Add auth.existingSecret for external secret management

Signed-off-by: Guillaume Veschambre <gveschambre@petalmd.com>
Aidbox · Nov 14, 2024 · 51c1bb7 · 51c1bb7
1 parent 6b5801d
commit 51c1bb7
Show file tree

Hide file tree

Showing 8 changed files with 31 additions and 2 deletions.
diff --git a/aidbox/templates/_helpers.tpl b/aidbox/templates/_helpers.tpl
@@ -60,3 +60,12 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/* Create the secret name for Aidbox, using existingSecret if set */}}
+{{- define "aidbox.secretName" -}}
+{{- if .Values.auth.existingSecret -}}
+{{ .Values.auth.existingSecret }}
+{{- else -}}
+{{ include "aidbox.fullname" . }}
+{{- end -}}
+{{- end -}}
diff --git a/aidbox/templates/deployment.yaml b/aidbox/templates/deployment.yaml
@@ -32,7 +32,7 @@ spec:
             - configMapRef:
                 name: {{ include "aidbox.fullname" . }}
             - secretRef:
-                name: {{ include "aidbox.fullname" . }}
+                name: {{ include "aidbox.secretName" . }}
             {{- range .Values.extraEnvFromConfigMaps }}
             - configMapRef:
                 name: {{ . }}

diff --git a/aidbox/templates/secrets.yaml b/aidbox/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.auth.existingSecret -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -17,3 +18,4 @@ data:
   {{ if .PGUSER }}PGUSER: {{ .PGUSER | b64enc }}{{ end }}
   {{ if .PGPASSWORD }}PGPASSWORD: {{ .PGPASSWORD | b64enc }}{{ end }}
   {{- end }}
+{{- end -}}
diff --git a/aidbox/values.yaml b/aidbox/values.yaml
@@ -10,6 +10,9 @@ config:
   BOX_METRICS_PORT: 8765
   PGPORT: 5432
 
+auth:
+  existingSecret: ""
+
 image:
   repository: healthsamurai/aidboxone
   pullPolicy: IfNotPresent

diff --git a/aidboxdb/templates/_helpers.tpl b/aidboxdb/templates/_helpers.tpl
@@ -60,3 +60,13 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+
+{{/* Create the secret name for AidboxDB, using existingSecret if set */}}
+{{- define "aidboxdb.secretName" -}}
+{{- if .Values.auth.existingSecret -}}
+{{ .Values.auth.existingSecret }}
+{{- else -}}
+{{ include "aidboxdb.fullname" . }}
+{{- end -}}
+{{- end -}}
diff --git a/aidboxdb/templates/secrets.yaml b/aidboxdb/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.auth.existingSecret -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -10,3 +11,4 @@ data:
   POSTGRES_PASSWORD: {{ .POSTGRES_PASSWORD | b64enc }}
   POSTGRES_USER: {{ .POSTGRES_USER | b64enc }}
   {{- end }}
+{{- end -}}
diff --git a/aidboxdb/templates/statefulset.yaml b/aidboxdb/templates/statefulset.yaml
@@ -46,7 +46,7 @@ spec:
             - configMapRef:
                 name: {{ $fullName }}-env
             - secretRef:
-                name: {{ $fullName }}
+                name: {{ include "aidboxdb.secretName" . }}
           volumeMounts:
             - name: db-pg-config
               mountPath: /etc/configs

diff --git a/aidboxdb/values.yaml b/aidboxdb/values.yaml
@@ -10,6 +10,9 @@ env:
   POSTGRES_USER: postgres
   POSTGRES_DB: postgres
 
+auth:
+  existingSecret: ""
+
 storage:
   # -- Storage className to use
   className: ""