feat: support envFrom in values file

[aabouzaid]

Hi 👋

As a user, I'd like to supply all env vars from an external ConfigMap or Secret (generated by another tool, not Helm).
So I've introduced envFrom, which could reference any number of ConfigMaps or Secrets.

One thing I'm not sure about is that the key could be extraEnvFrom following extraEnv.
I can make the change once we have agreed on the name.

Summary by CodeRabbit

• New Features
  • Added support for importing environment variables from ConfigMaps/Secrets via a new extraEnvFrom option for main, worker, and webhook.
  • The service resource is now always rendered by default (previous enable toggle removed).
• Documentation
  • README and values documentation updated with examples and descriptions for extraEnvFrom.
• Chores
  • Chart version bumped to 1.1.0.

[coderabbitai]

Walkthrough

Adds a new extraEnvFrom values option for main, worker, and webhook, renders it into container envFrom in deployment templates, updates README/values with examples, always renders the Service (removed .Values.main.service.enabled guard), and bumps the chart version to 1.1.0.

Changes

Cohort / File(s)	Change Summary
Values & docs README.md, charts/n8n/values.yaml	Add extraEnvFrom: [] to main, worker, and webhook with commented examples; remove explicit main.service.enabled: true line; document extraEnvFrom.
Main deployment charts/n8n/templates/deployment.yaml	Insert conditional to render .Values.main.extraEnvFrom (toYaml, nindent 12) under container envFrom.
Worker deployment charts/n8n/templates/deployment.worker.yaml	Adjust indentation of existing envFrom secret/config blocks; add conditional to render .Values.worker.extraEnvFrom under envFrom.
Webhook deployment charts/n8n/templates/deployment.webhook.yaml	Adjust indentation of existing envFrom secret/config blocks; add conditional to render .Values.webhook.extraEnvFrom under envFrom.
Service manifest charts/n8n/templates/service.yaml	Remove the conditional wrapper checking .Values.main.service.enabled; Service is always rendered.
Chart metadata charts/n8n/Chart.yaml	Bump chart version to 1.1.0; update annotations.artifacthub.io/changes to mention extraEnvFrom.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Helm
    participant K8sAPI
    participant Pod
    rect rgba(50,115,220,0.06) 
    User->>Helm: Add extraEnvFrom to values (main/worker/webhook)
    Helm->>Helm: Render templates -> include extraEnvFrom under envFrom[]
    end
    rect rgba(60,179,113,0.06)
    Helm->>K8sAPI: Apply rendered manifests (Deployment/Service)
    K8sAPI->>Pod: Create Pod spec with envFrom refs
    Pod->>Pod: Load env vars from referenced ConfigMap/Secret
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• Create an option for extraEnvFrom #139 — Adds .Values.main/worker/webhook.extraEnvFrom and rendering under deployment.envFrom, matching this PR's purpose.

Possibly related PRs

• FIX: deployment.yaml - error converting YAML to JSON: yaml: line 46: could not find expected ':' #177 — Related changes to environment variable rendering/formatting in deployments.
• feat: Add environment settings to worker deployment #143 — Related adjustments to worker environment configuration and templating.
• feat: add the ability to toggle service creation #188 — Directly related to service rendering and main.service.enabled handling (opposite behavior).

Suggested reviewers

• Vad1mo

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

charts/n8n/values.yaml (1)

71-76: Add commented examples for envFrom in worker and webhook sections
The main section includes example commented entries illustrating how to specify configMapRef and secretRef. To maintain consistency and aid users, consider adding similar examples under the worker.envFrom and webhook.envFrom definitions.

Also applies to: 283-285, 469-471

README.md (1)

170-176: Consider renaming envFrom to extraEnvFrom for naming consistency
The chart already uses extraEnv for individual variables; renaming envFrom to extraEnvFrom would align naming conventions and clarify its relation to the existing key. If agreed, update all templates, values, and documentation accordingly.

Also applies to: 382-384, 568-570

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 565fbf7 and 8dfc73a.

📒 Files selected for processing (5)

• README.md (3 hunks)
• charts/n8n/templates/deployment.webhook.yaml (1 hunks)
• charts/n8n/templates/deployment.worker.yaml (1 hunks)
• charts/n8n/templates/deployment.yaml (1 hunks)
• charts/n8n/values.yaml (3 hunks)

🔇 Additional comments (2)

charts/n8n/templates/deployment.worker.yaml (1)

66-68: Indentation fixes for secretRef entries look correct
The adjusted indentation aligns the secretRef blocks under envFrom consistently.

Also applies to: 74-76

charts/n8n/templates/deployment.webhook.yaml (1)

91-94: Indentation fixes for webhook secretRef entries look correct
The indentation for both main.secret and webhook.secret blocks under envFrom has been normalized properly.

Also applies to: 99-102

[Vad1mo]

@aabouzaid why aren't you using what already exists in extraEnv?

  extraEnv:
  #    N8N_DB_POSTGRESDB_NAME:
  #      valueFrom:
  #        secretKeyRef:
  #          name: db-app
  #          key: dbname

What is your use case, and how do you get to those configmaps and secret that allows you to import them 1:1 into n8n.
Can you explain your workflow and where those configmaps and secret are coming from?

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

charts/n8n/Chart.yaml (1)

36-38: Annotation wording drifts from implementation; consider extraEnvFrom + add missing EOF newline

1. The feature landed as extraEnvFrom, yet the change-log line still says “support envFrom”. This might confuse users scanning Artifact Hub.
2. YAML-lint flags a missing trailing newline; some CI pipelines treat this as an error.

Proposed fix:

 artifacthub.io/changes: |
-    - kind: added
-      description: "support envFrom in values file"
+    - kind: added
+      description: "support extraEnvFrom in values file"
+

(the blank line at the end satisfies the EOF newline)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9858bcb and 380ae64.

📒 Files selected for processing (3)

• README.md (3 hunks)
• charts/n8n/Chart.yaml (2 hunks)
• charts/n8n/values.yaml (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• README.md
• charts/n8n/values.yaml

🧰 Additional context used

🪛 YAMLlint (1.37.1)

charts/n8n/Chart.yaml

[error] 38-38: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (1)

charts/n8n/Chart.yaml (1)

3-3: Chart version bump LGTM – confirm lock‐file & dependency sync

The SemVer-correct minor bump to 1.1.0 is appropriate for a new feature.
Please double-check that Chart.lock, README, and any release notes are updated accordingly so that consumers pulling via Helm repos don’t encounter checksum mismatches.

[aabouzaid]

@Vad1mo The secrets are generated using the External Secrets Operator and the ConfigMaps are generated using Kustomize.

For example, the secrets are updated automatically (another operator restarts the N8n deployment when secrets are changed).

So, adding them to the values file needs to specify each secret one by one, which is not easy to automate.

[aabouzaid]

@Vad1mo Anything left to merge this PR, please?

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

charts/n8n/templates/deployment.webhook.yaml (2)

91-94: Confirm intent: webhook also imports main app-secret

The webhook container pulls env vars from the shared main secret ({{ include "n8n.fullname" . }}-app-secret). If this is intentional to inherit base config, great. If not, this can lead to unexpected key overlaps with the webhook-specific secret further below. Please confirm and, if intentional, consider a short note in README to document the inheritance order.

---

103-105: Good addition of extraEnvFrom; wrap the whole envFrom block to avoid null/empty emission

Nice: .Values.webhook.extraEnvFrom is correctly gated and indented. However, when none of the sources are set (no main.* or webhook.* config/secret and empty extraEnvFrom), Helm will still emit a bare envFrom: with no list items, which can deserialize to null. It’s safer to guard the entire envFrom section so it’s omitted when empty.

Proposed diff:

-          envFrom:
-            {{- if .Values.main.config }}
+          {{- if or .Values.main.config .Values.main.secret .Values.webhook.config .Values.webhook.secret (not (empty .Values.webhook.extraEnvFrom)) }}
+          envFrom:
+            {{- if .Values.main.config }}
             - configMapRef:
                 name: {{ include "n8n.fullname" . }}-app-config
             {{- end }}
-            {{- if .Values.main.secret }}
+            {{- if .Values.main.secret }}
             - secretRef:
                 name: {{ include "n8n.fullname" . }}-app-secret
             {{- end }}
             {{- if .Values.webhook.config }}
             - configMapRef:
                 name: {{ include "n8n.fullname" . }}-webhook-config
             {{- end }}
-            {{- if .Values.webhook.secret }}
+            {{- if .Values.webhook.secret }}
             - secretRef:
                 name: {{ include "n8n.fullname" . }}-webhook-secret
             {{- end }}
-            {{- if .Values.webhook.extraEnvFrom }}
-              {{- toYaml .Values.webhook.extraEnvFrom | nindent 12 }}
-            {{- end }}
+            {{- if .Values.webhook.extraEnvFrom }}
+            {{- toYaml .Values.webhook.extraEnvFrom | nindent 12 }}
+            {{- end }}
+          {{- end }}

Notes:

• Adds a single guard that checks every possible source (including a non-empty extraEnvFrom) before emitting envFrom:.
• Keeps your existing order intact (shared → webhook-specific → user-supplied extraEnvFrom).

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between c27901b and a93d86e.

📒 Files selected for processing (5)

• README.md (3 hunks)
• charts/n8n/Chart.yaml (2 hunks)
• charts/n8n/templates/deployment.webhook.yaml (1 hunks)
• charts/n8n/templates/deployment.worker.yaml (1 hunks)
• charts/n8n/templates/deployment.yaml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• README.md
• charts/n8n/templates/deployment.yaml
• charts/n8n/Chart.yaml
• charts/n8n/templates/deployment.worker.yaml

🔇 Additional comments (1)

charts/n8n/templates/deployment.webhook.yaml (1)

99-102: Precedence looks correct when the same key exists in multiple sources

Kubernetes applies envFrom sources in order; later entries override earlier ones. Having webhook-secret after the shared secrets/configs ensures webhook-specific values take precedence. No action needed.