Skip to content

Commit 52045fd

Browse files
markoskandylismarkoskandylis
committed
Removing gitExternal secrets from globals
Signed-off-by: Markos Kandylis <markos_kandylis@hotmail.com>
1 parent 1f4d2e9 commit 52045fd

File tree

3 files changed

+26
-22
lines changed

3 files changed

+26
-22
lines changed

charts/fleet-secret/README.MD

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,11 @@ gitExternalSecrets:
160160
secretManagerSecretName: "git-addons-creds"
161161
```
162162

163+
Values defined under `global.gitExternalSecrets.externalSecrets` act as shared defaults and
164+
are deep-merged with the chart-level `gitExternalSecrets.externalSecrets`. Define the common
165+
portions (for example `secretName`, `secretType`, or annotations) globally and only override
166+
the differing keys per cluster or environment.
167+
163168
## Notes
164169

165170
- All secrets are created in the ArgoCD namespace by default
@@ -178,4 +183,4 @@ gitExternalSecrets:
178183
## License
179184

180185
This chart is licensed under the Apache License 2.0.
181-
```
186+
```

charts/fleet-secret/templates/gitExternalSecret.yaml

Lines changed: 7 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,20 @@
11
{{- if .Values.gitExternalSecrets.enabled }}
2-
{{- $globalGitSecrets := dict }}
3-
{{- if and .Values.global .Values.global.gitExternalSecrets .Values.global.gitExternalSecrets.externalSecrets }}
4-
{{- $globalGitSecrets = .Values.global.gitExternalSecrets.externalSecrets }}
5-
{{- end }}
6-
{{- $secretStoreRefName := .Values.global.gitExternalSecrets.secretStoreRefName | default "" -}}
2+
{{- $secretStoreRefName := .Values.gitExternalSecrets.secretStoreRefName | default "" -}}
73
{{- $secretStoreRefKind := .Values.global.gitExternalSecrets.secretStoreRefKind | default "" -}}
84
{{- $useHttp := .Values.global.gitExternalSecrets.useHttp | default false -}}
95
{{- $useGitHubApp := .Values.global.gitExternalSecrets.useGitHubApp | default false -}}
106
{{- $usePrivateKey := .Values.global.gitExternalSecrets.usePrivateKey | default false -}}
117
{{- $clusterGitSecrets := .Values.gitExternalSecrets.externalSecrets | default dict }}
12-
{{/*Merging Git External Secrets*/}}
13-
{{- $mergedSecrets := merge $clusterGitSecrets $globalGitSecrets }}
148

15-
{{- range $externalSecretName, $externalSecret := $mergedSecrets }}
9+
{{- range $externalSecretName, $externalSecret := $clusterGitSecrets }}
1610
apiVersion: external-secrets.io/v1
1711
kind: ExternalSecret
1812
metadata:
1913
name: {{ $externalSecretName }}
2014
spec:
2115
secretStoreRef:
22-
kind: {{ $secretStoreRefKind }}
23-
name: {{ $secretStoreRefName }}
16+
kind: {{ $externalSecret.secretStoreRefKind | default $secretStoreRefKind }}
17+
name: {{ $externalSecret.secretStoreRefName | default $secretStoreRefName }}
2418
refreshInterval: "1m"
2519
target:
2620
name: {{ $externalSecret.secretName }}
@@ -37,15 +31,13 @@ spec:
3731
{{- else }}
3832
url: "{{`{{ .url }}`}}"
3933
{{- end }}
40-
{{- if $useHttp }}
34+
{{- if $externalSecret.useHttp | default $useHttp }}
4135
username: "{{`{{ .username }}`}}"
4236
password: "{{`{{ .password }}`}}"
43-
{{- end }}
44-
{{- if $usePrivateKey }}
37+
{{- else if $externalSecret.usePrivateKey | default $usePrivateKey }}
4538
insecureIgnoreHostKey: "true"
4639
sshPrivateKey: "{{`{{ .private_key }}`}}"
47-
{{- end }}
48-
{{- if $useGitHubApp }}
40+
{{- else if $externalSecret.useGitHubApp | default $useGitHubApp }}
4941
githubAppID: "{{`{{ .github_app_id }}`}}"
5042
githubAppInstallationID: "{{`{{ .github_app_installation_id }}`}}"
5143
githubAppPrivateKey: "{{`{{ .github_private_key }}`}}"

charts/fleet-secret/values.yaml

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,5 @@
11
# Example of global values to append if we want to add more endpoints withough replciation
22
global:
3-
gitExternalSecrets:
4-
useGitHubApp: true
5-
secretStoreRefName: fleet-git-eks-secret-store
6-
secretStoreRefKind: SecretStore
7-
externalSecrets: {}
8-
93
# ecrAuthenticationToken:
104
# registry_endpoints:
115
# - 1234456698772.dkr.ecr.eu-west-2.amazonaws.com
@@ -23,6 +17,19 @@ gitExternalSecrets:
2317
secretStoreRefName: fleet-git-eks-secret-store
2418
secretStoreRefKind: SecretStore
2519
externalSecrets: {}
20+
# We can overwrite above values on the cluster secret level
21+
# Example:
22+
# externalSecrets:
23+
# addons:
24+
# secretName: git-addons
25+
# secretManagerSecretName: shared/addons
26+
# secretType: repository
27+
# resources:
28+
# secretName: git-resources
29+
# secretStoreRefName: cluster-git-eks-secret-store
30+
# secretStoreRefKind: ClusterSecretStore
31+
# secretManagerSecretName: shared/resources
32+
# secretType: repository
2633

2734
externalSecret:
2835
enabled: false

0 commit comments

Comments
 (0)