diff --git a/api/core/v1beta1/connect_types.go b/api/core/v1beta1/connect_types.go index 300b730..1a8e54c 100644 --- a/api/core/v1beta1/connect_types.go +++ b/api/core/v1beta1/connect_types.go @@ -84,8 +84,15 @@ type ConnectSpec struct { NodeSelector map[string]string `json:"nodeSelector,omitempty"` // AddEnv adds arbitrary environment variables to the container env + // + // Deprecated: use envVars instead. If the same variable name is set in both + // addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + // and Kubernetes resolves a duplicate env var name to the last occurrence. AddEnv map[string]string `json:"addEnv,omitempty"` + // EnvVars adds environment variables to the container, supporting valueFrom (e.g. secretKeyRef). + EnvVars []corev1.EnvVar `json:"envVars,omitempty"` + OffHostExecution bool `json:"offHostExecution,omitempty"` // AdditionalRuntimeImages specifies additional runtime images to append to the defaults diff --git a/api/core/v1beta1/packagemanager_types.go b/api/core/v1beta1/packagemanager_types.go index 3ee2b93..d433fc2 100644 --- a/api/core/v1beta1/packagemanager_types.go +++ b/api/core/v1beta1/packagemanager_types.go @@ -43,8 +43,15 @@ type PackageManagerSpec struct { NodeSelector map[string]string `json:"nodeSelector,omitempty"` // AddEnv adds arbitrary environment variables to the container env + // + // Deprecated: use envVars instead. If the same variable name is set in both + // addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + // and Kubernetes resolves a duplicate env var name to the last occurrence. AddEnv map[string]string `json:"addEnv,omitempty"` + // EnvVars adds environment variables to the container, supporting valueFrom (e.g. secretKeyRef). + EnvVars []v1.EnvVar `json:"envVars,omitempty"` + Image string `json:"image,omitempty"` ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` diff --git a/api/core/v1beta1/site_types.go b/api/core/v1beta1/site_types.go index e0236e1..0fdb0d0 100644 --- a/api/core/v1beta1/site_types.go +++ b/api/core/v1beta1/site_types.go @@ -213,8 +213,13 @@ type InternalPackageManagerSpec struct { NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // Deprecated: use envVars instead. If the same variable name is set in both + // addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + // and Kubernetes resolves a duplicate env var name to the last occurrence. AddEnv map[string]string `json:"addEnv,omitempty"` + EnvVars []corev1.EnvVar `json:"envVars,omitempty"` + Image string `json:"image,omitempty"` ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"` @@ -281,8 +286,13 @@ type InternalConnectSpec struct { // when they first log in via OAuth2/OIDC. Only applies when auth type is "oidc". RegisterOnFirstLogin *bool `json:"registerOnFirstLogin,omitempty"` + // Deprecated: use envVars instead. If the same variable name is set in both + // addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + // and Kubernetes resolves a duplicate env var name to the last occurrence. AddEnv map[string]string `json:"addEnv,omitempty"` + EnvVars []corev1.EnvVar `json:"envVars,omitempty"` + Image string `json:"image,omitempty"` SessionImage string `json:"sessionImage,omitempty"` @@ -414,8 +424,13 @@ type InternalWorkbenchSpec struct { // If not specified, no superuser groups will be configured AdminSuperuserGroups []string `json:"adminSuperuserGroups,omitempty"` + // Deprecated: use envVars instead. If the same variable name is set in both + // addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + // and Kubernetes resolves a duplicate env var name to the last occurrence. AddEnv map[string]string `json:"addEnv,omitempty"` + EnvVars []corev1.EnvVar `json:"envVars,omitempty"` + Auth AuthSpec `json:"auth,omitempty"` Image string `json:"image,omitempty"` diff --git a/api/core/v1beta1/workbench_types.go b/api/core/v1beta1/workbench_types.go index a26e1b5..a8c889d 100644 --- a/api/core/v1beta1/workbench_types.go +++ b/api/core/v1beta1/workbench_types.go @@ -61,8 +61,15 @@ type WorkbenchSpec struct { Tolerations []corev1.Toleration `json:"tolerations,omitempty"` // AddEnv adds arbitrary environment variables to the container env + // + // Deprecated: use envVars instead. If the same variable name is set in both + // addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + // and Kubernetes resolves a duplicate env var name to the last occurrence. AddEnv map[string]string `json:"addEnv,omitempty"` + // EnvVars adds environment variables to the container, supporting valueFrom (e.g. secretKeyRef). + EnvVars []corev1.EnvVar `json:"envVars,omitempty"` + OffHostExecution bool `json:"offHostExecution,omitempty"` Image string `json:"image,omitempty"` diff --git a/api/core/v1beta1/zz_generated.deepcopy.go b/api/core/v1beta1/zz_generated.deepcopy.go index be0b967..34a301c 100644 --- a/api/core/v1beta1/zz_generated.deepcopy.go +++ b/api/core/v1beta1/zz_generated.deepcopy.go @@ -896,6 +896,13 @@ func (in *ConnectSpec) DeepCopyInto(out *ConnectSpec) { (*out)[key] = val } } + if in.EnvVars != nil { + in, out := &in.EnvVars, &out.EnvVars + *out = make([]v1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AdditionalRuntimeImages != nil { in, out := &in.AdditionalRuntimeImages, &out.AdditionalRuntimeImages *out = make([]ConnectRuntimeImageSpec, len(*in)) @@ -1228,6 +1235,13 @@ func (in *InternalConnectSpec) DeepCopyInto(out *InternalConnectSpec) { (*out)[key] = val } } + if in.EnvVars != nil { + in, out := &in.EnvVars, &out.EnvVars + *out = make([]v1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Databricks != nil { in, out := &in.Databricks, &out.Databricks *out = new(DatabricksConfig) @@ -1341,6 +1355,13 @@ func (in *InternalPackageManagerSpec) DeepCopyInto(out *InternalPackageManagerSp (*out)[key] = val } } + if in.EnvVars != nil { + in, out := &in.EnvVars, &out.EnvVars + *out = make([]v1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GitSSHKeys != nil { in, out := &in.GitSSHKeys, &out.GitSSHKeys *out = make([]SSHKeyConfig, len(*in)) @@ -1495,6 +1516,13 @@ func (in *InternalWorkbenchSpec) DeepCopyInto(out *InternalWorkbenchSpec) { (*out)[key] = val } } + if in.EnvVars != nil { + in, out := &in.EnvVars, &out.EnvVars + *out = make([]v1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } in.Auth.DeepCopyInto(&out.Auth) if in.ExtraSessionImages != nil { in, out := &in.ExtraSessionImages, &out.ExtraSessionImages @@ -1966,6 +1994,13 @@ func (in *PackageManagerSpec) DeepCopyInto(out *PackageManagerSpec) { (*out)[key] = val } } + if in.EnvVars != nil { + in, out := &in.EnvVars, &out.EnvVars + *out = make([]v1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } out.Secret = in.Secret out.WorkloadSecret = in.WorkloadSecret out.MainDatabaseCredentialSecret = in.MainDatabaseCredentialSecret @@ -3364,6 +3399,13 @@ func (in *WorkbenchSpec) DeepCopyInto(out *WorkbenchSpec) { (*out)[key] = val } } + if in.EnvVars != nil { + in, out := &in.EnvVars, &out.EnvVars + *out = make([]v1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } out.Snowflake = in.Snowflake if in.AdditionalVolumes != nil { in, out := &in.AdditionalVolumes, &out.AdditionalVolumes diff --git a/client-go/applyconfiguration/core/v1beta1/connectspec.go b/client-go/applyconfiguration/core/v1beta1/connectspec.go index 6cd407f..0148e1b 100644 --- a/client-go/applyconfiguration/core/v1beta1/connectspec.go +++ b/client-go/applyconfiguration/core/v1beta1/connectspec.go @@ -26,6 +26,7 @@ type ConnectSpecApplyConfiguration struct { ImagePullSecrets []string `json:"imagePullSecrets,omitempty"` NodeSelector map[string]string `json:"nodeSelector,omitempty"` AddEnv map[string]string `json:"addEnv,omitempty"` + EnvVars []v1.EnvVar `json:"envVars,omitempty"` OffHostExecution *bool `json:"offHostExecution,omitempty"` AdditionalRuntimeImages []ConnectRuntimeImageSpecApplyConfiguration `json:"additionalRuntimeImages,omitempty"` Image *string `json:"image,omitempty"` @@ -178,6 +179,16 @@ func (b *ConnectSpecApplyConfiguration) WithAddEnv(entries map[string]string) *C return b } +// WithEnvVars adds the given value to the EnvVars field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EnvVars field. +func (b *ConnectSpecApplyConfiguration) WithEnvVars(values ...v1.EnvVar) *ConnectSpecApplyConfiguration { + for i := range values { + b.EnvVars = append(b.EnvVars, values[i]) + } + return b +} + // WithOffHostExecution sets the OffHostExecution field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the OffHostExecution field is set to the value of the last call. diff --git a/client-go/applyconfiguration/core/v1beta1/internalconnectspec.go b/client-go/applyconfiguration/core/v1beta1/internalconnectspec.go index 9462919..ac1809f 100644 --- a/client-go/applyconfiguration/core/v1beta1/internalconnectspec.go +++ b/client-go/applyconfiguration/core/v1beta1/internalconnectspec.go @@ -21,6 +21,7 @@ type InternalConnectSpecApplyConfiguration struct { Auth *AuthSpecApplyConfiguration `json:"auth,omitempty"` RegisterOnFirstLogin *bool `json:"registerOnFirstLogin,omitempty"` AddEnv map[string]string `json:"addEnv,omitempty"` + EnvVars []v1.EnvVar `json:"envVars,omitempty"` Image *string `json:"image,omitempty"` SessionImage *string `json:"sessionImage,omitempty"` ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"` @@ -120,6 +121,16 @@ func (b *InternalConnectSpecApplyConfiguration) WithAddEnv(entries map[string]st return b } +// WithEnvVars adds the given value to the EnvVars field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EnvVars field. +func (b *InternalConnectSpecApplyConfiguration) WithEnvVars(values ...v1.EnvVar) *InternalConnectSpecApplyConfiguration { + for i := range values { + b.EnvVars = append(b.EnvVars, values[i]) + } + return b +} + // WithImage sets the Image field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Image field is set to the value of the last call. diff --git a/client-go/applyconfiguration/core/v1beta1/internalpackagemanagerspec.go b/client-go/applyconfiguration/core/v1beta1/internalpackagemanagerspec.go index 4d71e35..aad28be 100644 --- a/client-go/applyconfiguration/core/v1beta1/internalpackagemanagerspec.go +++ b/client-go/applyconfiguration/core/v1beta1/internalpackagemanagerspec.go @@ -19,6 +19,7 @@ type InternalPackageManagerSpecApplyConfiguration struct { Volume *product.VolumeSpec `json:"volume,omitempty"` NodeSelector map[string]string `json:"nodeSelector,omitempty"` AddEnv map[string]string `json:"addEnv,omitempty"` + EnvVars []v1.EnvVar `json:"envVars,omitempty"` Image *string `json:"image,omitempty"` ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"` S3Bucket *string `json:"s3Bucket,omitempty"` @@ -98,6 +99,16 @@ func (b *InternalPackageManagerSpecApplyConfiguration) WithAddEnv(entries map[st return b } +// WithEnvVars adds the given value to the EnvVars field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EnvVars field. +func (b *InternalPackageManagerSpecApplyConfiguration) WithEnvVars(values ...v1.EnvVar) *InternalPackageManagerSpecApplyConfiguration { + for i := range values { + b.EnvVars = append(b.EnvVars, values[i]) + } + return b +} + // WithImage sets the Image field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Image field is set to the value of the last call. diff --git a/client-go/applyconfiguration/core/v1beta1/internalworkbenchspec.go b/client-go/applyconfiguration/core/v1beta1/internalworkbenchspec.go index 9b51875..4ae9333 100644 --- a/client-go/applyconfiguration/core/v1beta1/internalworkbenchspec.go +++ b/client-go/applyconfiguration/core/v1beta1/internalworkbenchspec.go @@ -28,6 +28,7 @@ type InternalWorkbenchSpecApplyConfiguration struct { AdminGroups []string `json:"adminGroups,omitempty"` AdminSuperuserGroups []string `json:"adminSuperuserGroups,omitempty"` AddEnv map[string]string `json:"addEnv,omitempty"` + EnvVars []v1.EnvVar `json:"envVars,omitempty"` Auth *AuthSpecApplyConfiguration `json:"auth,omitempty"` Image *string `json:"image,omitempty"` ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"` @@ -199,6 +200,16 @@ func (b *InternalWorkbenchSpecApplyConfiguration) WithAddEnv(entries map[string] return b } +// WithEnvVars adds the given value to the EnvVars field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EnvVars field. +func (b *InternalWorkbenchSpecApplyConfiguration) WithEnvVars(values ...v1.EnvVar) *InternalWorkbenchSpecApplyConfiguration { + for i := range values { + b.EnvVars = append(b.EnvVars, values[i]) + } + return b +} + // WithAuth sets the Auth field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Auth field is set to the value of the last call. diff --git a/client-go/applyconfiguration/core/v1beta1/packagemanagerspec.go b/client-go/applyconfiguration/core/v1beta1/packagemanagerspec.go index e3bed62..3113f36 100644 --- a/client-go/applyconfiguration/core/v1beta1/packagemanagerspec.go +++ b/client-go/applyconfiguration/core/v1beta1/packagemanagerspec.go @@ -25,6 +25,7 @@ type PackageManagerSpecApplyConfiguration struct { ImagePullSecrets []string `json:"imagePullSecrets,omitempty"` NodeSelector map[string]string `json:"nodeSelector,omitempty"` AddEnv map[string]string `json:"addEnv,omitempty"` + EnvVars []v1.EnvVar `json:"envVars,omitempty"` Image *string `json:"image,omitempty"` ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"` Sleep *bool `json:"sleep,omitempty"` @@ -163,6 +164,16 @@ func (b *PackageManagerSpecApplyConfiguration) WithAddEnv(entries map[string]str return b } +// WithEnvVars adds the given value to the EnvVars field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EnvVars field. +func (b *PackageManagerSpecApplyConfiguration) WithEnvVars(values ...v1.EnvVar) *PackageManagerSpecApplyConfiguration { + for i := range values { + b.EnvVars = append(b.EnvVars, values[i]) + } + return b +} + // WithImage sets the Image field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Image field is set to the value of the last call. diff --git a/client-go/applyconfiguration/core/v1beta1/workbenchspec.go b/client-go/applyconfiguration/core/v1beta1/workbenchspec.go index c20a5d4..a5532d5 100644 --- a/client-go/applyconfiguration/core/v1beta1/workbenchspec.go +++ b/client-go/applyconfiguration/core/v1beta1/workbenchspec.go @@ -31,6 +31,7 @@ type WorkbenchSpecApplyConfiguration struct { NodeSelector map[string]string `json:"nodeSelector,omitempty"` Tolerations []v1.Toleration `json:"tolerations,omitempty"` AddEnv map[string]string `json:"addEnv,omitempty"` + EnvVars []v1.EnvVar `json:"envVars,omitempty"` OffHostExecution *bool `json:"offHostExecution,omitempty"` Image *string `json:"image,omitempty"` ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"` @@ -225,6 +226,16 @@ func (b *WorkbenchSpecApplyConfiguration) WithAddEnv(entries map[string]string) return b } +// WithEnvVars adds the given value to the EnvVars field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EnvVars field. +func (b *WorkbenchSpecApplyConfiguration) WithEnvVars(values ...v1.EnvVar) *WorkbenchSpecApplyConfiguration { + for i := range values { + b.EnvVars = append(b.EnvVars, values[i]) + } + return b +} + // WithOffHostExecution sets the OffHostExecution field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the OffHostExecution field is set to the value of the last call. diff --git a/config/crd/bases/core.posit.team_connects.yaml b/config/crd/bases/core.posit.team_connects.yaml index a93c9d0..d3b4727 100644 --- a/config/crd/bases/core.posit.team_connects.yaml +++ b/config/crd/bases/core.posit.team_connects.yaml @@ -55,8 +55,12 @@ spec: addEnv: additionalProperties: type: string - description: AddEnv adds arbitrary environment variables to the container - env + description: |- + AddEnv adds arbitrary environment variables to the container env + + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalRuntimeImages: description: |- @@ -461,6 +465,164 @@ spec: description: DsnSecret is the name of the secret that contains the DSN to include with all Connect sessions type: string + envVars: + description: EnvVars adds environment variables to the container, + supporting valueFrom (e.g. secretKeyRef). + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array image: type: string imagePullPolicy: diff --git a/config/crd/bases/core.posit.team_packagemanagers.yaml b/config/crd/bases/core.posit.team_packagemanagers.yaml index 69187d1..d7937c6 100644 --- a/config/crd/bases/core.posit.team_packagemanagers.yaml +++ b/config/crd/bases/core.posit.team_packagemanagers.yaml @@ -55,8 +55,12 @@ spec: addEnv: additionalProperties: type: string - description: AddEnv adds arbitrary environment variables to the container - env + description: |- + AddEnv adds arbitrary environment variables to the container env + + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object awsAccountId: description: AwsAccountId is the account Id for this AWS Account. @@ -240,6 +244,164 @@ spec: sslMode: type: string type: object + envVars: + description: EnvVars adds environment variables to the container, + supporting valueFrom (e.g. secretKeyRef). + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array gitSSHKeys: description: |- GitSSHKeys defines SSH key configurations for Git authentication diff --git a/config/crd/bases/core.posit.team_sites.yaml b/config/crd/bases/core.posit.team_sites.yaml index e02c75d..044ad73 100644 --- a/config/crd/bases/core.posit.team_sites.yaml +++ b/config/crd/bases/core.posit.team_sites.yaml @@ -96,6 +96,10 @@ spec: addEnv: additionalProperties: type: string + description: |- + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalConfig: description: AdditionalConfig allows appending arbitrary gcfg @@ -223,6 +227,163 @@ spec: but preserves PVC, database, and secrets so data is retained. Re-enabling restores full service without data loss. type: boolean + envVars: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array experimentalFeatures: properties: chronicleSidecarProductApiKeyEnabled: @@ -649,6 +810,10 @@ spec: addEnv: additionalProperties: type: string + description: |- + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalConfig: description: AdditionalConfig allows appending arbitrary gcfg @@ -736,6 +901,163 @@ spec: but preserves PVC, database, and secrets so data is retained. Re-enabling restores full service without data loss. type: boolean + envVars: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array gitSSHKeys: description: |- GitSSHKeys defines SSH key configurations for Git authentication in Package Manager @@ -949,6 +1271,10 @@ spec: addEnv: additionalProperties: type: string + description: |- + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalConfigs: additionalProperties: @@ -1182,6 +1508,163 @@ spec: but preserves PVC, database, and secrets so data is retained. Re-enabling restores full service without data loss. type: boolean + envVars: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array experimentalFeatures: description: ExperimentalFeatures allows enabling miscellaneous experimental features for workbench diff --git a/config/crd/bases/core.posit.team_workbenches.yaml b/config/crd/bases/core.posit.team_workbenches.yaml index 98b26d1..3d4a3d9 100644 --- a/config/crd/bases/core.posit.team_workbenches.yaml +++ b/config/crd/bases/core.posit.team_workbenches.yaml @@ -55,8 +55,12 @@ spec: addEnv: additionalProperties: type: string - description: AddEnv adds arbitrary environment variables to the container - env + description: |- + AddEnv adds arbitrary environment variables to the container env + + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalVolumes: description: AdditionalVolumes represents additional VolumeSpec's @@ -652,6 +656,164 @@ spec: description: DsnSecret is the name of the secret that contains the DSN to include with all Workbench sessions type: string + envVars: + description: EnvVars adds environment variables to the container, + supporting valueFrom (e.g. secretKeyRef). + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array image: type: string imagePullPolicy: diff --git a/dist/chart/templates/crd/core.posit.team_connects.yaml b/dist/chart/templates/crd/core.posit.team_connects.yaml index 27ebb68..bc705fd 100755 --- a/dist/chart/templates/crd/core.posit.team_connects.yaml +++ b/dist/chart/templates/crd/core.posit.team_connects.yaml @@ -76,8 +76,12 @@ spec: addEnv: additionalProperties: type: string - description: AddEnv adds arbitrary environment variables to the container - env + description: |- + AddEnv adds arbitrary environment variables to the container env + + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalRuntimeImages: description: |- @@ -482,6 +486,164 @@ spec: description: DsnSecret is the name of the secret that contains the DSN to include with all Connect sessions type: string + envVars: + description: EnvVars adds environment variables to the container, + supporting valueFrom (e.g. secretKeyRef). + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array image: type: string imagePullPolicy: diff --git a/dist/chart/templates/crd/core.posit.team_packagemanagers.yaml b/dist/chart/templates/crd/core.posit.team_packagemanagers.yaml index 7eef9ac..567dfbb 100755 --- a/dist/chart/templates/crd/core.posit.team_packagemanagers.yaml +++ b/dist/chart/templates/crd/core.posit.team_packagemanagers.yaml @@ -76,8 +76,12 @@ spec: addEnv: additionalProperties: type: string - description: AddEnv adds arbitrary environment variables to the container - env + description: |- + AddEnv adds arbitrary environment variables to the container env + + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object awsAccountId: description: AwsAccountId is the account Id for this AWS Account. @@ -261,6 +265,164 @@ spec: sslMode: type: string type: object + envVars: + description: EnvVars adds environment variables to the container, + supporting valueFrom (e.g. secretKeyRef). + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array gitSSHKeys: description: |- GitSSHKeys defines SSH key configurations for Git authentication diff --git a/dist/chart/templates/crd/core.posit.team_sites.yaml b/dist/chart/templates/crd/core.posit.team_sites.yaml index 544c11d..0155081 100755 --- a/dist/chart/templates/crd/core.posit.team_sites.yaml +++ b/dist/chart/templates/crd/core.posit.team_sites.yaml @@ -117,6 +117,10 @@ spec: addEnv: additionalProperties: type: string + description: |- + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalConfig: description: AdditionalConfig allows appending arbitrary gcfg @@ -244,6 +248,163 @@ spec: but preserves PVC, database, and secrets so data is retained. Re-enabling restores full service without data loss. type: boolean + envVars: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array experimentalFeatures: properties: chronicleSidecarProductApiKeyEnabled: @@ -670,6 +831,10 @@ spec: addEnv: additionalProperties: type: string + description: |- + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalConfig: description: AdditionalConfig allows appending arbitrary gcfg @@ -757,6 +922,163 @@ spec: but preserves PVC, database, and secrets so data is retained. Re-enabling restores full service without data loss. type: boolean + envVars: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array gitSSHKeys: description: |- GitSSHKeys defines SSH key configurations for Git authentication in Package Manager @@ -970,6 +1292,10 @@ spec: addEnv: additionalProperties: type: string + description: |- + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalConfigs: additionalProperties: @@ -1203,6 +1529,163 @@ spec: but preserves PVC, database, and secrets so data is retained. Re-enabling restores full service without data loss. type: boolean + envVars: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array experimentalFeatures: description: ExperimentalFeatures allows enabling miscellaneous experimental features for workbench diff --git a/dist/chart/templates/crd/core.posit.team_workbenches.yaml b/dist/chart/templates/crd/core.posit.team_workbenches.yaml index 6e6daca..6c9c61b 100755 --- a/dist/chart/templates/crd/core.posit.team_workbenches.yaml +++ b/dist/chart/templates/crd/core.posit.team_workbenches.yaml @@ -76,8 +76,12 @@ spec: addEnv: additionalProperties: type: string - description: AddEnv adds arbitrary environment variables to the container - env + description: |- + AddEnv adds arbitrary environment variables to the container env + + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalVolumes: description: AdditionalVolumes represents additional VolumeSpec's @@ -673,6 +677,164 @@ spec: description: DsnSecret is the name of the secret that contains the DSN to include with all Workbench sessions type: string + envVars: + description: EnvVars adds environment variables to the container, + supporting valueFrom (e.g. secretKeyRef). + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array image: type: string imagePullPolicy: diff --git a/docs/api-reference.md b/docs/api-reference.md index b025a53..3c8fd3d 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -142,7 +142,8 @@ The Connect CRD manages standalone Posit Connect deployments. When using the Sit | `.spec.ingressAnnotations` | `map[string]string` | No | Ingress annotations | | `.spec.imagePullSecrets` | `[]string` | No | Image pull secrets | | `.spec.nodeSelector` | `map[string]string` | No | Node selector for pod scheduling | -| `.spec.addEnv` | `map[string]string` | No | Additional environment variables | +| `.spec.addEnv` | `map[string]string` | No | Additional environment variables. **Deprecated:** use `envVars`; on a name conflict `envVars` wins. | +| `.spec.envVars` | `[]EnvVar` | No | Environment variables for the container, supporting `valueFrom` (e.g. `secretKeyRef`) | | `.spec.offHostExecution` | `bool` | No | Enable off-host execution (Kubernetes launcher) | | `.spec.image` | `string` | No | Connect container image | | `.spec.imagePullPolicy` | `PullPolicy` | No | Image pull policy | @@ -231,7 +232,8 @@ The Workbench CRD manages standalone Posit Workbench deployments. When using the | `.spec.imagePullSecrets` | `[]string` | No | Image pull secrets | | `.spec.nodeSelector` | `map[string]string` | No | Node selector for pod scheduling | | `.spec.tolerations` | `[]Toleration` | No | Pod tolerations | -| `.spec.addEnv` | `map[string]string` | No | Additional environment variables | +| `.spec.addEnv` | `map[string]string` | No | Additional environment variables. **Deprecated:** use `envVars`; on a name conflict `envVars` wins. | +| `.spec.envVars` | `[]EnvVar` | No | Environment variables for the container, supporting `valueFrom` (e.g. `secretKeyRef`) | | `.spec.offHostExecution` | `bool` | No | Enable off-host execution (Kubernetes launcher) | | `.spec.image` | `string` | No | Workbench container image | | `.spec.imagePullPolicy` | `PullPolicy` | No | Image pull policy | @@ -313,7 +315,8 @@ The PackageManager CRD manages standalone Posit Package Manager deployments. Whe | `.spec.ingressAnnotations` | `map[string]string` | No | Ingress annotations | | `.spec.imagePullSecrets` | `[]string` | No | Image pull secrets | | `.spec.nodeSelector` | `map[string]string` | No | Node selector for pod scheduling | -| `.spec.addEnv` | `map[string]string` | No | Additional environment variables | +| `.spec.addEnv` | `map[string]string` | No | Additional environment variables. **Deprecated:** use `envVars`; on a name conflict `envVars` wins. | +| `.spec.envVars` | `[]EnvVar` | No | Environment variables for the container, supporting `valueFrom` (e.g. `secretKeyRef`) | | `.spec.image` | `string` | No | Package Manager container image | | `.spec.imagePullPolicy` | `PullPolicy` | No | Image pull policy | | `.spec.sleep` | `bool` | No | Put service to sleep (debugging) | @@ -732,7 +735,8 @@ These types are used within the Site CRD for product configuration. | `.license` | `LicenseSpec` | License configuration | | `.volume` | `*VolumeSpec` | Data volume | | `.nodeSelector` | `map[string]string` | Node selector | -| `.addEnv` | `map[string]string` | Environment variables | +| `.addEnv` | `map[string]string` | Environment variables. **Deprecated:** use `envVars`; on a name conflict `envVars` wins. | +| `.envVars` | `[]EnvVar` | Environment variables for the container, supporting `valueFrom` (e.g. `secretKeyRef`) | | `.image` | `string` | Container image | | `.imagePullPolicy` | `PullPolicy` | Image pull policy | | `.s3Bucket` | `string` | S3 bucket for package storage | @@ -751,7 +755,8 @@ These types are used within the Site CRD for product configuration. | `.volume` | `*VolumeSpec` | Data volume | | `.nodeSelector` | `map[string]string` | Node selector | | `.auth` | `AuthSpec` | Authentication configuration | -| `.addEnv` | `map[string]string` | Environment variables | +| `.addEnv` | `map[string]string` | Environment variables. **Deprecated:** use `envVars`; on a name conflict `envVars` wins. | +| `.envVars` | `[]EnvVar` | Environment variables for the container, supporting `valueFrom` (e.g. `secretKeyRef`) | | `.image` | `string` | Container image | | `.sessionImage` | `string` | Session container image | | `.imagePullPolicy` | `PullPolicy` | Image pull policy | @@ -782,7 +787,8 @@ These types are used within the Site CRD for product configuration. | `.createUsersAutomatically` | `bool` | Auto-create users | | `.adminGroups` | `[]string` | Admin groups (default: ["workbench-admin"]) | | `.adminSuperuserGroups` | `[]string` | Superuser groups | -| `.addEnv` | `map[string]string` | Environment variables | +| `.addEnv` | `map[string]string` | Environment variables. **Deprecated:** use `envVars`; on a name conflict `envVars` wins. | +| `.envVars` | `[]EnvVar` | Environment variables for the container, supporting `valueFrom` (e.g. `secretKeyRef`) | | `.auth` | `AuthSpec` | Authentication configuration | | `.image` | `string` | Container image | | `.imagePullPolicy` | `PullPolicy` | Image pull policy | diff --git a/internal/controller/core/connect.go b/internal/controller/core/connect.go index 6a6aa84..2f39b8b 100644 --- a/internal/controller/core/connect.go +++ b/internal/controller/core/connect.go @@ -684,6 +684,7 @@ func (r *ConnectReconciler) ensureDeployedService(ctx context.Context, req ctrl. Value: c.ComponentName(), }, }, + c.Spec.EnvVars, ), Ports: []corev1.ContainerPort{ internal.DefaultPortConnectHTTP.ContainerPort("http"), diff --git a/internal/controller/core/connect_test.go b/internal/controller/core/connect_test.go index 3f31ce2..f915ada 100644 --- a/internal/controller/core/connect_test.go +++ b/internal/controller/core/connect_test.go @@ -528,6 +528,48 @@ func TestConnectReconciler_OIDC_DisableGroupsClaim(t *testing.T) { assert.NotContains(t, config, "GroupsClaim = groups", "GroupsClaim should not have the default 'groups' value") } +// TestConnectReconciler_EnvVars verifies that the envVars field, including a +// valueFrom.secretKeyRef entry, flows through to the rendered Connect +// container's Env. +func TestConnectReconciler_EnvVars(t *testing.T) { + ctx := context.Background() + ns := "posit-team" + name := "connect-env-vars" + + ctx, r, req, cli := initConnectReconciler(t, ctx, ns, name) + + plainEnv := corev1.EnvVar{ + Name: "CONNECT_ENVVARS_TEST", + Value: "plain-value", + } + secretEnv := corev1.EnvVar{ + Name: "CONNECT_ENVVARS_TEST_FROM_SECRET", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{Name: "my-secret"}, + Key: "api-key", + }, + }, + } + + c := defineDefaultConnect(t, ns, name) + c.Spec.EnvVars = []corev1.EnvVar{plainEnv, secretEnv} + + err := internal.BasicCreateOrUpdate(ctx, r, r.GetLogger(ctx), req.NamespacedName, &positcov1beta1.Connect{}, c) + require.NoError(t, err) + + c = getConnect(t, cli, ns, name) + + res, err := r.ReconcileConnect(ctx, req, c) + require.NoError(t, err) + require.True(t, res.IsZero()) + + deployment := getDeployment(t, cli, ns, c.ComponentName()) + container := deployment.Spec.Template.Spec.Containers[0] + assert.Contains(t, container.Env, plainEnv, "plain envVar should be rendered into the container Env") + assert.Contains(t, container.Env, secretEnv, "secretKeyRef envVar should be rendered into the container Env") +} + // TestConnectReconciler_Suspended verifies that when Connect has Suspended=true, // ReconcileConnect does not create serving resources (Deployment, Service, Ingress). func TestConnectReconciler_Suspended(t *testing.T) { diff --git a/internal/controller/core/package_manager.go b/internal/controller/core/package_manager.go index 730b123..c45d68a 100644 --- a/internal/controller/core/package_manager.go +++ b/internal/controller/core/package_manager.go @@ -521,6 +521,7 @@ func (r *PackageManagerReconciler) ensureDeployedService(ctx context.Context, re secretVolumeFactory.EnvVars(), product.StringMapToEnvVars(pm.Spec.AddEnv), []corev1.EnvVar{}, + pm.Spec.EnvVars, ), Ports: []corev1.ContainerPort{ internal.DefaultPortPackageManagerHTTP.ContainerPort("http"), diff --git a/internal/controller/core/package_manager_controller_test.go b/internal/controller/core/package_manager_controller_test.go index bb1d64a..a26c832 100644 --- a/internal/controller/core/package_manager_controller_test.go +++ b/internal/controller/core/package_manager_controller_test.go @@ -15,6 +15,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" apimeta "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -144,3 +145,69 @@ func TestPackageManagerReconciler_DeploymentHasProbes(t *testing.T) { assert.Equal(t, httpPort, container.LivenessProbe.HTTPGet.Port) assert.Equal(t, int32(10), container.LivenessProbe.InitialDelaySeconds) } + +// TestPackageManagerReconciler_EnvVars verifies that the envVars field, including a +// valueFrom.secretKeyRef entry, flows through to the rendered Package Manager +// container's Env. +func TestPackageManagerReconciler_EnvVars(t *testing.T) { + ctx := context.Background() + ns := "posit-team" + name := "pm-env-vars" + + fakeEnv := localtest.FakeTestEnv{} + cli, scheme, log := fakeEnv.Start(loadSchemes) + + r := &PackageManagerReconciler{ + Client: cli, + Scheme: scheme, + Log: log, + } + + ctx = logr.NewContext(ctx, log) + req := ctrl.Request{ + NamespacedName: types.NamespacedName{Namespace: ns, Name: name}, + } + + plainEnv := corev1.EnvVar{ + Name: "PM_PLAIN", + Value: "plain-value", + } + secretEnv := corev1.EnvVar{ + Name: "PM_FROM_SECRET", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{Name: "my-secret"}, + Key: "api-key", + }, + }, + } + + pm := &positcov1beta1.PackageManager{ + TypeMeta: metav1.TypeMeta{ + Kind: "PackageManager", + APIVersion: "core.posit.team/v1beta1", + }, + ObjectMeta: metav1.ObjectMeta{Namespace: ns, Name: name, UID: "pm-env-vars-uid"}, + Spec: positcov1beta1.PackageManagerSpec{ + Image: "ghcr.io/rstudio/rstudio-pm:test", + Secret: positcov1beta1.SecretConfig{ + Type: product.SiteSecretKubernetes, + }, + Config: &positcov1beta1.PackageManagerConfig{}, + EnvVars: []corev1.EnvVar{plainEnv, secretEnv}, + }, + } + + require.NoError(t, cli.Create(ctx, pm)) + + _, err := r.ensureDeployedService(ctx, req, pm) + require.NoError(t, err) + + dep := &appsv1.Deployment{} + err = cli.Get(ctx, client.ObjectKey{Name: pm.ComponentName(), Namespace: ns}, dep) + require.NoError(t, err) + + container := dep.Spec.Template.Spec.Containers[0] + assert.Contains(t, container.Env, plainEnv, "plain envVar should be rendered into the container Env") + assert.Contains(t, container.Env, secretEnv, "secretKeyRef envVar should be rendered into the container Env") +} diff --git a/internal/controller/core/site_controller_connect.go b/internal/controller/core/site_controller_connect.go index cd5ef5a..38bc5ba 100644 --- a/internal/controller/core/site_controller_connect.go +++ b/internal/controller/core/site_controller_connect.go @@ -145,6 +145,7 @@ func (r *SiteReconciler) reconcileConnect( AdditionalVolumes: additionalVolumes, NodeSelector: site.Spec.Connect.NodeSelector, AddEnv: site.Spec.Connect.AddEnv, + EnvVars: site.Spec.Connect.EnvVars, // default to true... OffHostExecution: true, AdditionalRuntimeImages: site.Spec.Connect.AdditionalRuntimeImages, diff --git a/internal/controller/core/site_controller_package_manager.go b/internal/controller/core/site_controller_package_manager.go index 53f5ae0..4be634b 100644 --- a/internal/controller/core/site_controller_package_manager.go +++ b/internal/controller/core/site_controller_package_manager.go @@ -99,6 +99,7 @@ func (r *SiteReconciler) reconcilePackageManager( ChronicleAgentImage: site.Spec.Chronicle.AgentImage, NodeSelector: site.Spec.PackageManager.NodeSelector, AddEnv: site.Spec.PackageManager.AddEnv, + EnvVars: site.Spec.PackageManager.EnvVars, Secret: site.Spec.Secret, WorkloadSecret: site.Spec.WorkloadSecret, Replicas: product.PassDefaultReplicas(site.Spec.PackageManager.Replicas, 1), diff --git a/internal/controller/core/site_controller_workbench.go b/internal/controller/core/site_controller_workbench.go index 3d49f5e..05ab661 100644 --- a/internal/controller/core/site_controller_workbench.go +++ b/internal/controller/core/site_controller_workbench.go @@ -262,6 +262,7 @@ func (r *SiteReconciler) reconcileWorkbench( NodeSelector: site.Spec.Workbench.NodeSelector, Tolerations: site.Spec.Workbench.Tolerations, AddEnv: site.Spec.Workbench.AddEnv, + EnvVars: site.Spec.Workbench.EnvVars, Auth: site.Spec.Workbench.Auth, Secret: site.Spec.Secret, WorkloadSecret: site.Spec.WorkloadSecret, diff --git a/internal/controller/core/site_test.go b/internal/controller/core/site_test.go index 67b8515..590e844 100644 --- a/internal/controller/core/site_test.go +++ b/internal/controller/core/site_test.go @@ -244,6 +244,54 @@ func TestSiteReconciler_SessionEnvVars(t *testing.T) { assert.Equal(t, "some-value", testConnect.Spec.SessionConfig.Pod.Env[0].Value) } +// TestSiteReconciler_EnvVars verifies that the new envVars field, including a +// valueFrom.secretKeyRef entry, propagates from the Site spec to each product CR +// spec for Workbench, Connect, and Package Manager. +func TestSiteReconciler_EnvVars(t *testing.T) { + siteName := "env-vars" + siteNamespace := "posit-team" + site := defaultSite(siteName) + + envVars := func(prefix string) []corev1.EnvVar { + return []corev1.EnvVar{ + { + Name: prefix + "_PLAIN", + Value: "plain-value", + }, + { + Name: prefix + "_FROM_SECRET", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{Name: "my-secret"}, + Key: "api-key", + }, + }, + }, + } + } + + site.Spec.Workbench.EnvVars = envVars("WB") + site.Spec.Connect.EnvVars = envVars("CONNECT") + site.Spec.PackageManager.EnvVars = envVars("PM") + + cli, _, err := runFakeSiteReconciler(t, siteNamespace, siteName, site) + assert.Nil(t, err) + + assertEnvVars := func(t *testing.T, prefix string, got []corev1.EnvVar) { + t.Helper() + assert.Equal(t, envVars(prefix), got) + } + + testWorkbench := getWorkbench(t, cli, siteNamespace, siteName) + assertEnvVars(t, "WB", testWorkbench.Spec.EnvVars) + + testConnect := getConnect(t, cli, siteNamespace, siteName) + assertEnvVars(t, "CONNECT", testConnect.Spec.EnvVars) + + testPackageManager := getPackageManager(t, cli, siteNamespace, siteName) + assertEnvVars(t, "PM", testPackageManager.Spec.EnvVars) +} + func TestSiteLoggingAndDebug(t *testing.T) { siteName := "logging-site" siteNamespace := "posit-team" diff --git a/internal/controller/core/workbench.go b/internal/controller/core/workbench.go index 6b7003e..952b2de 100644 --- a/internal/controller/core/workbench.go +++ b/internal/controller/core/workbench.go @@ -890,6 +890,7 @@ func (r *WorkbenchReconciler) ensureDeployedService(ctx context.Context, req ctr Value: w.ComponentName(), }, }, + w.Spec.EnvVars, ), Command: []string{"supervisord"}, Args: []string{}, diff --git a/internal/controller/core/workbench_test.go b/internal/controller/core/workbench_test.go index c53549f..399b10f 100644 --- a/internal/controller/core/workbench_test.go +++ b/internal/controller/core/workbench_test.go @@ -437,6 +437,48 @@ func TestWorkbenchPodDisruptionBudgets(t *testing.T) { "Session PDB should have maxUnavailable=0 to prevent session evictions") } +// TestWorkbenchReconciler_EnvVars verifies that the envVars field, including a +// valueFrom.secretKeyRef entry, flows through to the rendered Workbench +// container's Env. +func TestWorkbenchReconciler_EnvVars(t *testing.T) { + ctx := context.Background() + ns := "posit-team" + name := "workbench-env-vars" + + ctx, r, req, cli := initWorkbenchReconciler(t, ctx, ns, name) + + plainEnv := corev1.EnvVar{ + Name: "WORKBENCH_ENVVARS_TEST", + Value: "plain-value", + } + secretEnv := corev1.EnvVar{ + Name: "WORKBENCH_ENVVARS_TEST_FROM_SECRET", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{Name: "my-secret"}, + Key: "api-key", + }, + }, + } + + wb := defineDefaultWorkbench(t, ns, name) + wb.Spec.EnvVars = []corev1.EnvVar{plainEnv, secretEnv} + + err := internal.BasicCreateOrUpdate(ctx, r, r.GetLogger(ctx), req.NamespacedName, &positcov1beta1.Workbench{}, wb) + require.NoError(t, err) + + wb = getWorkbench(t, cli, ns, name) + + res, err := r.ReconcileWorkbench(ctx, req, wb) + require.NoError(t, err) + require.True(t, res.IsZero()) + + deployment := getDeployment(t, cli, ns, wb.ComponentName()) + mainContainer := deployment.Spec.Template.Spec.Containers[0] + assert.Contains(t, mainContainer.Env, plainEnv, "plain envVar should be rendered into the container Env") + assert.Contains(t, mainContainer.Env, secretEnv, "secretKeyRef envVar should be rendered into the container Env") +} + // TestWorkbenchReconciler_Suspended verifies that when Workbench has Suspended=true, // ReconcileWorkbench does not create serving resources (Deployment, Service, Ingress). func TestWorkbenchReconciler_Suspended(t *testing.T) { diff --git a/internal/crdapply/bases/core.posit.team_connects.yaml b/internal/crdapply/bases/core.posit.team_connects.yaml index a93c9d0..d3b4727 100644 --- a/internal/crdapply/bases/core.posit.team_connects.yaml +++ b/internal/crdapply/bases/core.posit.team_connects.yaml @@ -55,8 +55,12 @@ spec: addEnv: additionalProperties: type: string - description: AddEnv adds arbitrary environment variables to the container - env + description: |- + AddEnv adds arbitrary environment variables to the container env + + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalRuntimeImages: description: |- @@ -461,6 +465,164 @@ spec: description: DsnSecret is the name of the secret that contains the DSN to include with all Connect sessions type: string + envVars: + description: EnvVars adds environment variables to the container, + supporting valueFrom (e.g. secretKeyRef). + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array image: type: string imagePullPolicy: diff --git a/internal/crdapply/bases/core.posit.team_packagemanagers.yaml b/internal/crdapply/bases/core.posit.team_packagemanagers.yaml index 69187d1..d7937c6 100644 --- a/internal/crdapply/bases/core.posit.team_packagemanagers.yaml +++ b/internal/crdapply/bases/core.posit.team_packagemanagers.yaml @@ -55,8 +55,12 @@ spec: addEnv: additionalProperties: type: string - description: AddEnv adds arbitrary environment variables to the container - env + description: |- + AddEnv adds arbitrary environment variables to the container env + + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object awsAccountId: description: AwsAccountId is the account Id for this AWS Account. @@ -240,6 +244,164 @@ spec: sslMode: type: string type: object + envVars: + description: EnvVars adds environment variables to the container, + supporting valueFrom (e.g. secretKeyRef). + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array gitSSHKeys: description: |- GitSSHKeys defines SSH key configurations for Git authentication diff --git a/internal/crdapply/bases/core.posit.team_sites.yaml b/internal/crdapply/bases/core.posit.team_sites.yaml index e02c75d..044ad73 100644 --- a/internal/crdapply/bases/core.posit.team_sites.yaml +++ b/internal/crdapply/bases/core.posit.team_sites.yaml @@ -96,6 +96,10 @@ spec: addEnv: additionalProperties: type: string + description: |- + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalConfig: description: AdditionalConfig allows appending arbitrary gcfg @@ -223,6 +227,163 @@ spec: but preserves PVC, database, and secrets so data is retained. Re-enabling restores full service without data loss. type: boolean + envVars: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array experimentalFeatures: properties: chronicleSidecarProductApiKeyEnabled: @@ -649,6 +810,10 @@ spec: addEnv: additionalProperties: type: string + description: |- + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalConfig: description: AdditionalConfig allows appending arbitrary gcfg @@ -736,6 +901,163 @@ spec: but preserves PVC, database, and secrets so data is retained. Re-enabling restores full service without data loss. type: boolean + envVars: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array gitSSHKeys: description: |- GitSSHKeys defines SSH key configurations for Git authentication in Package Manager @@ -949,6 +1271,10 @@ spec: addEnv: additionalProperties: type: string + description: |- + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalConfigs: additionalProperties: @@ -1182,6 +1508,163 @@ spec: but preserves PVC, database, and secrets so data is retained. Re-enabling restores full service without data loss. type: boolean + envVars: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array experimentalFeatures: description: ExperimentalFeatures allows enabling miscellaneous experimental features for workbench diff --git a/internal/crdapply/bases/core.posit.team_workbenches.yaml b/internal/crdapply/bases/core.posit.team_workbenches.yaml index 98b26d1..3d4a3d9 100644 --- a/internal/crdapply/bases/core.posit.team_workbenches.yaml +++ b/internal/crdapply/bases/core.posit.team_workbenches.yaml @@ -55,8 +55,12 @@ spec: addEnv: additionalProperties: type: string - description: AddEnv adds arbitrary environment variables to the container - env + description: |- + AddEnv adds arbitrary environment variables to the container env + + Deprecated: use envVars instead. If the same variable name is set in both + addEnv and envVars, envVars takes precedence: it is rendered after addEnv, + and Kubernetes resolves a duplicate env var name to the last occurrence. type: object additionalVolumes: description: AdditionalVolumes represents additional VolumeSpec's @@ -652,6 +656,164 @@ spec: description: DsnSecret is the name of the secret that contains the DSN to include with all Workbench sessions type: string + envVars: + description: EnvVars adds environment variables to the container, + supporting valueFrom (e.g. secretKeyRef). + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array image: type: string imagePullPolicy: