fix: use existing secret

chart/README.md

@@ -16,8 +16,10 @@ Helm Chart to install External Secrets, our secret operator, and SecretStore to
 |-----|------|---------|-------------|
 | external-secrets | object | `{"certController":{"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"50m","memory":"128Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}},"installCRDs":true,"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"50m","memory":"128Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"serviceMonitor":{"enabled":true},"webhook":{"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"50m","memory":"128Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}}}` | External Secrets Configuration. See [External Secrets Operator Documentation](https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets) |
 | podSecurityContext | object | `{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for PodSecurityContext |
-| rootToken | object | `{"key":"DOPPLER_TOKEN","value":""}` | The Root Doppler Token for deploying SecretStore |
+| rootToken | object | `{"create":false,"key":"DOPPLER_TOKEN","name":"root-token","value":""}` | The Root Doppler Token for deploying SecretStore |
+| rootToken.create | bool | `false` | To create the secret or use existing secret |
 | rootToken.key | string | `"DOPPLER_TOKEN"` | The Kubernetes Secret Key holding the Root Doppler Token |
+| rootToken.name | string | `"root-token"` | Name of secret to be created |
 | rootToken.value | string | `""` | The Root Doppler Token Value for deploying SecretStore. This value is sensitive |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for SecurityContext |
 | serviceTree | object | `{"layer":"1","platform":"sulfoxide","service":"chlorine"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) |

chart/templates/secret.yaml

@@ -1,11 +1,13 @@
+{{- if .Values.rootToken.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "sulfoxide-cobalt.fullname" . }}
+  name: {{ .Values.rootToken.name }}
   labels: {{- include "sulfoxide-cobalt.labels" . | nindent 4 }}
-    atomi.cloud/module: "credentials"
   annotations: {{- include "sulfoxide-cobalt.annotations" . | nindent 4 }}
-    atomi.cloud/module: "credentials"
 type: Opaque
 data:
-  "{{ .Values.rootToken.key }}": "{{ .Values.rootToken.value | b64enc }}"
+  "{{ .Values.rootToken.key }}": "{{ .Values.rootToken.value | b64enc }}"
+{{- end }}
+
+

chart/templates/secret_store.yaml

@@ -13,6 +13,6 @@ spec:
       auth:
         secretRef:
           dopplerToken:
-            name: {{ include "sulfoxide-cobalt.fullname" . }}
+            name: {{ .Values.rootToken.name }}
             key: {{ .Values.rootToken.key }}
             namespace: {{ .Release.Namespace }}

chart/values.pichu.opal.yaml

@@ -6,9 +6,6 @@ tags: &tags
   atomi.cloud/landscape: *landscape
   atomi.cloud/cluster: *cluster
 
-rootToken:
-  value: "supersecret"
-
 external-secrets:
   podAnnotations:
     <<: *tags

chart/values.pikachu.opal.yaml

@@ -6,9 +6,6 @@ tags: &tags
   atomi.cloud/landscape: *landscape
   atomi.cloud/cluster: *cluster
 
-rootToken:
-  value: "supersecret"
-
 external-secrets:
   podAnnotations:
     <<: *tags

chart/values.raichu.opal.yaml

@@ -6,9 +6,6 @@ tags: &tags
   atomi.cloud/landscape: *landscape
   atomi.cloud/cluster: *cluster
 
-rootToken:
-  value: "supersecret"
-
 external-secrets:
   podAnnotations:
     <<: *tags

chart/values.yaml

@@ -30,11 +30,16 @@ securityContext: &securityContext
 
 # -- The Root Doppler Token for deploying SecretStore
 rootToken:
+  # -- To create the secret or use existing secret
+  create: false
+  # -- Name of secret to be created
+  name: root-token
   # -- The Kubernetes Secret Key holding the Root Doppler Token
   key: "DOPPLER_TOKEN"
   # -- The Root Doppler Token Value for deploying SecretStore. This value is sensitive
   value: ""
 
+
 # -- The name of the doppler ClusterSecretStore that is going to be deployed
 storeName: doppler