refactor: cert secrets list

ericpaulsen · ericpaulsen · commit c133461ee098 · 2022-10-19T10:35:35.000-05:00
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
@@ -86,7 +86,7 @@ Scheme
 Coder volume definitions.
 */}}
 {{- define "coder.volumes" }}
-{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName }}
+{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName .Values.coder.certs.secretNames }}
 volumes:
 {{ range $secretName := .Values.coder.tls.secretNames -}}
 - name: "tls-{{ $secretName }}"
@@ -98,21 +98,21 @@ volumes:
   secret:
     secretName: {{ .Values.coder.tls.secretName | quote }}
 {{- end }}
-{{- if .Values.coder.certs.secret.name }}
-- name: {{ .Values.coder.certs.secret.name | quote }}
+{{ range $certSecretNames := .Values.coder.certs.secretNames -}}
+- name: {{ $certSecretNames | quote }}
   secret:
-    secretName: {{ .Values.coder.certs.secret.name | quote }}
-{{- end }}
+    secretName: {{ $certSecretNames | quote }}
+{{ end -}}
 {{- else }}
-volumes: {{ if and (not .Values.coder.tls.secretNames) (not .Values.coder.tls.secretName) }}[]{{ end }}
+volumes: {{ if and (not .Values.coder.tls.secretNames) (not .Values.coder.tls.secretName) (not .Values.coder.certs.secretNames) }}[]{{ end }}
 {{- end }}
 {{- end }}
 
 {{/*
 Coder volume mounts.
 */}}
 {{- define "coder.volumeMounts" }}
-{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName }}
+{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName .Values.coder.certs.secretNames }}
 volumeMounts:
 {{ range $secretName := .Values.coder.tls.secretNames -}}
 - name: "tls-{{ $secretName }}"
@@ -124,12 +124,11 @@ volumeMounts:
   mountPath: "/etc/ssl/certs/coder/{{ .Values.coder.tls.secretName }}"
   readOnly: true
 {{- end }}
-{{- if .Values.coder.certs.secret.name }}
-- name: {{ .Values.coder.certs.secret.name | quote }}
-  mountPath: /etc/ssl/certs/{{ .Values.coder.certs.secret.key }}
-  subPath: {{ .Values.coder.certs.secret.key | quote }}
+{{ range $certSecretNames := .Values.coder.certs.secretNames -}}
+- name: {{ $certSecretNames | quote }}
+  mountPath: "/etc/ssl/certs/{{ $certSecretName }}"
 	readOnly: true
-{{- end }}
+{{ end }}
 {{- else }}
 volumeMounts: []
 {{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -70,11 +70,10 @@ coder:
 
   # coder.certs -- Certificate to mount inside the Coder pod (e.g. CA bundle).
   certs:
-    secret:
-      # coder.certs.secret.name -- Name of the secret.
-      name: ""
-      # coder.certs.secret.key -- Key pointing to a certificate in the secret.
-      key: ""
+    # coder.certs.secretNames -- A list of CA certificate secrets to mount into
+    # the Coder pod. The secrets should exist in the same namespace as the Helm
+    # deployment.
+    secretNames: []
 
   # coder.service -- The Service object to expose for Coder.
   service:
