diff --git a/README.md b/README.md index 5e2ecfa..b1512ea 100644 --- a/README.md +++ b/README.md @@ -183,6 +183,7 @@ enterprise: | enterprise.enabled | bool | `false` | enable Windmill Enterprise , requires license key. | | enterprise.enabledS3DistributedCache | bool | `false` | | | enterprise.licenseKey | string | `"123456F"` | Windmill provided Enterprise license key. Sets LICENSE_KEY environment variable in app and worker container. | +| enterprise.licenseKeySecretName | string | `""` | name of the secret storing the Enterprise license key, take precedence over licenseKey. The default key is `"licenseKey"` | | enterprise.nsjail | bool | `false` | use nsjail for sandboxing | | enterprise.s3CacheBucket | string | `"mybucketname"` | S3 bucket to use for dependency cache. Sets S3_CACHE_BUCKET environment variable in worker container | | enterprise.samlMetadata | string | `""` | SAML Metadata URL to enable SAML SSO (Can be set in the Instance Settings UI, which is the recommended method) | diff --git a/charts/windmill/templates/app.yaml b/charts/windmill/templates/app.yaml index 00b2b4c..0ab1670 100644 --- a/charts/windmill/templates/app.yaml +++ b/charts/windmill/templates/app.yaml @@ -111,6 +111,13 @@ spec: value: "true" {{ end }} {{ if .Values.enterprise.enabled }} + {{ if .Values.enterprise.licenseKeySecretName }} + - name: "LICENSE_KEY" + valueFrom: + secretKeyRef: + name: {{ .Values.enterprise.licenseKeySecretName }} + key: {{ .Values.enterprise.licenseKeySecretKey }} + {{ else }} - name: "LICENSE_KEY" value: "{{ .Values.enterprise.licenseKey }}" {{ end }} @@ -132,6 +139,7 @@ spec: - name: "SCIM_TOKEN" value: "{{ .Values.enterprise.scimToken }}" {{ end }} + {{ end }} {{ if .Values.windmill.openaiAzureBasePath}} - name: OPENAI_AZURE_BASE_PATH value: "{{ .Values.windmill.openaiAzureBasePath }}" diff --git a/charts/windmill/templates/hub.yaml b/charts/windmill/templates/hub.yaml index 00e9a1e..fb812d0 100644 --- a/charts/windmill/templates/hub.yaml +++ b/charts/windmill/templates/hub.yaml @@ -65,8 +65,21 @@ spec: value: "true" - name: PUBLIC_APP_URL value: "{{ .Values.windmill.baseProtocol }}://{{ .Values.windmill.baseDomain }}" - - name: LICENSE_KEY - value: "{{ .Values.hub.licenseKey }}" + {{ if .Values.enterprise.enabled }} + {{ if .Values.enterprise.licenseKeySecretName }} + - name: "LICENSE_KEY" + valueFrom: + secretKeyRef: + name: {{ .Values.enterprise.licenseKeySecretName }} + key: {{ .Values.enterprise.licenseKeySecretKey }} + {{ else if .Values.enterprise.licenseKey }} + - name: "LICENSE_KEY" + value: "{{ .Values.enterprise.licenseKey }}" + {{ else }} + - name: "LICENSE_KEY" + value: "{{ .Values.hub.licenseKey }}" #DEPRECATED + {{ end }} + {{ end }} resources: {{ toYaml .Values.hub.resources | indent 12 }} {{- with .Values.hub.nodeSelector }} diff --git a/charts/windmill/templates/worker-groups.yaml b/charts/windmill/templates/worker-groups.yaml index d637041..3c62d33 100644 --- a/charts/windmill/templates/worker-groups.yaml +++ b/charts/windmill/templates/worker-groups.yaml @@ -131,8 +131,16 @@ spec: value: "{{ $.Values.windmill.npmConfigRegistry }}" {{ end }} {{ if $.Values.enterprise.enabled }} + {{ if $.Values.enterprise.licenseKeySecretName }} + - name: "LICENSE_KEY" + valueFrom: + secretKeyRef: + name: {{ $.Values.enterprise.licenseKeySecretName }} + key: {{ $.Values.enterprise.licenseKeySecretKey }} + {{ else }} - name: "LICENSE_KEY" value: "{{ $.Values.enterprise.licenseKey }}" + {{ end }} {{ if $.Values.enterprise.enabledS3DistributedCache }} - name: "S3_CACHE_BUCKET" value: "{{ $.Values.enterprise.s3CacheBucket }}" diff --git a/charts/windmill/values.yaml b/charts/windmill/values.yaml index 0e57be9..97d825c 100644 --- a/charts/windmill/values.yaml +++ b/charts/windmill/values.yaml @@ -380,6 +380,10 @@ ingress: enterprise: # -- enable Windmill Enterprise, requires license key. enabled: false + # -- name of the secret storing the enterprise license key, take precedence over licenseKey string. + licenseKeySecretName: "" + # -- name of the key in secret storing the enterprise license key. The default key is 'licenseKey' + licenseKeySecretKey: licenseKey # -- enterprise license key. (Recommended to avoid: It is recommended to pass it from the Instance settings UI instead) licenseKey: "" enabledS3DistributedCache: false