Access key secret only if provided, and projected secret

sysdiglabs · Aug 18, 2023 · 44cbafd · 44cbafd
1 parent 4d6c66f
commit 44cbafd
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 8 deletions.
diff --git a/charts/admission-controller/templates/webhook/deployment.yaml b/charts/admission-controller/templates/webhook/deployment.yaml
@@ -161,12 +161,18 @@ spec:
       volumes:
         {{- if .Values.features.kspmAdmissionController }}
         - name: configs
+          {{- if (include "sysdig.accessKey" .) }}
           secret:
-            {{- if (include "sysdig.accessKey" .) }}
             secretName: {{ include "admissionController.webhook.fullname" . }}-access-key
-            {{- else }}
-            secretName: {{ include "sysdig.existingAccessKeySecret" . }}
-            {{- end }}
+          {{- else }}
+          projected:
+            sources:
+            - secret:
+                name: {{ include "sysdig.existingAccessKeySecret" . }}
+                items:
+                - key: access-key
+                  path: access_key
+          {{- end }}
         {{- end }}
         - name: cert
           secret:

diff --git a/charts/admission-controller/templates/webhook/secret.yaml b/charts/admission-controller/templates/webhook/secret.yaml
@@ -27,7 +27,7 @@ data:
   {{- end }}
 {{- end }}
 ---
-{{- if .Values.features.kspmAdmissionController }}
+{{- if (and .Values.features.kspmAdmissionController (include "sysdig.accessKey" .)) }}
 apiVersion: v1
 kind: Secret
 metadata:

diff --git a/charts/admission-controller/tests/global_overrides_test.yaml b/charts/admission-controller/tests/global_overrides_test.yaml
@@ -193,7 +193,7 @@ tests:
       version: 0.7.3
     asserts:
       - equal:
-          path: spec.template.spec.volumes[0].secret.secretName
+          path: spec.template.spec.volumes[0].projected.sources[0].secret.name
           value: some-secret
         template: webhook/deployment.yaml
 
@@ -213,7 +213,7 @@ tests:
       version: 0.7.3
     asserts:
       - equal:
-          path: spec.template.spec.volumes[0].secret.secretName
+          path: spec.template.spec.volumes[0].projected.sources[0].secret.name
           value: override-secret
         template: webhook/deployment.yaml
 
@@ -232,7 +232,7 @@ tests:
       version: 0.7.3
     asserts:
       - equal:
-          path: spec.template.spec.volumes[0].secret.secretName
+          path: spec.template.spec.volumes[0].projected.sources[0].secret.name
           value: some-secret
         template: webhook/deployment.yaml