From 75adb787c46fd362abacc1293b734c1813184748 Mon Sep 17 00:00:00 2001
From: Domonkos Cinke <Sea-you@users.noreply.github.com>
Date: Fri, 4 Feb 2022 23:53:20 +0100
Subject: [PATCH] Add ability to mount extra minio env from secret (#14254)

---
 helm/minio/templates/deployment.yaml         | 13 +++++++++++++
 helm/minio/templates/gateway-deployment.yaml | 13 +++++++++++++
 helm/minio/templates/statefulset.yaml        | 13 +++++++++++++
 helm/minio/values.yaml                       |  6 ++++++
 4 files changed, 45 insertions(+)

diff --git a/helm/minio/templates/deployment.yaml b/helm/minio/templates/deployment.yaml
index d5917984d..f40df14d2 100644
--- a/helm/minio/templates/deployment.yaml
+++ b/helm/minio/templates/deployment.yaml
@@ -81,6 +81,10 @@ spec:
               subPath: "{{ .Values.persistence.subPath }}"
               {{- end }}
             {{- end }}
+            {{- if .Values.extraSecret }}
+            - name: extra-secret
+              mountPath: "/tmp/minio-config-env"
+            {{- end }}
             {{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
           ports:
             - name: {{ $scheme }}
@@ -98,6 +102,10 @@ spec:
                 secretKeyRef:
                   name: {{ template "minio.secretName" . }}
                   key: rootPassword
+            {{- if .Values.extraSecret }}
+            - name: MINIO_CONFIG_ENV_FILE
+              value: "/tmp/minio-config-env/config.env"
+            {{- end}}
             {{- if .Values.metrics.serviceMonitor.public }}
             - name: MINIO_PROMETHEUS_AUTH_TYPE
               value: "public"
@@ -149,6 +157,11 @@ spec:
         {{- else }}
           emptyDir: {}
         {{- end }}
+        {{- if .Values.extraSecret }}
+        - name: extra-secret
+          secret:
+            secretName: {{ .Values.extraSecret }}
+        {{- end }}
         - name: minio-user
           secret:
             secretName: {{ template "minio.secretName" . }}
diff --git a/helm/minio/templates/gateway-deployment.yaml b/helm/minio/templates/gateway-deployment.yaml
index 939589482..4ed62bb4c 100644
--- a/helm/minio/templates/gateway-deployment.yaml
+++ b/helm/minio/templates/gateway-deployment.yaml
@@ -86,6 +86,10 @@ spec:
               subPath: "{{ .Values.persistence.subPath }}"
               {{- end }}
             {{- end }}
+            {{- if .Values.extraSecret }}
+            - name: extra-secret
+              mountPath: "/tmp/minio-config-env"
+            {{- end }}
             {{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
           ports:
             - name: {{ $scheme }}
@@ -103,6 +107,10 @@ spec:
                 secretKeyRef:
                   name: {{ template "minio.secretName" . }}
                   key: rootPassword
+            {{- if .Values.extraSecret }}
+            - name: MINIO_CONFIG_ENV_FILE
+              value: "/tmp/minio-config-env/config.env"
+            {{- end}}
             {{- if eq .Values.gateway.type "gcs" }}
             - name: GOOGLE_APPLICATION_CREDENTIALS
               value: "/tmp/credentials/service-account-file.json"
@@ -161,5 +169,10 @@ spec:
         - name: minio-user
           secret:
             secretName: {{ template "minio.secretName" . }}
+        {{- if .Values.extraSecret }}
+        - name: extra-secret
+          secret:
+            secretName: {{ .Values.extraSecret }}
+        {{- end }}
         {{- include "minio.tlsKeysVolume" . | indent 8 }}
 {{- end }}
diff --git a/helm/minio/templates/statefulset.yaml b/helm/minio/templates/statefulset.yaml
index 8e3ecf5e1..9cc33eff0 100644
--- a/helm/minio/templates/statefulset.yaml
+++ b/helm/minio/templates/statefulset.yaml
@@ -114,6 +114,10 @@ spec:
               {{- end }}
             {{- end }}
             {{- end }}
+            {{- if .Values.extraSecret }}
+            - name: extra-secret
+              mountPath: "/tmp/minio-config-env"
+            {{- end }}
             {{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
           ports:
             - name: {{ $scheme }}
@@ -131,6 +135,10 @@ spec:
                 secretKeyRef:
                   name: {{ template "minio.secretName" . }}
                   key: rootPassword
+            {{- if .Values.extraSecret }}
+            - name: MINIO_CONFIG_ENV_FILE
+              value: "/tmp/minio-config-env/config.env"
+            {{- end}}
             {{- if .Values.metrics.serviceMonitor.public }}
             - name: MINIO_PROMETHEUS_AUTH_TYPE
               value: "public"
@@ -158,6 +166,11 @@ spec:
         - name: minio-user
           secret:
             secretName: {{ template "minio.secretName" . }}
+        {{- if .Values.extraSecret }}
+        - name: extra-secret
+          secret:
+            secretName: {{ .Values.extraSecret }}
+        {{- end }}
         {{- include "minio.tlsKeysVolume" . | indent 8 }}
 {{- if .Values.persistence.enabled }}
   volumeClaimTemplates:
diff --git a/helm/minio/values.yaml b/helm/minio/values.yaml
index a577457c8..be225dfcd 100644
--- a/helm/minio/values.yaml
+++ b/helm/minio/values.yaml
@@ -315,6 +315,12 @@ environment:
   ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
   ## MINIO_BROWSER: "off"
 
+## The name of a secret in the same kubernetes namespace which contain secret values
+## This can be useful for LDAP password, etc
+## The key in the secret must be 'config.env'
+##
+# extraSecret: minio-extraenv
+
 networkPolicy:
   enabled: false
   allowExternal: true