From 4dee3e6e041ce2acbc7c1abbd39db85ad9a399b8 Mon Sep 17 00:00:00 2001
From: rkevin <rk@rkevin.dev>
Date: Mon, 10 Nov 2025 20:30:41 -0800
Subject: [PATCH] helm: add existingRpcSecret option

---
 script/helm/garage/templates/_helpers.tpl | 2 +-
 script/helm/garage/templates/secret.yaml  | 2 ++
 script/helm/garage/values.yaml            | 4 ++++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/script/helm/garage/templates/_helpers.tpl b/script/helm/garage/templates/_helpers.tpl
index f56060b0..187e1223 100644
--- a/script/helm/garage/templates/_helpers.tpl
+++ b/script/helm/garage/templates/_helpers.tpl
@@ -27,7 +27,7 @@ If release name contains chart name it will be used as a full name.
 Create the name of the rpc secret
 */}}
 {{- define "garage.rpcSecretName" -}}
-{{- printf "%s-rpc-secret" (include "garage.fullname" .) -}}
+{{- .Values.garage.existingRpcSecret | default (printf "%s-rpc-secret" (include "garage.fullname" .)) -}}
 {{- end }}
 
 {{/*
diff --git a/script/helm/garage/templates/secret.yaml b/script/helm/garage/templates/secret.yaml
index 54749424..c0c45b93 100644
--- a/script/helm/garage/templates/secret.yaml
+++ b/script/helm/garage/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.garage.existingRpcSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -12,3 +13,4 @@ data:
   {{- $prevRpcSecret := $prevSecretData.rpcSecret | default "" | b64dec }}
   {{/* Priority is: 1. from values, 2. previous value, 3. generate random */}}
   rpcSecret: {{ .Values.garage.rpcSecret | default $prevRpcSecret | default (include "jupyterhub.randHex" 64) | b64enc | quote }}
+{{- end }}
diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml
index f650d612..7b271e9d 100644
--- a/script/helm/garage/values.yaml
+++ b/script/helm/garage/values.yaml
@@ -37,6 +37,10 @@ garage:
   rpcBindAddr: "[::]:3901"
   # -- If not given, a random secret will be generated and stored in a Secret object
   rpcSecret: ""
+  # -- If you want to provide an rpcSecret within an existing k8s secret,
+  # specify the secret name here, and store the value under the secret key `rpcSecret`
+  # the default secret will not be created
+  existingRpcSecret: ""
   # -- This is not required if you use the integrated kubernetes discovery
   bootstrapPeers: []
   # -- Set to true if you want to use k8s discovery but install the CRDs manually outside