From 2a865b2ba451e080804176d9e88f687a6fb7f5be Mon Sep 17 00:00:00 2001
From: Till Wegmueller <toasterson@gmail.com>
Date: Tue, 2 Dec 2025 21:42:37 +0100
Subject: [PATCH] feat: add full Kubernetes env var support to Helm chart
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add support for valueFrom in environment variables for both main
container and user-sync init container. This enables injecting
values from secrets, configMaps, fieldRefs, and resourceFieldRefs
instead of only hardcoded values.

Updated deployment template to use toYaml for env rendering,
allowing full Kubernetes env var specifications. Added comprehensive
documentation and examples in values.yaml.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../helm/barycenter/templates/deployment.yaml |  8 ++--
 deploy/helm/barycenter/values.yaml            | 45 ++++++++++++++++++-
 2 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/deploy/helm/barycenter/templates/deployment.yaml b/deploy/helm/barycenter/templates/deployment.yaml
index db1bea8..6350a68 100644
--- a/deploy/helm/barycenter/templates/deployment.yaml
+++ b/deploy/helm/barycenter/templates/deployment.yaml
@@ -47,6 +47,9 @@ spec:
         env:
         - name: RUST_LOG
           value: "info"
+        {{- if .Values.userSync.env }}
+        {{- toYaml .Values.userSync.env | nindent 8 }}
+        {{- end }}
         volumeMounts:
         - name: config
           mountPath: /app/config
@@ -72,10 +75,9 @@ spec:
         - name: http
           containerPort: {{ .Values.config.server.port }}
           protocol: TCP
+        {{- if .Values.env }}
         env:
-        {{- range .Values.env }}
-        - name: {{ .name }}
-          value: {{ .value | quote }}
+          {{- toYaml .Values.env | nindent 8 }}
         {{- end }}
         volumeMounts:
         - name: config
diff --git a/deploy/helm/barycenter/values.yaml b/deploy/helm/barycenter/values.yaml
index a7169b8..92d4172 100644
--- a/deploy/helm/barycenter/values.yaml
+++ b/deploy/helm/barycenter/values.yaml
@@ -118,13 +118,41 @@ config:
   federation:
     trustAnchors: []
 
-# Environment variables
+# Environment variables for main container
+# Supports full Kubernetes env var specification including valueFrom
 env:
   - name: RUST_LOG
     value: "info"
-  # Add additional environment variables here
+  # Simple value example:
   # - name: BARYCENTER__SERVER__PUBLIC_BASE_URL
   #   value: "https://idp.example.com"
+  #
+  # ValueFrom secret example:
+  # - name: BARYCENTER__DATABASE__URL
+  #   valueFrom:
+  #     secretKeyRef:
+  #       name: barycenter-db-secret
+  #       key: database-url
+  #
+  # ValueFrom configMap example:
+  # - name: CONFIG_VALUE
+  #   valueFrom:
+  #     configMapKeyRef:
+  #       name: app-config
+  #       key: some-value
+  #
+  # Field reference example:
+  # - name: POD_NAME
+  #   valueFrom:
+  #     fieldRef:
+  #       fieldPath: metadata.name
+  #
+  # Resource limits example:
+  # - name: MEMORY_LIMIT
+  #   valueFrom:
+  #     resourceFieldRef:
+  #       containerName: barycenter
+  #       resource: limits.memory
 
 # Persistence for database and keys
 persistence:
@@ -166,6 +194,19 @@ userSync:
   # Secret key containing the users.json file
   secretKey: "users.json"
 
+  # Additional environment variables for user-sync init container
+  # Supports full Kubernetes env var specification (same as main container)
+  # RUST_LOG is already set to "info" by default
+  env: []
+  # Examples:
+  # - name: CUSTOM_VAR
+  #   value: "custom-value"
+  # - name: SECRET_VALUE
+  #   valueFrom:
+  #     secretKeyRef:
+  #       name: my-secret
+  #       key: secret-key
+
   # Init container resources
   resources:
     limits: