feat: allow external API keys to be defined for an agent (#643)

Signed-off-by: David Poltorak <[email protected]>
hyperledger · Aug 22, 2023 · 756dea7 · 756dea7
1 parent 5a63909
commit 756dea7
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 0 deletions.
diff --git a/infrastructure/charts/agent/templates/_helpers.tpl b/infrastructure/charts/agent/templates/_helpers.tpl
@@ -16,6 +16,9 @@
         {{- range .Values.ingress.consumers }}
           -  {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }}
         {{- end }}
+        {{- range .Values.ingress.externalConsumers }}
+          -  {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }}
+        {{- end }}
 {{- end -}}
 {{- define "labels.common" -}}
 app.kubernetes.io/part-of: prism-agent

diff --git a/infrastructure/charts/agent/templates/apisixconsumer.yaml b/infrastructure/charts/agent/templates/apisixconsumer.yaml
@@ -16,3 +16,20 @@ spec:
 ---
 {{- end }}
 {{- end }}
+
+{{- $root := . -}}
+{{- range $consumer := .Values.ingress.externalConsumers }}
+apiVersion: apisix.apache.org/v2
+kind: ApisixConsumer
+metadata:
+  name: "{{ $consumer | lower }}"
+  namespace: "{{ $root.Release.Namespace }}"
+  labels:
+    {{ template "labels.common" . }}
+spec:
+  authParameter:
+    keyAuth:
+      secretRef:
+        name: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
+---
+{{- end }}
diff --git a/infrastructure/charts/agent/templates/externalsecret.yaml b/infrastructure/charts/agent/templates/externalsecret.yaml
@@ -18,3 +18,24 @@ spec:
   dataFrom:
     - extract:
         key: {{ .Values.secrets.dockerRegistryToken }}
+
+---
+
+{{- $root := . -}}
+{{- range $consumer := .Values.ingress.externalConsumers }}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
+  labels:
+      {{ template "labels.common" . }}
+spec:
+  refreshInterval: "0"
+  secretStoreRef:
+    name: {{ $root.Values.secrets.secretStore | quote }}
+    kind: ClusterSecretStore
+  dataFrom:
+    - extract:
+        key: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
+---
+{{- end }}
diff --git a/infrastructure/charts/agent/values.yaml b/infrastructure/charts/agent/values.yaml
@@ -7,6 +7,10 @@ ingress:
     enabled: true
     allow_origins: "*"
   consumers: []
+  # External Consumers are ones where the secret keys/API tokens
+  # are pulled in using External Secrets [and therefore aren't generated by helm]
+  externalConsumerKeyPrefix: chart-base-key-prefix
+  externalConsumers: []
 
 secrets:
   secretStore: chart-base-secretstore