Merge pull request #9 from Peltarion/parmus/helm-secret

feat: add support for using an existing token secret
2025-07-01 22:35:49 +02:00 · 2021-03-25 10:11:35 +01:00 · 2021-03-25 10:11:35 +01:00 · 61c77c010b
commit 61c77c010b
parent 865b72e083 3142c584af
5 changed files with 13 additions and 4 deletions
--- a/deploy/dnsimple/templates/_helpers.tpl
+++ b/deploy/dnsimple/templates/_helpers.tpl
@ -46,3 +46,7 @@ Create chart name and version as used by the chart label.
 {{- define "dnsimple-webhook.servingCertificate" -}}
 {{ printf "%s-webhook-tls" (include "dnsimple-webhook.fullname" .) }}
 {{- end -}}
+
+{{- define "dnsimple-webhook.tokenSecretName" -}}
+{{- default (include "dnsimple-webhook.fullname" .) (.Values.dnsimple.tokenSecretName) -}}
+{{- end -}}
--- a/deploy/dnsimple/templates/production.cluster-issuer.yaml
+++ b/deploy/dnsimple/templates/production.cluster-issuer.yaml
@ -20,7 +20,7 @@ spec:
          config:
            tokenSecretRef:
              key: token
-              name: {{ include "dnsimple-webhook.fullname" . }}
+              name: {{ include "dnsimple-webhook.tokenSecretName" . }}
          groupName: {{ .Values.groupName }}
          solverName: dnsimple
 {{- end -}}
--- a/deploy/dnsimple/templates/secret.yaml
+++ b/deploy/dnsimple/templates/secret.yaml
@ -1,7 +1,8 @@
+{{- if not .Values.dnsimple.existingTokenSecret -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}
+  name: {{ include "dnsimple-webhook.tokenSecretName" . }}
  labels:
    app: {{ include "dnsimple-webhook.name" . }}
    chart: {{ include "dnsimple-webhook.chart" . }}
@ -10,6 +11,7 @@ metadata:
 type: Opaque
 data:
  token: {{ .Values.dnsimple.token | b64enc }}
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@ -23,7 +25,7 @@ metadata:
 rules:
 - apiGroups: [""] # indicates the core API group
  resources: ["secrets"]
-  resourceNames: ["{{ include "dnsimple-webhook.fullname" . }}"]
+  resourceNames: ["{{ include "dnsimple-webhook.tokenSecretName" . }}"]
  verbs: ["get", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
--- a/deploy/dnsimple/templates/staging.cluster-issuer.yaml
+++ b/deploy/dnsimple/templates/staging.cluster-issuer.yaml
@ -20,7 +20,7 @@ spec:
          config:
            tokenSecretRef:
              key: token
-              name: {{ include "dnsimple-webhook.fullname" . }}
+              name: {{ include "dnsimple-webhook.tokenSecretName" . }}
          groupName: {{ .Values.groupName }}
          solverName: dnsimple
 {{- end -}}
--- a/deploy/dnsimple/values.yaml
+++ b/deploy/dnsimple/values.yaml
@ -13,6 +13,9 @@ certManager:
 # logLevel: 3
 dnsimple:
  token: ""
+
+  # existingTokenSecret: false
+  # tokenSecretName:
 clusterIssuer:
  email: name@example.com
  staging: