From 0cdc36fa04e4661ba1db14f2a6d60dab433ef7a0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 24 Jan 2026 00:49:54 +0000
Subject: [PATCH] Add example values file demonstrating extraEnvFrom usage

Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>
---
 charts/sure/README.md                   |  6 ++
 charts/sure/values-example-envfrom.yaml | 89 +++++++++++++++++++++++++
 2 files changed, 95 insertions(+)
 create mode 100644 charts/sure/values-example-envfrom.yaml

diff --git a/charts/sure/README.md b/charts/sure/README.md
index 9ea98f354..e15a6d37e 100644
--- a/charts/sure/README.md
+++ b/charts/sure/README.md
@@ -49,6 +49,12 @@ helm upgrade --install sure charts/sure \
 
 Expose the app via an Ingress (see values) or `kubectl port-forward svc/sure 8080:80 -n sure`.
 
+## Example values files
+
+The chart includes example values files demonstrating common configurations:
+
+- `values-example-envfrom.yaml` - Shows how to use `extraEnvFrom` to inject environment variables from secrets, which is more maintainable than listing each variable individually.
+
 ## Using external Postgres/Redis
 
 Disable the bundled CNPG/Redis resources and set URLs explicitly.
diff --git a/charts/sure/values-example-envfrom.yaml b/charts/sure/values-example-envfrom.yaml
new file mode 100644
index 000000000..f43879659
--- /dev/null
+++ b/charts/sure/values-example-envfrom.yaml
@@ -0,0 +1,89 @@
+# Example values file demonstrating the use of extraEnvFrom
+# to simplify environment variable management
+#
+# This example shows how to use extraEnvFrom to inject all keys
+# from a secret instead of listing each one individually
+
+image:
+  repository: ghcr.io/we-promise/sure
+  tag: "0.6.6"
+  pullPolicy: IfNotPresent
+
+rails:
+  env: production
+  
+  # RECOMMENDED APPROACH: Use extraEnvFrom to inject all keys from a secret
+  # This replaces the need for a long list of individual extraEnvVars entries
+  extraEnvFrom:
+    - secretRef:
+        name: sure-demo  # All keys from this secret become environment variables
+  
+  # Optional: You can combine multiple sources
+  # extraEnvFrom:
+  #   - secretRef:
+  #       name: sure-secrets          # Sensitive application secrets
+  #   - configMapRef:
+  #       name: app-config            # Non-sensitive configuration
+  #   - secretRef:
+  #       name: third-party-api-keys  # API keys for external services
+  
+  # Only use extraEnvVars for specific keys that need special handling
+  # extraEnvVars:
+  #   - name: SPECIFIC_KEY
+  #     valueFrom:
+  #       secretKeyRef:
+  #         name: another-secret
+  #         key: specific-key
+
+  settings:
+    SELF_HOSTED: "true"
+    ONBOARDING_STATE: "open"
+
+# Database configuration (using in-cluster CNPG)
+cnpg:
+  enabled: true
+  cluster:
+    enabled: true
+    name: "sure-db"
+    instances: 1
+    storage:
+      size: 10Gi
+
+# Redis configuration (using in-cluster operator)
+redisOperator:
+  enabled: true
+  managed:
+    enabled: true
+  replicas: 1
+
+web:
+  enabled: true
+  replicas: 1
+  
+  # Optional: web-specific environment variables
+  # extraEnvFrom:
+  #   - configMapRef:
+  #       name: web-specific-config
+
+worker:
+  enabled: true
+  replicas: 1
+  
+  # Optional: worker-specific environment variables
+  # extraEnvFrom:
+  #   - configMapRef:
+  #       name: worker-specific-config
+
+service:
+  type: ClusterIP
+  port: 80
+
+# Optional: Enable ingress for external access
+ingress:
+  enabled: false
+  className: ""
+  hosts:
+    - host: sure.local
+      paths:
+        - path: /
+          pathType: Prefix