From ffe54ab52c325c9321457768ad49e23adeef4813 Mon Sep 17 00:00:00 2001
From: Gabriel Simmer <g@gmem.ca>
Date: Wed, 28 Jun 2023 20:50:16 +0100
Subject: [PATCH 1/2] Add support for "existing secrets"

---
 README.md                          | 2 ++
 templates/deployment.webhooks.yaml | 6 +++---
 templates/deployment.worker.yaml   | 6 +++---
 templates/deployment.yaml          | 4 ++--
 values.yaml                        | 2 +-
 5 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 1fa1969..9cebcb1 100644
--- a/README.md
+++ b/README.md
@@ -112,6 +112,8 @@ config: # Dict with all n8n config options
 #      postgresdb:
 #        database: n8n
 #        host: localhost
+#
+# existingSecret: "" # Use an existing Kubernetes secret, e.g created by hand or Vault operator.
 secret: # Dict with all n8n config options, unlike config the values here will end up in a secret.
 #    database:
 #      postgresdb:
diff --git a/templates/deployment.webhooks.yaml b/templates/deployment.webhooks.yaml
index 7423e93..c8ba997 100644
--- a/templates/deployment.webhooks.yaml
+++ b/templates/deployment.webhooks.yaml
@@ -84,12 +84,12 @@ spec:
           configMap:
             name: {{ include "n8n.fullname" . }}
         {{- end }}
-        {{- if .Values.secret }}
+        {{- if or (.Values.secret) (.Values.existingSecret) }}
         - name: secret-volume
           secret:
-            secretName: {{ include "n8n.fullname" . }}
+            secretName: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ include "n8n.fullname" . }}{{ end }}
             items:
               - key: "secret.json"
                 path: "secret.json"
         {{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/templates/deployment.worker.yaml b/templates/deployment.worker.yaml
index d6d9629..87c30ba 100644
--- a/templates/deployment.worker.yaml
+++ b/templates/deployment.worker.yaml
@@ -84,12 +84,12 @@ spec:
           configMap:
             name: {{ include "n8n.fullname" . }}
         {{- end }}
-        {{- if .Values.secret }}
+        {{- if or (.Values.secret) (.Values.existingSecret) }}
         - name: secret-volume
           secret:
-            secretName: {{ include "n8n.fullname" . }}
+            secretName: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ include "n8n.fullname" . }}{{ end }}
             items:
               - key: "secret.json"
                 path: "secret.json"
         {{- end }}
-  {{- end }}
\ No newline at end of file
+  {{- end }}
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
index 1caeedf..3222f6c 100644
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@@ -91,10 +91,10 @@ spec:
           configMap:
             name: {{ include "n8n.fullname" . }}
         {{- end }}
-        {{- if .Values.secret }}
+        {{- if or (.Values.secret) (.Values.existingSecret) }}
         - name: secret-volume
           secret:
-            secretName: {{ include "n8n.fullname" . }}
+            secretName: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ include "n8n.fullname" . }}{{ end }}
             items:
               - key: "secret.json"
                 path: "secret.json"
diff --git a/values.yaml b/values.yaml
index dcdf31d..cf44dae 100644
--- a/values.yaml
+++ b/values.yaml
@@ -9,7 +9,7 @@ config:
     pruneData: "true" # prune executions by default
     pruneDataMaxAge: 3760 # Per defaut we store 1 year of history
 
-    
+# existingSecret: "" # Use an existing Kubernetes secret, e.g created by hand or Vault operator.
 secret: # Dict with all n8n json config options, unlike config the values here will end up in a secret.
 
 # Typical Example of a config in combination with a secret.

From 52556ed2b0b0185080255e9181a0991441863f1d Mon Sep 17 00:00:00 2001
From: Gabriel Simmer <g@gmem.ca>
Date: Thu, 29 Jun 2023 09:15:31 +0100
Subject: [PATCH 2/2] Clarify use of existingSecret

---
 README.md   | 1 +
 values.yaml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 9cebcb1..dfaf9c1 100644
--- a/README.md
+++ b/README.md
@@ -113,6 +113,7 @@ config: # Dict with all n8n config options
 #        database: n8n
 #        host: localhost
 #
+# existingSecret and secret are exclusive, with existingSecret taking priority.
 # existingSecret: "" # Use an existing Kubernetes secret, e.g created by hand or Vault operator.
 secret: # Dict with all n8n config options, unlike config the values here will end up in a secret.
 #    database:
diff --git a/values.yaml b/values.yaml
index cf44dae..f195e13 100644
--- a/values.yaml
+++ b/values.yaml
@@ -9,6 +9,7 @@ config:
     pruneData: "true" # prune executions by default
     pruneDataMaxAge: 3760 # Per defaut we store 1 year of history
 
+# existingSecret and secret are exclusive, with existingSecret taking priority.
 # existingSecret: "" # Use an existing Kubernetes secret, e.g created by hand or Vault operator.
 secret: # Dict with all n8n json config options, unlike config the values here will end up in a secret.