Merge pull request #3 from InfraWay/DEV-2060

DEV-2060: add external secrets

charts/senfu/Chart.yaml

@@ -15,4 +15,4 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1

charts/senfu/templates/external-secrets.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.externalSecrets.enabled -}}
+{{- $fullName := printf "senfu-%s" (include "senfu.fullname" .) -}}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  refreshInterval: 1h # rate SecretManager pulls GCPSM
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: {{ .Values.externalSecrets.secretStoreName }} # name of the SecretStore (or kind specified)
+  target:
+    name: {{ $fullName }}
+    creationPolicy: Owner
+  data:
+    {{- range .Values.externalSecrets.secrets }}
+    - secretKey: {{ .key }}
+      remoteRef:
+        key: {{ .name }}
+    {{- end }}
+{{- end }}

charts/senfu/values.yaml

@@ -45,3 +45,8 @@ volumes:
     name: pano-pv-claim
     storage: 20Gi
   configMapName: site-nginx-config
+
+externalSecrets:
+  enabled: false
+  secretStoreName: ""
+  secrets: []