chart: add existing opeind secret functionality (#47)

charts/defguard/templates/_helpers.tpl

@@ -60,3 +60,11 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Define opeind secret name
+*/}}
+{{- define "defguard.openidSecretName" -}}
+{{- $name := "openid-key" }}
+{{- $name }}
+{{- end }}

charts/defguard/templates/defguard-deployment.yaml

@@ -101,5 +101,5 @@ spec:
       volumes:
         - name: openid-key
           secret:
-            secretName: {{ .Values.openIdKey }}
+            secretName: {{ .Values.existingOpenIdSecret | default (include "defguard.openidSecretName" .) }}
             optional: false

charts/defguard/templates/openid-secret.yaml

@@ -1,14 +1,16 @@
+{{ if not .Values.existingOpenIdSecret }}
 {{- $openIdKey := (genPrivateKey "rsa") | b64enc | quote }}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.openIdKey) }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "defguard.openidSecretName" .)) }}
 {{- if $secret }}
 {{- $openIdKey = index $secret.data "openid-key" }}
 {{- end }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Values.openIdKey }}
+  name: {{ include "defguard.openidSecretName" . }}
   labels:
     {{- include "defguard.labels" . | nindent 4 }}
 type: Opaque
 data:
   openid-key: {{ $openIdKey }}
+{{- end }}

charts/defguard/values.yaml

@@ -31,7 +31,7 @@ ldap:
   user_search_base: ""
 nameOverride: ""
 nodeSelector: {}
-openIdKey: openid-key
+existingOpenIdSecret: ""
 podAnnotations: {}
 podLabels: {}
 podSecurityContext: {}