diff --git a/charts/pdp/Chart.yaml b/charts/pdp/Chart.yaml index ac9815e2..63a8ae85 100644 --- a/charts/pdp/Chart.yaml +++ b/charts/pdp/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: pdp description: An official Helm chart for Permit.io PDP (Policy Decision Point) with OpenShift support and configurable ports -version: 0.0.6 +version: 0.0.7 keywords: - policy - authorization diff --git a/charts/pdp/templates/deployment.yaml b/charts/pdp/templates/deployment.yaml index 214cea11..4179e14b 100644 --- a/charts/pdp/templates/deployment.yaml +++ b/charts/pdp/templates/deployment.yaml @@ -50,11 +50,13 @@ spec: containerPort: {{ .targetPort }} {{- end }} env: + {{- if not .Values.pdp.userProvidedSecret }} - name: PDP_API_KEY valueFrom: secretKeyRef: name: {{ include "pdp.secretName" . }} key: {{ include "pdp.secretKey" . }} + {{- end }} {{- if .Values.pdp.pdpEnvs }} {{- range .Values.pdp.pdpEnvs }} - name: {{ .name }} diff --git a/charts/pdp/templates/secret.yaml b/charts/pdp/templates/secret.yaml index b3b1f650..a768b540 100644 --- a/charts/pdp/templates/secret.yaml +++ b/charts/pdp/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.pdp.existingApiKeySecret }} +{{- if and (not .Values.pdp.existingApiKeySecret) (not .Values.pdp.userProvidedSecret) }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/pdp/values.yaml b/charts/pdp/values.yaml index 49aebdf7..50059954 100644 --- a/charts/pdp/values.yaml +++ b/charts/pdp/values.yaml @@ -17,6 +17,10 @@ pdp: # existingApiKeySecret: # name: "my-existing-secret" # key: "api-key" + + # Set to true to skip creating and mounting an API key secret. + # Use this when PDP_API_KEY is injected through pdpEnvs or another external mechanism. + userProvidedSecret: false port: 7766 # Example - expose Envoy gRPC ext_authz port (requires PDP_OPA_PLUGINS env var above): # additionalPorts: