Avoid creating Tuf objects if there is no secrets

Signed-off-by: Carlos Vega <[email protected]>
sigstore · Sep 26, 2024 · 0bd3586 · 0bd3586
1 parent 89630d3
commit 0bd3586
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 16 deletions.
diff --git a/charts/tuf/templates/_helpers.tpl b/charts/tuf/templates/_helpers.tpl
@@ -84,4 +84,24 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- define "tuf.metaLabels" -}}
 helm.sh/chart: {{ include "tuf.chart" . }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Check number of TUF secrets
+*/}}
+{{- define "tuf.enabledSecretsCount" -}}
+{{- $count := 0 -}}
+{{- if (eq .Values.secrets.rekor.enabled true) -}}
+  {{- $count = add $count 1 -}}
+{{- end -}}
+{{- if (eq .Values.secrets.fulcio.enabled true) -}}
+  {{- $count = add $count 1 -}}
+{{- end -}}
+{{- if (eq .Values.secrets.ctlog.enabled true) -}}
+  {{- $count = add $count 1 -}}
+{{- end -}}
+{{- if (eq .Values.secrets.tsa.enabled true) -}}
+  {{- $count = add $count 1 -}}
+{{- end -}}
+{{- $count -}}
 {{- end -}}
diff --git a/charts/tuf/templates/deployment.yaml b/charts/tuf/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{- if ne (include "tuf.enabledSecretsCount" .) "0" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -80,15 +81,4 @@ spec:
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
     {{- end }}
-    {{- if .Values.deployment.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.deployment.nodeSelector | indent 8 }}
-    {{- end }}
-    {{- if .Values.deployment.tolerations }}
-      tolerations:
-{{ toYaml .Values.deployment.tolerations | indent 8 }}
-    {{- end }}
-    {{- if .Values.deployment.affinity }}
-      affinity:
-{{ toYaml .Values.deployment.affinity | indent 8 }}
-    {{- end }}
+{{- end }}
diff --git a/charts/tuf/templates/ingress.yaml b/charts/tuf/templates/ingress.yaml
@@ -1,4 +1,5 @@
 {{- if .Values.ingress.create }}
+{{- if ne (include "tuf.enabledSecretsCount" .) "0" }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -34,3 +35,4 @@ spec:
     {{- end }}
 {{- end -}}
 {{- end -}}
+{{- end -}}
diff --git a/charts/tuf/templates/namespace.yaml b/charts/tuf/templates/namespace.yaml
@@ -1,6 +1,8 @@
 {{- if .Values.namespace.create }}
+{{- if ne (include "tuf.enabledSecretsCount" .) "0" }}
 apiVersion: v1
 kind: Namespace
 metadata:
   name: {{ .Values.namespace.name }}
+{{- end }}
 {{- end }}
diff --git a/charts/tuf/templates/role.yaml b/charts/tuf/templates/role.yaml
@@ -1,3 +1,4 @@
+{{- if ne (include "tuf.enabledSecretsCount" .) "0" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -6,4 +7,5 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    verbs: ["create", "get", "update"]
+    verbs: ["create", "get", "update"]
+{{- end }}
diff --git a/charts/tuf/templates/rolebinding.yaml b/charts/tuf/templates/rolebinding.yaml
@@ -1,3 +1,4 @@
+{{- if ne (include "tuf.enabledSecretsCount" .) "0" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -9,4 +10,5 @@ roleRef:
   name: {{ .Values.roleName }}
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.serviceAccountName }}
+    name: {{ .Values.serviceAccountName }}
+{{- end }}
diff --git a/charts/tuf/templates/service.yaml b/charts/tuf/templates/service.yaml
@@ -1,3 +1,4 @@
+{{- if ne (include "tuf.enabledSecretsCount" .) "0" }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -11,4 +12,5 @@ spec:
     targetPort: {{ .Values.deployment.port }}
   selector:
     {{- include "tuf.matchLabels" . | nindent 4 }}
-  type: ClusterIP
+  type: ClusterIP
+{{- end }}
diff --git a/charts/tuf/templates/serviceaccount.yaml b/charts/tuf/templates/serviceaccount.yaml
@@ -1,5 +1,7 @@
+{{- if ne (include "tuf.enabledSecretsCount" .) "0" }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Values.serviceAccountName }}
-{{ include "tuf.namespace" . | indent 2 }}
+{{ include "tuf.namespace" . | indent 2 }}
+{{- end }}