feat: add external secrets CRDs to ai service (#287)

Author: caiomede-tk

charts/testkube-ai-service/templates/deployment.yaml

@@ -99,6 +99,15 @@ spec:
             - name: SSL_CERT_DIR
               value: "{{ $certsDir }}"
             {{- end }}
+            {{- if .Values.externalSecrets.enabled -}}
+            {{- range $key, $value := .Values.externalSecrets.keys }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  key: {{ $value }}
+                  name: ai-service-external-secrets
+            {{ end }}
+            {{- end}}
             {{- with .Values.additionalEnvVars }}
             {{- toYaml . | nindent 12 }}
             {{- end }}

charts/testkube-ai-service/templates/external-secret.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.externalSecrets.enabled -}}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ai-service-external-secrets
+spec:
+  data:
+{{- range $key, $value := .Values.externalSecrets.keys }}
+  - remoteRef:
+      key: {{ $key }}
+    secretKey: {{ $value }}
+{{ end }}
+  refreshInterval: {{ .Values.externalSecrets.refreshInterval }}
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: {{ .Values.externalSecrets.clusterSecretStoreName }}
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: ai-service-external-secrets
+{{- end }}

charts/testkube-ai-service/values.yaml

@@ -139,3 +139,13 @@ podDisruptionBudget:
   minAvailable: ""
   # -- (int/percentage) Number or percentage of pods that can be unavailable.
   maxUnavailable: ""
+# -- Retrieve secrets from external sources using [External Secrets Operator](https://external-secrets.io/)
+externalSecrets:
+  # -- Enable the use of external secrets
+  enabled: false
+  # -- Refresh interval for external secrets
+  refreshInterval: 5m
+  # -- Cluster Secret Store name
+  clusterSecretStoreName: secret-store
+  # -- Key/value secrets to be retrieved from the external secret store
+  keys: {}