From ea6d4926510e1a20669e4e267286737d965b4a9f Mon Sep 17 00:00:00 2001 From: nagar-decart Date: Tue, 30 Jun 2026 15:07:16 +0300 Subject: [PATCH] feat(egress): add extraEnv and envFrom to the egress deployment Lets operators inject extra container env vars and envFrom sources (e.g. LIVEKIT_API_KEY / LIVEKIT_API_SECRET, or S3 credentials) from a Secret instead of embedding them in the config ConfigMap. The egress binary already reads LIVEKIT_API_KEY / LIVEKIT_API_SECRET / LIVEKIT_WS_URL from env as defaults, so this enables credential-from-Secret deployments without exposing them in the public ConfigMap. Both default to empty lists, so existing deployments are unaffected. --- egress/Chart.yaml | 2 +- egress/templates/deployment.yaml | 7 +++++++ egress/values.yaml | 17 +++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/egress/Chart.yaml b/egress/Chart.yaml index e188936..77c7b6d 100644 --- a/egress/Chart.yaml +++ b/egress/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: egress description: Egress is used by LiveKit to stream and record rooms. type: application -version: 1.12.0 +version: 1.12.1 appVersion: "v1.12.0" sources: diff --git a/egress/templates/deployment.yaml b/egress/templates/deployment.yaml index 4a8808a..33f23e2 100644 --- a/egress/templates/deployment.yaml +++ b/egress/templates/deployment.yaml @@ -37,6 +37,13 @@ spec: configMapKeyRef: name: {{ include "egress.fullname" . }} key: config.yaml + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} ports: {{- if .Values.egress.health_port }} - name: health diff --git a/egress/values.yaml b/egress/values.yaml index 1343c35..c59b80d 100644 --- a/egress/values.yaml +++ b/egress/values.yaml @@ -13,6 +13,23 @@ egress: health_port: 8080 prometheus_port: 9090 +# Additional environment variables for the egress container. Useful for +# supplying credentials (e.g. LIVEKIT_API_KEY / LIVEKIT_API_SECRET, or +# AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY for S3 uploads) from a Secret +# instead of embedding them in the config ConfigMap. +extraEnv: [] + # - name: LIVEKIT_API_KEY + # valueFrom: + # secretKeyRef: + # name: livekit-secrets + # key: api-key + +# Additional envFrom sources (e.g. secretRef / configMapRef) applied to the +# egress container. +envFrom: [] + # - secretRef: + # name: livekit-secrets + terminationGracePeriodSeconds: 3600 nameOverride: ""