diff --git a/charts/retool/templates/_helpers.tpl b/charts/retool/templates/_helpers.tpl index 660fe32..6f71906 100644 --- a/charts/retool/templates/_helpers.tpl +++ b/charts/retool/templates/_helpers.tpl @@ -684,13 +684,21 @@ Set MCP server service name {{/* Validate that exactly one blob-storage provider is configured when rrGitServer is enabled. Skipped when the user has plumbed the RR_BLOB_STORAGE_PROVIDER / -RR_DEFAULT_*_* env vars in directly via environmentVariables/environmentSecrets, +RR_DEFAULT_*_* env vars in directly via env/environmentVariables/environmentSecrets, which is treated as an opt-out from the first-class blobStorage config. +Also skipped entirely when rrGitServer.skipBlobStorageValidation is true, which +is the escape hatch for sources we cannot inspect at template time (e.g. env +vars injected via envFrom from a Secret/ConfigMap). No-op when rrGitServer is disabled. */}} {{- define "retool.rrGitServer.validateBlobStorage" -}} -{{- if .Values.rrGitServer.enabled -}} +{{- if and .Values.rrGitServer.enabled (not .Values.rrGitServer.skipBlobStorageValidation) -}} {{- $hasDirectEnv := false -}} +{{- range $name, $value := .Values.env -}} +{{- if or (hasPrefix "RR_DEFAULT_" $name) (eq $name "RR_BLOB_STORAGE_PROVIDER") -}} +{{- $hasDirectEnv = true -}} +{{- end -}} +{{- end -}} {{- range .Values.environmentVariables -}} {{- if or (hasPrefix "RR_DEFAULT_" .name) (eq .name "RR_BLOB_STORAGE_PROVIDER") -}} {{- $hasDirectEnv = true -}} @@ -708,7 +716,7 @@ No-op when rrGitServer is disabled. {{- if $bs.gcs }}{{ $providers = append $providers "gcs" }}{{ end -}} {{- if $bs.azure }}{{ $providers = append $providers "azure" }}{{ end -}} {{- if ne (len $providers) 1 -}} -{{- fail "rrGitServer.enabled requires exactly one of blobStorage.s3, blobStorage.gcs, blobStorage.azure to be configured, or set RR_BLOB_STORAGE_PROVIDER / RR_DEFAULT_* directly via environmentVariables / environmentSecrets" -}} +{{- fail "rrGitServer.enabled requires exactly one of blobStorage.s3, blobStorage.gcs, blobStorage.azure to be configured, or set RR_BLOB_STORAGE_PROVIDER / RR_DEFAULT_* directly via env / environmentVariables / environmentSecrets. If those vars are supplied another way (e.g. envFrom), set rrGitServer.skipBlobStorageValidation=true to bypass this check." -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/retool/values.yaml b/charts/retool/values.yaml index 33f80bb..9e63f3b 100644 --- a/charts/retool/values.yaml +++ b/charts/retool/values.yaml @@ -728,6 +728,13 @@ rrGitServer: # Backend default is 100; unset to inherit it. repackThreshold: ~ + # Escape hatch for the blob-storage validation below. The chart can only + # inspect blobStorage, env, environmentVariables, and environmentSecrets at + # template time; it cannot see env vars injected via envFrom (Secret/ConfigMap + # splat). Set this to true to bypass the check when RR_BLOB_STORAGE_PROVIDER / + # RR_DEFAULT_* are provided that way. + skipBlobStorageValidation: false + # Shared blob-storage config used by git_server (and other features that # need object storage, e.g. snapshots). Set exactly one of s3, gcs, azure. # Renders RR_BLOB_STORAGE_PROVIDER + RR_DEFAULT__* env vars on diff --git a/values.yaml b/values.yaml index 33f80bb..9e63f3b 100644 --- a/values.yaml +++ b/values.yaml @@ -728,6 +728,13 @@ rrGitServer: # Backend default is 100; unset to inherit it. repackThreshold: ~ + # Escape hatch for the blob-storage validation below. The chart can only + # inspect blobStorage, env, environmentVariables, and environmentSecrets at + # template time; it cannot see env vars injected via envFrom (Secret/ConfigMap + # splat). Set this to true to bypass the check when RR_BLOB_STORAGE_PROVIDER / + # RR_DEFAULT_* are provided that way. + skipBlobStorageValidation: false + # Shared blob-storage config used by git_server (and other features that # need object storage, e.g. snapshots). Set exactly one of s3, gcs, azure. # Renders RR_BLOB_STORAGE_PROVIDER + RR_DEFAULT__* env vars on