The home for Hyperlane core contracts, sdk packages, and other infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hyperlane-monorepo/rust/helm/abacus-agent/templates/external-secret.yaml

78 lines
2.9 KiB

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ include "abacus-agent.fullname" . }}-external-secret
labels:
{{- include "abacus-agent.labels" . | nindent 4 }}
annotations:
update-on-redeploy: "{{ now }}"
spec:
secretStoreRef:
name: {{ include "abacus-agent.cluster-secret-store.name" . }}
kind: ClusterSecretStore
refreshInterval: "1h"
# The secret that will be created
target:
name: {{ include "abacus-agent.fullname" . }}-secret
template:
type: Opaque
metadata:
labels:
{{- include "abacus-agent.labels" . | nindent 10 }}
data:
{{/* RPC URLs */}}
{{- if eq .Values.abacus.outboxChain.connection.type "httpQuorum" }}
ABC_BASE_OUTBOX_CONNECTION_URLS: {{ print "'{{ .outbox_rpcs | fromJson | join \",\" }}'" }}
{{- else }}
ABC_BASE_OUTBOX_CONNECTION_URL: {{ print "'{{ .outbox_rpc | toString }}'" }}
{{- end }}
{{- if .Values.abacus.gelatoApiKeyRequired }}
ABC_BASE_GELATO_SPONSORAPIKEY: {{ print "'{{ .gelato_sponsor_api_key | toString }}'" }}
{{- end }}
{{- /*
* For each network, create an environment variable with the RPC endpoint.
* The templating of external-secrets will use the data section below to know how
* to replace the correct value in the created secret.
*/}}
{{- range .Values.abacus.inboxChains }}
{{- if not .disabled }}
{{- if eq .connection.type "httpQuorum" }}
ABC_BASE_INBOXES_{{ .name | upper }}_CONNECTION_URLS: {{ printf "'{{ .%s_rpcs | fromJson | join \",\" }}'" .name }}
{{- else }}
ABC_BASE_INBOXES_{{ .name | upper }}_CONNECTION_URL: {{ printf "'{{ .%s_rpc | toString }}'" .name }}
{{- end }}
{{- end }}
{{- end }}
data:
{{- if eq .Values.abacus.outboxChain.connection.type "httpQuorum" }}
- secretKey: outbox_rpcs
remoteRef:
key: {{ printf "%s-rpc-endpoints-%s" .Values.abacus.runEnv .Values.abacus.outboxChain.name }}
{{- else }}
- secretKey: outbox_rpc
remoteRef:
key: {{ printf "%s-rpc-endpoint-%s" .Values.abacus.runEnv .Values.abacus.outboxChain.name }}
{{- end }}
{{- if .Values.abacus.gelatoApiKeyRequired }}
- secretKey: gelato_sponsor_api_key
remoteRef:
key: {{ printf "%s-gelato-api-key" .Values.abacus.runEnv }}
{{- end }}
{{- /*
* For each network, load the secret in GCP secret manager with the form: environment-rpc-endpoint-network,
* and associate it with the secret key networkname_rpc.
*/}}
{{- range .Values.abacus.inboxChains }}
{{- if not .disabled }}
{{- if eq .connection.type "httpQuorum" }}
- secretKey: {{ printf "%s_rpcs" .name }}
remoteRef:
key: {{ printf "%s-rpc-endpoints-%s" $.Values.abacus.runEnv .name }}
{{- else }}
- secretKey: {{ printf "%s_rpc" .name }}
remoteRef:
key: {{ printf "%s-rpc-endpoint-%s" $.Values.abacus.runEnv .name }}
{{- end }}
{{- end }}
{{- end }}