From 3142c584af427cbc2c760796e403ea451161eba6 Mon Sep 17 00:00:00 2001 From: Martin Parm Date: Wed, 20 Jan 2021 00:57:30 +0100 Subject: [PATCH] Add support for using an existing token secret - Add variable dnsimple.existingTokenSecret to the Helm chart to support using an existing secret. This is useful e.g. in combination with https://github.com/bitnami-labs/sealed-secrets. - Add variable dnsimple.tokenSecretName to support configuring the name of the token secret. --- deploy/dnsimple/templates/_helpers.tpl | 4 ++++ deploy/dnsimple/templates/production.cluster-issuer.yaml | 2 +- deploy/dnsimple/templates/secret.yaml | 6 ++++-- deploy/dnsimple/templates/staging.cluster-issuer.yaml | 2 +- deploy/dnsimple/values.yaml | 3 +++ 5 files changed, 13 insertions(+), 4 deletions(-) diff --git a/deploy/dnsimple/templates/_helpers.tpl b/deploy/dnsimple/templates/_helpers.tpl index 59e71d5..81058bb 100644 --- a/deploy/dnsimple/templates/_helpers.tpl +++ b/deploy/dnsimple/templates/_helpers.tpl @@ -46,3 +46,7 @@ Create chart name and version as used by the chart label. {{- define "dnsimple-webhook.servingCertificate" -}} {{ printf "%s-webhook-tls" (include "dnsimple-webhook.fullname" .) }} {{- end -}} + +{{- define "dnsimple-webhook.tokenSecretName" -}} +{{- default (include "dnsimple-webhook.fullname" .) (.Values.dnsimple.tokenSecretName) -}} +{{- end -}} diff --git a/deploy/dnsimple/templates/production.cluster-issuer.yaml b/deploy/dnsimple/templates/production.cluster-issuer.yaml index 9dc9974..f136d17 100644 --- a/deploy/dnsimple/templates/production.cluster-issuer.yaml +++ b/deploy/dnsimple/templates/production.cluster-issuer.yaml @@ -21,7 +21,7 @@ spec: account: {{ .Values.dnsimple.account | quote }} tokenSecretRef: key: token - name: {{ include "dnsimple-webhook.fullname" . }} + name: {{ include "dnsimple-webhook.tokenSecretName" . }} groupName: {{ .Values.groupName }} solverName: dnsimple {{- end -}} \ No newline at end of file diff --git a/deploy/dnsimple/templates/secret.yaml b/deploy/dnsimple/templates/secret.yaml index 6fe6a27..64fb5bd 100644 --- a/deploy/dnsimple/templates/secret.yaml +++ b/deploy/dnsimple/templates/secret.yaml @@ -1,7 +1,8 @@ +{{- if not .Values.dnsimple.existingTokenSecret -}} apiVersion: v1 kind: Secret metadata: - name: {{ include "dnsimple-webhook.fullname" . }} + name: {{ include "dnsimple-webhook.tokenSecretName" . }} labels: app: {{ include "dnsimple-webhook.name" . }} chart: {{ include "dnsimple-webhook.chart" . }} @@ -10,6 +11,7 @@ metadata: type: Opaque data: token: {{ .Values.dnsimple.token | b64enc }} +{{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -23,7 +25,7 @@ metadata: rules: - apiGroups: [""] # indicates the core API group resources: ["secrets"] - resourceNames: ["{{ include "dnsimple-webhook.fullname" . }}"] + resourceNames: ["{{ include "dnsimple-webhook.tokenSecretName" . }}"] verbs: ["get", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/deploy/dnsimple/templates/staging.cluster-issuer.yaml b/deploy/dnsimple/templates/staging.cluster-issuer.yaml index f1a3033..98b6044 100644 --- a/deploy/dnsimple/templates/staging.cluster-issuer.yaml +++ b/deploy/dnsimple/templates/staging.cluster-issuer.yaml @@ -21,7 +21,7 @@ spec: account: {{ .Values.dnsimple.account | quote }} tokenSecretRef: key: token - name: {{ include "dnsimple-webhook.fullname" . }} + name: {{ include "dnsimple-webhook.tokenSecretName" . }} groupName: {{ .Values.groupName }} solverName: dnsimple {{- end -}} \ No newline at end of file diff --git a/deploy/dnsimple/values.yaml b/deploy/dnsimple/values.yaml index c8b3db6..63ba0ae 100644 --- a/deploy/dnsimple/values.yaml +++ b/deploy/dnsimple/values.yaml @@ -14,6 +14,9 @@ certManager: dnsimple: account: "" token: "" + + # existingTokenSecret: false + # tokenSecretName: clusterIssuer: email: name@example.com staging: