feat: add ability to use an existing secret

CrowdStrike · Jun 17, 2024 · 534a9a7 · 534a9a7
1 parent 98ee8ea
commit 534a9a7
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 3 deletions.
diff --git a/helm-charts/falcon-integration-gateway/templates/configmap.yaml b/helm-charts/falcon-integration-gateway/templates/configmap.yaml
@@ -110,6 +110,9 @@ data:
 
     # Uncomment to provide Secrets Manager secret name. Alternatively, use SECRETS_MANAGER_SECRET_NAME env variable.
     #secrets_manager_secret_name = falcon/fig/credentials
+    {{- if .Values.credentials_store.secrets_manager.secret_name }}
+    secrets_manager_secret_name = {{ .Values.credentials_store.secrets_manager.secret_name }}
+    {{- end }}
 
     # Uncomment to provide Secrets Manager client id key. Alternatively, use SECRETS_MANAGER_CLIENT_ID_KEY env variable.
     #secrets_manager_client_id_key = client_id

diff --git a/helm-charts/falcon-integration-gateway/templates/deployment.yaml b/helm-charts/falcon-integration-gateway/templates/deployment.yaml
@@ -42,7 +42,11 @@ spec:
               subPath: config.ini
           envFrom:
           - secretRef:
+              {{- if .Values.falcon.existingSecret }}
+              name: {{ .Values.falcon.existingSecret }}
+              {{- else }}
               name: {{ include "falcon-integration-gateway.fullname" . }}-creds
+              {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           command:

diff --git a/helm-charts/falcon-integration-gateway/templates/secret.yaml b/helm-charts/falcon-integration-gateway/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.falcon.existingSecret -}}
 apiVersion: v1
 kind: Secret
 type: Opaque
@@ -10,9 +11,6 @@ data:
   FALCON_CLIENT_ID: {{ .Values.falcon.client_id | b64enc }}
   FALCON_CLIENT_SECRET: {{ .Values.falcon.client_secret | b64enc }}
   FALCON_CLOUD_REGION: {{ .Values.falcon.cloud_region | b64enc }}
-{{- if .Values.credentials_store.secrets_manager.secret_name }}
-  SECRETS_MANAGER_SECRET_NAME: {{ .Values.credentials_store.secrets_manager.secret_name | b64enc }}
-{{- end }}
 {{- if .Values.push.azure_log_analytics.enabled }}
   WORKSPACE_ID: {{ .Values.push.azure_log_analytics.workspace_id | b64enc }}
   PRIMARY_KEY: {{ .Values.push.azure_log_analytics.primary_key | b64enc }}
@@ -26,3 +24,4 @@ data:
 {{- if .Values.push.vmware_workspace_one.enabled }}
   WORKSPACEONE_TOKEN: {{ .Values.push.vmware_workspace_one.token | b64enc }}
 {{- end }}
+{{- end }}
diff --git a/helm-charts/falcon-integration-gateway/values.schema.json b/helm-charts/falcon-integration-gateway/values.schema.json
@@ -42,6 +42,9 @@
                         "us-gov-1"
                     ]
                 },
+                "existingSecret": {
+                    "type": "string"
+                },
                 "integration_gateway": {
                     "type": "object",
                     "properties": {

diff --git a/helm-charts/falcon-integration-gateway/values.yaml b/helm-charts/falcon-integration-gateway/values.yaml
@@ -67,6 +67,11 @@ falcon:
   client_secret:
   cloud_region:
 
+  # Use this value if you have an existing secret
+  # defined in your k8s that may contain secrets
+  # for falcon api client id and pw
+  existingSecret: ""
+
   integration_gateway:
     # Configure number of threads that process Falcon Events
     worker_threads: 4