Merge pull request #1156 from sudoleg/chart-secret-key

Allow setting secret key by referencing a present/custom secret
sighupio · Aug 19, 2024 · a676225 · a676225
2 parents 20f4274 + ef2484d
commit a676225
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,4 +8,5 @@ app/static-content/*
 tests/e2e/test-results
 build/
 node_modules/
-static-content/
+static-content/
+*.tgz
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -19,7 +19,7 @@ keywords:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "0.10.0"
+version: "0.11.0"
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -62,10 +62,17 @@ spec:
             - name: GPM_PREFERRED_URL_SCHEME
               value: {{ required "A valid .Values.config.preferredURLScheme entry required! Choose either http or https" .Values.config.preferredURLScheme | quote }}
             - name: GPM_SECRET_KEY
+              {{- if .Values.config.secretKey }}
               valueFrom:
                 secretKeyRef:
                   name: {{ include "gatekeeper-policy-manager.fullname" . }}
                   key: secretKey
+              {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.secretRef }}
+                  key: secretKey
+              {{- end }}
             {{- if .Values.config.oidc.enabled }}
             - name: GPM_AUTH_ENABLED
               value: "OIDC"

diff --git a/chart/templates/secret.yaml b/chart/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.config.secretKey }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,3 +7,4 @@ metadata:
     {{- include "gatekeeper-policy-manager.labels" . | nindent 4 }}
 stringData:
   secretKey: {{ required "A valid .Values.config.secretKey entry required! Choose a secure string" .Values.config.secretKey | quote }}
+{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -121,7 +121,11 @@ topologySpreadConstraints: []
 config:
   preferredURLScheme: http
   logLevel: info
-  secretKey:
+  # secret in plain text
+  secretKey: null
+  # name of the secret containing the secret key. if set, config.secretKey should be null!
+  # supported fields: secretKey
+  secretRef: null
   multiCluster:
     enabled: false
     kubeconfig: |