feat: support envFrom in values file

[aabouzaid]

Hi 👋

As a user, I'd like to supply all env vars from an external ConfigMap or Secret (generated by another tool, not Helm).
So I've introduced envFrom, which could reference any number of ConfigMaps or Secrets.

One thing I'm not sure about is that the key could be extraEnvFrom following extraEnv.
I can make the change once we have agreed on the name.

Summary by CodeRabbit

• New Features

  • Added support for importing environment variables via a new extraEnvFrom option for main, worker, and webhook.
  • Service resource now renders unconditionally by default (removed previous conditional wrapper).

• Documentation

  • README and values documentation updated with examples and descriptions for extraEnvFrom.

• Chores

  • Chart version bumped to 1.2.0.

[coderabbitai]

Walkthrough

Adds a new values option extraEnvFrom (default: []) for main, worker, and webhook, renders it into container envFrom in deployment templates, updates README/values with examples, always renders the Service (removed .Values.main.service.enabled guard), and bumps the chart version to 1.2.0.

Changes

Cohort / File(s)	Change Summary
Values & docs README.md, charts/n8n/values.yaml	Add extraEnvFrom: [] to main, worker, and webhook with commented examples for configMapRef/secretRef; remove explicit main.service.enabled: true line from values.
Main deployment charts/n8n/templates/deployment.yaml	Add conditional to render .Values.main.extraEnvFrom (rendered via toYaml + nindent 12) into container envFrom.
Worker deployment charts/n8n/templates/deployment.worker.yaml	Adjust envFrom indentation and add conditional to render .Values.worker.extraEnvFrom under envFrom.
Webhook deployment charts/n8n/templates/deployment.webhook.yaml	Maintain existing envFrom entries and append conditional rendering of .Values.webhook.extraEnvFrom under envFrom.
Service manifest charts/n8n/templates/service.yaml	Remove the surrounding if .Values.main.service.enabled guard so the Service manifest is always rendered.
Chart metadata charts/n8n/Chart.yaml	Bump chart version to 1.2.0 and update artifacthub.io/changes annotation to reference extraEnvFrom.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Helm
    participant K8sAPI
    participant Pod
    rect rgba(50,115,220,0.06)
    User->>Helm: Add extraEnvFrom to values (main/worker/webhook)
    Helm->>Helm: Render templates, include extraEnvFrom under container envFrom
    end
    rect rgba(60,179,113,0.06)
    Helm->>K8sAPI: Apply rendered manifests (Deployment + Service)
    K8sAPI->>Pod: Create Pod spec with envFrom references
    Pod->>Pod: Load env vars from referenced ConfigMap/Secret
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Files/areas to pay extra attention:

• charts/n8n/templates/service.yaml (service now always rendered)
• charts/n8n/templates/deployment*.yaml (correct indentation and YAML rendering of extraEnvFrom blocks)

Possibly related PRs

• feat: Release 1.0.1 #142 — Also modifies Chart.yaml version/annotations; strong metadata overlap.
• Next Gen Chart #132 — Related changes around envFrom/env handling in deployment templates and values.
• FIX: deployment.yaml - error converting YAML to JSON: yaml: line 46: could not find expected ':' #177 — Related edits to deployment env rendering (extraEnv vs extraEnvFrom interplay).

Suggested reviewers

• Vad1mo

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: support envFrom in values file' clearly and concisely summarizes the main change: adding envFrom support to the Helm chart values file, which is the primary objective across all modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

charts/n8n/values.yaml (1)

71-76: Add commented examples for envFrom in worker and webhook sections
The main section includes example commented entries illustrating how to specify configMapRef and secretRef. To maintain consistency and aid users, consider adding similar examples under the worker.envFrom and webhook.envFrom definitions.

Also applies to: 283-285, 469-471

README.md (1)

170-176: Consider renaming envFrom to extraEnvFrom for naming consistency
The chart already uses extraEnv for individual variables; renaming envFrom to extraEnvFrom would align naming conventions and clarify its relation to the existing key. If agreed, update all templates, values, and documentation accordingly.

Also applies to: 382-384, 568-570

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 565fbf7 and 8dfc73a.

📒 Files selected for processing (5)

• README.md (3 hunks)
• charts/n8n/templates/deployment.webhook.yaml (1 hunks)
• charts/n8n/templates/deployment.worker.yaml (1 hunks)
• charts/n8n/templates/deployment.yaml (1 hunks)
• charts/n8n/values.yaml (3 hunks)

🔇 Additional comments (2)

charts/n8n/templates/deployment.worker.yaml (1)

66-68: Indentation fixes for secretRef entries look correct
The adjusted indentation aligns the secretRef blocks under envFrom consistently.

Also applies to: 74-76

charts/n8n/templates/deployment.webhook.yaml (1)

91-94: Indentation fixes for webhook secretRef entries look correct
The indentation for both main.secret and webhook.secret blocks under envFrom has been normalized properly.

Also applies to: 99-102

[Vad1mo]

@aabouzaid why aren't you using what already exists in extraEnv?

  extraEnv:
  #    N8N_DB_POSTGRESDB_NAME:
  #      valueFrom:
  #        secretKeyRef:
  #          name: db-app
  #          key: dbname

What is your use case, and how do you get to those configmaps and secret that allows you to import them 1:1 into n8n.
Can you explain your workflow and where those configmaps and secret are coming from?

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

charts/n8n/Chart.yaml (1)

36-38: Annotation wording drifts from implementation; consider extraEnvFrom + add missing EOF newline

1. The feature landed as extraEnvFrom, yet the change-log line still says “support envFrom”. This might confuse users scanning Artifact Hub.
2. YAML-lint flags a missing trailing newline; some CI pipelines treat this as an error.

Proposed fix:

 artifacthub.io/changes: |
-    - kind: added
-      description: "support envFrom in values file"
+    - kind: added
+      description: "support extraEnvFrom in values file"
+

(the blank line at the end satisfies the EOF newline)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9858bcb and 380ae64.

📒 Files selected for processing (3)

• README.md (3 hunks)
• charts/n8n/Chart.yaml (2 hunks)
• charts/n8n/values.yaml (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• README.md
• charts/n8n/values.yaml

🧰 Additional context used

🪛 YAMLlint (1.37.1)

charts/n8n/Chart.yaml

[error] 38-38: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (1)

charts/n8n/Chart.yaml (1)

3-3: Chart version bump LGTM – confirm lock‐file & dependency sync

The SemVer-correct minor bump to 1.1.0 is appropriate for a new feature.
Please double-check that Chart.lock, README, and any release notes are updated accordingly so that consumers pulling via Helm repos don’t encounter checksum mismatches.

[aabouzaid]

@Vad1mo The secrets are generated using the External Secrets Operator and the ConfigMaps are generated using Kustomize.

For example, the secrets are updated automatically (another operator restarts the N8n deployment when secrets are changed).

So, adding them to the values file needs to specify each secret one by one, which is not easy to automate.

[aabouzaid]

@Vad1mo Anything left to merge this PR, please?

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

charts/n8n/templates/deployment.webhook.yaml (2)

91-94: Confirm intent: webhook also imports main app-secret

The webhook container pulls env vars from the shared main secret ({{ include "n8n.fullname" . }}-app-secret). If this is intentional to inherit base config, great. If not, this can lead to unexpected key overlaps with the webhook-specific secret further below. Please confirm and, if intentional, consider a short note in README to document the inheritance order.

---

103-105: Good addition of extraEnvFrom; wrap the whole envFrom block to avoid null/empty emission

Nice: .Values.webhook.extraEnvFrom is correctly gated and indented. However, when none of the sources are set (no main.* or webhook.* config/secret and empty extraEnvFrom), Helm will still emit a bare envFrom: with no list items, which can deserialize to null. It’s safer to guard the entire envFrom section so it’s omitted when empty.

Proposed diff:

-          envFrom:
-            {{- if .Values.main.config }}
+          {{- if or .Values.main.config .Values.main.secret .Values.webhook.config .Values.webhook.secret (not (empty .Values.webhook.extraEnvFrom)) }}
+          envFrom:
+            {{- if .Values.main.config }}
             - configMapRef:
                 name: {{ include "n8n.fullname" . }}-app-config
             {{- end }}
-            {{- if .Values.main.secret }}
+            {{- if .Values.main.secret }}
             - secretRef:
                 name: {{ include "n8n.fullname" . }}-app-secret
             {{- end }}
             {{- if .Values.webhook.config }}
             - configMapRef:
                 name: {{ include "n8n.fullname" . }}-webhook-config
             {{- end }}
-            {{- if .Values.webhook.secret }}
+            {{- if .Values.webhook.secret }}
             - secretRef:
                 name: {{ include "n8n.fullname" . }}-webhook-secret
             {{- end }}
-            {{- if .Values.webhook.extraEnvFrom }}
-              {{- toYaml .Values.webhook.extraEnvFrom | nindent 12 }}
-            {{- end }}
+            {{- if .Values.webhook.extraEnvFrom }}
+            {{- toYaml .Values.webhook.extraEnvFrom | nindent 12 }}
+            {{- end }}
+          {{- end }}

Notes:

• Adds a single guard that checks every possible source (including a non-empty extraEnvFrom) before emitting envFrom:.
• Keeps your existing order intact (shared → webhook-specific → user-supplied extraEnvFrom).

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between c27901b and a93d86e.

📒 Files selected for processing (5)

• README.md (3 hunks)
• charts/n8n/Chart.yaml (2 hunks)
• charts/n8n/templates/deployment.webhook.yaml (1 hunks)
• charts/n8n/templates/deployment.worker.yaml (1 hunks)
• charts/n8n/templates/deployment.yaml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• README.md
• charts/n8n/templates/deployment.yaml
• charts/n8n/Chart.yaml
• charts/n8n/templates/deployment.worker.yaml

🔇 Additional comments (1)

charts/n8n/templates/deployment.webhook.yaml (1)

99-102: Precedence looks correct when the same key exists in multiple sources

Kubernetes applies envFrom sources in order; later entries override earlier ones. Having webhook-secret after the shared secrets/configs ensures webhook-specific values take precedence. No action needed.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

charts/n8n/templates/deployment.webhook.yaml (1)

104-106: Consider guarding explicitly against empty lists for robustness.

The conditional {{- if .Values.webhook.extraEnvFrom }} relies on Go template's falsy semantics for empty slices. While empty lists are typically falsy, this approach could produce invalid YAML if the value somehow evaluates unexpectedly. Since other conditional blocks in this file follow the same pattern, consistency is maintained, but consider an explicit check for a non-empty list.

For defensive coding, consider updating the guard to:

-            {{- if .Values.webhook.extraEnvFrom }}
+            {{- if and .Values.webhook.extraEnvFrom (gt (len .Values.webhook.extraEnvFrom) 0) }}
               {{- toYaml .Values.webhook.extraEnvFrom | nindent 12 }}
             {{- end }}

Alternatively, if the values schema enforces non-empty lists or documents the expected structure clearly, the current implementation is acceptable. Verify that extraEnvFrom items are properly formatted as a list of configMapRef or secretRef objects matching Kubernetes envFrom syntax.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a93d86e and 5f61b2e.

📒 Files selected for processing (7)

• README.md (3 hunks)
• charts/n8n/Chart.yaml (2 hunks)
• charts/n8n/templates/deployment.webhook.yaml (1 hunks)
• charts/n8n/templates/deployment.worker.yaml (1 hunks)
• charts/n8n/templates/deployment.yaml (1 hunks)
• charts/n8n/templates/service.yaml (0 hunks)
• charts/n8n/values.yaml (3 hunks)

💤 Files with no reviewable changes (1)

• charts/n8n/templates/service.yaml

🚧 Files skipped from review as they are similar to previous changes (5)

• README.md
• charts/n8n/templates/deployment.worker.yaml
• charts/n8n/templates/deployment.yaml
• charts/n8n/Chart.yaml
• charts/n8n/values.yaml

[aabouzaid]

@Vad1mo Any chance to merge this PR?