diff --git a/helm-charts/splunk-otel-collector/templates/secret-validation-hook.yaml b/helm-charts/splunk-otel-collector/templates/secret-validation-hook.yaml new file mode 100644 index 0000000000..494c9e04cd --- /dev/null +++ b/helm-charts/splunk-otel-collector/templates/secret-validation-hook.yaml @@ -0,0 +1,45 @@ +{{- if not .Values.secret.create }} +# Helm hook validating that custom secret provided by user has all the required +# fields. +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "splunk-otel-collector.fullname" . }}-validate-secret + labels: + {{- include "splunk-otel-collector.commonLabels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: validate-secret + image: {{ template "splunk-otel-collector.image.otelcol" . }} + imagePullPolicy: {{ .Values.image.otelcol.pullPolicy }} + command: ["sh", "-c"] + args: + - if [ "{{ include "splunk-otel-collector.splunkO11yEnabled" . }}" = "true" ] && [ ! -f /otel/secret/splunk_observability_access_token ]; then + echo Splunk Observability destination is enabled, but custom\ + Kubernetes secret \"{{ template "splunk-otel-collector.secret" . }}\"\ + doesn\'t have required field \"splunk_observability_access_token\".; + export TOKEN_INVALID=true; + fi; + if [ "{{ include "splunk-otel-collector.splunkPlatformEnabled" . }}" = "true" ] && [ ! -f /otel/secret/splunk_platform_hec_token ]; then + echo Splunk Platform destination is enabled, but custom Kubernetes\ + secret \"{{ template "splunk-otel-collector.secret" . }}\" doesn\'t\ + have required field \"splunk_platform_hec_token\".; + export TOKEN_INVALID=true; + fi; + if [ "$TOKEN_INVALID" = "true" ]; then + echo Please update the secret.; + exit 1; + fi + volumeMounts: + - name: secret + mountPath: /otel/secret + readOnly: true + volumes: + - name: secret + secret: + secretName: {{ template "splunk-otel-collector.secret" . }} +{{- end }}