add toggle to bypassSecrets file creation

flatcar · Nov 23, 2021 · 82c55f9 · 82c55f9
1 parent 040a1a2
commit 82c55f9
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/charts/nebraska/README.md b/charts/nebraska/README.md
@@ -70,6 +70,7 @@ $ helm install my-nebraska nebraska/nebraska
 | `config.hostFlatcarPackages.persistence.accessModes`  | PVC Access Mode for PostgreSQL volume                                                                                                | `["ReadWriteOnce"]`                                                     |
 | `config.hostFlatcarPackages.persistence.size`         | PVC Storage Request for PostgreSQL volume                                                                                            | `10Gi`                                                                  |
 | `config.auth.mode`                                    | Authentication mode, available modes: `noop`, `github`, `oidc`                                                                               | `noop`                                                                  |
+| `config.auth.bypassSecrets`                                    | Bypass secrets skips secrets creation so you can bring your own. Be sure to set the appropriate env vars in `extraEnv` if this is enabled. |`false`                                                                               |                                                                   |
 | `config.auth.github.clientID`                         | GitHub client ID used for authentication                                                                                             | `nil`                                                                   |
 | `config.auth.github.clientSecret`                     | GitHub client secret used for authentication                                                                                         | `nil`                                                                   |
 | `config.auth.github.sessionAuthKey`                   | Session secret used for authenticating sessions in cookies used for storing GitHub info , will be generated if none is passed        | `nil`                                                                   |

diff --git a/charts/nebraska/templates/secrets.yaml b/charts/nebraska/templates/secrets.yaml
@@ -13,7 +13,7 @@ data:
   {{- if $useDbPassword }}
   dbPassword: {{ (tpl .Values.config.database.password .) | b64enc }}
   {{- end }}
-  {{- if $useOidcAuth }}
+  {{- if and ($useOidcAuth) (ne .Values.config.auth.bypassSecrets true) }}
   oidcClientID: {{ required "A valid 'clientId' is required when using oidc authentication" .Values.config.auth.oidc.clientID | toString | b64enc }}
   oidcClientSecret: {{ required "A valid 'clientSecret' is required when using oidc authentication" .Values.config.auth.oidc.clientSecret | toString | b64enc }}
     {{- with .Values.config.auth.oidc.sessionAuthKey }}
@@ -23,7 +23,7 @@ data:
   oidcSessionCryptKey: {{ . | toString | b64enc }}
     {{- end }}
   {{- end }}
-  {{- if $useGhAuth }}
+  {{- if and ($useGhAuth) (ne .Values.config.auth.bypassSecrets true) }}
   ghClientSecret: {{ required "A valid 'clientSecret' is required when using github authentication." .Values.config.auth.github.clientSecret | toString | b64enc }}
   ghSessionAuthKey: {{ required "A valid 'sessionAuthKey' is required when using github authentication." .Values.config.auth.github.sessionAuthKey | toString | b64enc }}
   ghSessionCryptKey: {{ required "A valid 'sessionCryptKey' is required when using github authentication." .Values.config.auth.github.sessionCryptKey | toString | b64enc }}

diff --git a/charts/nebraska/values.yaml b/charts/nebraska/values.yaml
@@ -41,6 +41,7 @@ config:
 
   auth:
     mode: noop
+    bypassSecrets: false
     oidc:
       clientID:
       clientSecret: