sensitive environment variables to the container via a k8s secret.
Use case would be similar to #94 (comment)

# values.yaml
secretEnvVars:
  FOO_TOKEN: supersecrettoken

# verdaccio config.yaml
uplinks:
  private:
    url: https://private-registry.domain.com/registry
    auth:
      type: bearer
      token_env: FOO_TOKEN

[rblaine95]

# helm template verdaccio --set remoteAuthHeaders.foo=bar -s templates/secret.yaml -s templates/deployment.yaml ./charts/verdaccio
---
# Source: verdaccio/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: verdaccio
  labels:
    helm.sh/chart: verdaccio-4.8.0
    app.kubernetes.io/name: verdaccio
    app.kubernetes.io/instance: verdaccio
    app.kubernetes.io/version: "5.5.0"
    app.kubernetes.io/managed-by: Helm
    app: verdaccio
stringData:
  AUTH_FOO: bar
---
# Source: verdaccio/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: verdaccio
  labels:
    helm.sh/chart: verdaccio-4.8.0
    app.kubernetes.io/name: verdaccio
    app.kubernetes.io/instance: verdaccio
    app.kubernetes.io/version: "5.5.0"
    app.kubernetes.io/managed-by: Helm
    app: verdaccio
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: verdaccio
      app.kubernetes.io/instance: verdaccio
[...]
      containers:
        - name: verdaccio
          image: "verdaccio/verdaccio:5.2.0"
          imagePullPolicy: IfNotPresent
          envFrom:
            - secretRef:
                name: verdaccio
          ports:
            - containerPort: 4873
              name: http
[...]

[rblaine95]

I'm keeping this as a WIP/Draft PR as I don't have a k8s cluster at hand to test that the environment variables are successfully injected into the pod.

@juanpicado, does Verdaccio currently look for AUTH_* environment variables for authenticating with private upstreams as described in #94?

[juanpicado]

I'm keeping this as a WIP/Draft PR as I don't have a k8s cluster at hand to test that the environment variables are successfully injected into the pod.

@juanpicado, does Verdaccio currently look for AUTH_* environment variables for authenticating with private upstreams as described in #94?

Nop

[rblaine95]

Tested helm install verdaccio -n test --set remoteAuthHeaders.foo=bar ./charts/verdaccio in a k8s cluster.
Exec'd into the pod (kubectl exec -ti verdaccio-745f85f97d-lf5km -- sh) and verified that the environment variable was successfully injected.

$ env | grep AUTH
AUTH_FOO=bar

[rblaine95]

Seeing as you can specify an env variable for verdaccio to grab a token from (docs), I think I'm going to remove the AUTH_ prepend.

Edit: Maybe change this from remoteAuthHeaders to secretEnvVars or something?

[juanpicado]

LGTM great addition @rblaine95

[juanpicado]

I think this worth to be mentioned either

• https://github.com/verdaccio/verdaccio/blob/master/website/docs/uplinks.md
  or
• https://github.com/verdaccio/verdaccio/blob/master/website/docs/kubernetes.md

Probably first, according my stats people rarely arrive on this repo.

[juanpicado]

I'll merge, thanks @rblaine95 I don't want to delay more this interesting feature

[rblaine95]

Thank you @juanpicado

Would you like me to take a look at updating the documentation at verdaccio/verdaccio/website/docs/uplinks.md and/or verdaccio/verdaccio/website/docs/kubernetes.md to reference this feature?

[juanpicado]

Yes please, that would be awesome, I'm now fully focused on rewrite the core 😓 for v6.