Add cloudflare.secretRef for custom secrets

This will remove the need to create a secret if the user decides to bring their own secret.
STRRL · Nov 10, 2023 · 6bb1c78 · 6bb1c78
1 parent 95c265e
commit 6bb1c78
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 4 deletions.
diff --git a/helm/cloudflare-tunnel-ingress-controller/templates/deployment.yaml b/helm/cloudflare-tunnel-ingress-controller/templates/deployment.yaml
@@ -43,18 +43,33 @@ spec:
             - name: CLOUDFLARE_API_TOKEN
               valueFrom:
                 secretKeyRef:
+                  {{- if hasKey .Values.cloudflare "secretRef" }}
+                  name: {{ .Values.cloudflare.secretRef.name }}
+                  key: {{ .Values.cloudflare.secretRef.apiTokenKey }}
+                  {{- else }}
                   name: cloudflare-api
                   key: api-token
+                  {{- end }}
             - name: CLOUDFLARE_ACCOUNT_ID
               valueFrom:
                 secretKeyRef:
+                  {{- if hasKey .Values.cloudflare "secretRef" }}
+                  name: {{ .Values.cloudflare.secretRef.name }}
+                  key: {{ .Values.cloudflare.secretRef.accountIDKey }}
+                  {{- else }}
                   name: cloudflare-api
                   key: cloudflare-account-id
+                  {{- end }}
             - name: CLOUDFLARE_TUNNEL_NAME
               valueFrom:
                 secretKeyRef:
+                  {{- if hasKey .Values.cloudflare "secretRef" }}
+                  name: {{ .Values.cloudflare.secretRef.name }}
+                  key: {{ .Values.cloudflare.secretRef.tunnelNameKey }}
+                  {{- else }}
                   name: cloudflare-api
                   key: cloudflare-tunnel-name
+                  {{- end }}
             - name: NAMESPACE
               valueFrom:
                 fieldRef:

diff --git a/helm/cloudflare-tunnel-ingress-controller/templates/secret.yaml b/helm/cloudflare-tunnel-ingress-controller/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{- if not (hasKey .Values.cloudflare "secretRef") }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,3 +7,4 @@ stringData:
   api-token: "{{ .Values.cloudflare.apiToken }}"
   cloudflare-account-id: "{{ .Values.cloudflare.accountId }}"
   cloudflare-tunnel-name: "{{ .Values.cloudflare.tunnelName }}"
+{{- end }}
diff --git a/helm/cloudflare-tunnel-ingress-controller/values.yaml b/helm/cloudflare-tunnel-ingress-controller/values.yaml
@@ -2,11 +2,17 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-
 cloudflare:
-    apiToken: ""
-    accountId: ""
-    tunnelName: ""
+  accountId: ""
+  tunnelName: ""
+  apiToken: ""
+
+  # Uncomment if you would like to use an existing secret instead of the creating a new one.
+  # secretRef:
+  #   name: cloudflare-external-secret
+  #   accountIDKey: account_id
+  #   tunnelNameKey: tunnel_name
+  #   apiTokenKey: api_token
 
 ingressClass:
   name: cloudflare-tunnel