Added vault secret support to template chart and updated README

helm/template/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: template
 description: A Helm library chart containing common templates, keeping application templates short
 type: library
-version: 0.1.25
+version: 0.2.0
 maintainers:
   - name: Jim Martens
     url: https://2martens.de
@@ -11,7 +11,7 @@ sources:
 annotations:
   artifacthub.io/changes: |
     - kind: added
-      description: Added namespace selector
+      description: Added support for Vault Secrets
   artifacthub.io/signKey: |
     fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
     url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc

helm/template/README.md

@@ -54,9 +54,13 @@ NOTES.txt
 {{- end }}
 ```
 
+podmonitor.yaml:
+
+```yaml
+{ { - include "template.podmonitor" . - } }
+```
+
 secret.yaml:
-If you want to use external secrets, you MUST NOT include the secret
-template but implement it yourself. 
 ```yaml
 {{- include "template.secret" . -}}
 ```
@@ -71,6 +75,12 @@ serviceaccount.yaml
 {{- include "template.serviceAccount" . -}}
 ```
 
+vault-secrets-app.yaml
+
+```yaml
+{ { - include "template.vaultSecretsApp" . - } }
+```
+
 tests/test-connection.yaml
 ```yaml
 apiVersion: v1

helm/template/_templates/vault-secrets-app.yaml

@@ -0,0 +1 @@
+{ { - include "template.vaultSecretsApp" . - } }

helm/template/_values.yaml

@@ -136,6 +136,17 @@ autoscaling:
   targetCPUUtilizationPercentage: 80
   # targetMemoryUtilizationPercentage: 80
 
+vault:
+  enabled: false
+  # name of the Vault secrets applications
+  applicationName: ""
+  # id of the organization in Vault secrets
+  organizationId: ""
+  # id of the project in Vault secrets
+  projectId: ""
+  # if not provided, vault-secrets-operator-system will be used
+  operatorNamespace: ""
+
 # Configure nodeSelector, contents will be added verbatim to key nodeSelector in deployment pod template
 nodeSelector: {}
 

helm/template/templates/_secret.yaml

@@ -1,5 +1,5 @@
 {{- define "template.secret" -}}
-{{- if .Values.secrets }}
+{{- if and .Values.secrets (not .Values.vault.enabled) }}
 apiVersion: v1
 kind: Secret
 metadata:

helm/template/templates/_vault-secrets-app.yaml

@@ -0,0 +1,21 @@
+{{- define "template.vaultSecretsApp" -}}
+{{- if .Values.vault.enabled }}
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: HCPVaultSecretsApp
+metadata:
+  name: {{ include "template.fullname" . }}
+  namespace: {{ .Values.vault.operatorNamespace | default "vault-secrets-operator-system" }}
+  labels:
+    {{- include "template.labels" . | nindent 4 }}
+spec:
+  appName: {{ .Values.vault.applicationName }}
+  hcpAuthRef: {{ .Values.vault.operatorNamespace | default "vault-secrets-operator-system" }}/hcp-auth
+  destination:
+    create: true
+    labels:
+      {{- include "template.labels" . | nindent 6 }}
+      hvs: "true"
+    name: {{ include "template.fullname" . }}
+  refreshAfter: 1h
+{{- end }}
+{{- end }}