chart: add existing jwt secret functionality (#46)

* chart: add existing jwt secret functionality * add missing newline --------- Co-authored-by: Maciek <[email protected]>
DefGuard · Jul 16, 2024 · a6c65a6 · a6c65a6
1 parent 499e401
commit a6c65a6
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 8 deletions.
diff --git a/charts/defguard/templates/_helpers.tpl b/charts/defguard/templates/_helpers.tpl
@@ -62,9 +62,17 @@ Create the name of the service account to use
 {{- end }}
 
 {{/*
-Define opeind secret name
+Define OpenID secret name
 */}}
 {{- define "defguard.openidSecretName" -}}
 {{- $name := "openid-key" }}
 {{- $name }}
 {{- end }}
+
+{{/*
+Define JWT secret name
+*/}}
+{{- define "defguard.jwtSecretName" -}}
+{{- $name := "jwt-secrets" }}
+{{- $name }}
+{{- end }}
diff --git a/charts/defguard/templates/defguard-deployment.yaml b/charts/defguard/templates/defguard-deployment.yaml
@@ -38,22 +38,22 @@ spec:
             - name: DEFGUARD_AUTH_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: {{ .Values.jwtSecret }}
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
                   key: auth
             - name: DEFGUARD_GATEWAY_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: {{ .Values.jwtSecret }}
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
                   key: gateway
             - name: DEFGUARD_YUBIBRIDGE_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: {{ .Values.jwtSecret }}
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
                   key: yubi-bridge
             - name: DEFGUARD_SECRET_KEY
               valueFrom:
                 secretKeyRef:
-                  name: {{ .Values.jwtSecret }}
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
                   key: secret-key
             - name: DEFGUARD_OPENID_KEY
               value: "/etc/defguard-openid-key.pem"

diff --git a/charts/defguard/templates/defguard-secret.yaml b/charts/defguard/templates/defguard-secret.yaml
@@ -1,8 +1,9 @@
+{{ if not .Values.existingJwtSecret }}
 {{- $auth := (randAlpha 16) | b64enc | quote }}
 {{- $gateway := (randAlpha 16) | b64enc | quote }}
 {{- $yubiBridge := (randAlpha 16) | b64enc | quote }}
 {{- $secretKey := (randAlpha 64) | b64enc | quote }}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.jwtSecret) }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "defguard.jwtSecretName" .)) }}
 {{- if $secret }}
 {{- $auth = index $secret.data "auth" }}
 {{- $gateway = index $secret.data "gateway" }}
@@ -12,7 +13,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Values.jwtSecret }}
+  name: {{ include "defguard.jwtSecretName" . }}
   labels:
     {{- include "defguard.labels" . | nindent 4 }}
 type: Opaque
@@ -21,3 +22,4 @@ data:
   gateway: {{ $gateway }}
   yubi-bridge: {{ $yubiBridge }}
   secret-key: {{ $secretKey }}
+{{- end }}
diff --git a/charts/defguard/values.yaml b/charts/defguard/values.yaml
@@ -20,7 +20,7 @@ ingress:
     grpc: defguard-grpc.local
     web: defguard.local
   tls: []
-jwtSecret: jwt-secrets
+existingJwtSecret: ""
 ldap:
   admin_group: ""
   bind_password: ""