Add env values from Secret in the same way as EBS CSI driver does

Author: stelucz

helm/aws-load-balancer-controller/README.md

@@ -231,6 +231,7 @@ The default values set by the application itself can be confirmed [here](https:/
 | `externalManagedTags`                          | Specifies the list of tag keys on AWS resources that are managed externally                                                                                                                                            | `[]`                                              |
 | `livenessProbe`                                | Liveness probe settings for the controller                                                                                                                                                                             | (see `values.yaml`)                               |
 | `env`                                          | Environment variables to set for aws-load-balancer-controller pod                                                                                                                                                      | None                                              |
+| `envFromSecret`                                | If `true`, use Environment variables from Secret (aws-secret) for aws-load-balancer-controller pod similarly as The EBS CSI Driver does.                                                                               | `false`                                           |
 | `hostNetwork`                                  | If `true`, use hostNetwork                                                                                                                                                                                             | `false`                                           |
 | `dnsPolicy`                                    | Set dnsPolicy if required                                                                                                                                                                                              | `ClusterFirst`                                    |
 | `extraVolumeMounts`                            | Extra volume mounts for the pod                                                                                                                                                                                        | `[]`                                              |

helm/aws-load-balancer-controller/templates/deployment.yaml

@@ -149,13 +149,29 @@ spec:
         {{- if ne .Values.defaultTargetType "instance" }}
         - --default-target-type={{ .Values.defaultTargetType }}
         {{- end }}
-        {{- if .Values.env }}
+        {{- if or .Values.env .Values.envFromSecret | default false }}
         env:
+        {{- if .Values.env}}
         {{- range $key, $value := .Values.env }}
         - name: {{ $key }}
           value: "{{ $value }}"
         {{- end }}
         {{- end }}
+        {{- if .Values.envFromSecret | default false }}
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: aws-secret
+              key: key_id
+              optional: true
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: aws-secret
+              key: access_key
+              optional: true
+        {{- end }}
+        {{- end }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 10 }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"

helm/aws-load-balancer-controller/values.yaml

@@ -247,6 +247,9 @@ env:
   # ENV_1: ""
   # ENV_2: ""
 
+# Use Environment variables from Secret (aws-secret) for aws-load-balancer-controller pod similarly as The EBS CSI Driver does.
+# envFromSecret: true
+
 # Specifies if aws-load-balancer-controller should be started in hostNetwork mode.
 #
 # This is required if using a custom CNI where the managed control plane nodes are unable to initiate