From c53b4b314999baaab0402f39173bbc6e3b9d7b29 Mon Sep 17 00:00:00 2001
From: Thomas <tway@cloudflare.com>
Date: Mon, 21 Aug 2023 18:42:32 +0100
Subject: [PATCH] fix(charts/cloudflare-tunnel-remote): remove invalid secret
 ref key

It is not valid to specify individual keys with 'envFrom'. Instead, create
environment variables for all secret key value pairs.

Fixes: #46
---
 .../templates/deployment.yaml                    | 16 +++++++++-------
 .../templates/secret.yaml                        |  2 +-
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/charts/cloudflare-tunnel-remote/templates/deployment.yaml b/charts/cloudflare-tunnel-remote/templates/deployment.yaml
index 62e130a..614f2c4 100644
--- a/charts/cloudflare-tunnel-remote/templates/deployment.yaml
+++ b/charts/cloudflare-tunnel-remote/templates/deployment.yaml
@@ -23,21 +23,23 @@ spec:
     spec:
       serviceAccountName: {{ include "cloudflare-tunnel-remote.fullname" . }}
       containers:
-      - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
+      - name: cloudflared
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
-        name: cloudflared
         command:
           - cloudflared
           - tunnel
-          # In a k8s environment, the metrics server needs to listen outside the pod it runs on. 
+          # In a k8s environment, the metrics server needs to listen outside the pod it runs on.
           # The address 0.0.0.0:2000 allows any pod in the namespace.
           - --metrics
           - 0.0.0.0:2000
           - run
-        envFrom:
-        - secretRef:
-            name: {{ include "cloudflare-tunnel-remote.fullname" . }}
-            key: TUNNEL_TOKEN
+        env:
+        - name: TUNNEL_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "cloudflare-tunnel-remote.fullname" . }}
+              key: tunnelToken
         livenessProbe:
           httpGet:
             # Cloudflared has a /ready endpoint which returns 200 if and only if
diff --git a/charts/cloudflare-tunnel-remote/templates/secret.yaml b/charts/cloudflare-tunnel-remote/templates/secret.yaml
index 11da731..709cce9 100644
--- a/charts/cloudflare-tunnel-remote/templates/secret.yaml
+++ b/charts/cloudflare-tunnel-remote/templates/secret.yaml
@@ -7,4 +7,4 @@ metadata:
   labels:
     {{- include "cloudflare-tunnel-remote.labels" . | nindent 4 }}
 stringData:
-  TUNNEL_TOKEN: {{ .Values.cloudflare.tunnel_token }}
+  tunnelToken: {{ .Values.cloudflare.tunnel_token }}