allow global defaults for secrets operator

helm-charts/secrets-operator/Chart.yaml

@@ -18,4 +18,4 @@ version: 0.1.3
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.3"
+appVersion: "0.1.4"

helm-charts/secrets-operator/templates/infisicalsecret-crd.yaml

@@ -36,7 +36,6 @@ spec:
             description: InfisicalSecretSpec defines the desired state of InfisicalSecret
             properties:
               hostAPI:
-                default: https://app.infisical.com/api
                 description: Infisical host to pull secrets from
                 type: string
               managedSecretReference:

k8-operator/api/v1alpha1/infisicalsecret_types.go

@@ -22,7 +22,6 @@ type InfisicalSecretSpec struct {
 	ManagedSecretReference KubeSecretReference `json:"managedSecretReference,omitempty"`
 
 	// Infisical host to pull secrets from
-	// +kubebuilder:default="https://app.infisical.com/api"
 	HostAPI string `json:"hostAPI,omitempty"`
 }
 

k8-operator/config/crd/bases/secrets.infisical.com_infisicalsecrets.yaml

@@ -36,7 +36,6 @@ spec:
             description: InfisicalSecretSpec defines the desired state of InfisicalSecret
             properties:
               hostAPI:
-                default: https://app.infisical.com/api
                 description: Infisical host to pull secrets from
                 type: string
               managedSecretReference:

k8-operator/config/samples/infisical-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: infisical-operator-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: infisical-config
+  namespace: infisical-operator-system
+data:
+  hostAPI: "https://example.com/api"

k8-operator/controllers/infisicalsecret_controller.go

@@ -57,8 +57,20 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		}, nil
 	}
 
-	// set the api url based on the CRD
-	api.API_HOST_URL = infisicalSecretCR.Spec.HostAPI
+	// Get modified/default config
+	infisicalConfig, err := r.GetInfisicalConfigMap(ctx)
+	if err != nil {
+		fmt.Printf("unable to fetch infisical-config [err=%s]. Will requeue after [requeueTime=%v]\n", err, requeueTime)
+		return ctrl.Result{
+			RequeueAfter: requeueTime,
+		}, nil
+	}
+
+	if infisicalSecretCR.Spec.HostAPI == "" {
+		api.API_HOST_URL = infisicalConfig["hostAPI"]
+	} else {
+		api.API_HOST_URL = infisicalSecretCR.Spec.HostAPI
+	}
 
 	err = r.ReconcileInfisicalSecret(ctx, infisicalSecretCR)
 	r.SetReadyToSyncSecretsConditions(ctx, &infisicalSecretCR, err)

k8-operator/controllers/infisicalsecret_helper.go

@@ -16,6 +16,42 @@ import (
 
 const INFISICAL_TOKEN_SECRET_KEY_NAME = "infisicalToken"
 const SECRET_VERSION_ANNOTATION = "secrets.infisical.com/version" // used to set the version of secrets via Etag
+const OPERATOR_SETTINGS_CONFIGMAP_NAME = "infisical-config"
+const OPERATOR_SETTINGS_CONFIGMAP_NAMESPACE = "infisical-operator-system"
+const INFISICAL_DOMAIN = "https://app.infisical.com/api"
+
+func (r *InfisicalSecretReconciler) GetInfisicalConfigMap(ctx context.Context) (configMap map[string]string, errToReturn error) {
+	// default key values
+	defaultConfigMapData := make(map[string]string)
+	defaultConfigMapData["hostAPI"] = INFISICAL_DOMAIN
+
+	kubeConfigMap := &corev1.ConfigMap{}
+	err := r.Client.Get(ctx, types.NamespacedName{
+		Namespace: OPERATOR_SETTINGS_CONFIGMAP_NAMESPACE,
+		Name:      OPERATOR_SETTINGS_CONFIGMAP_NAME,
+	}, kubeConfigMap)
+
+	if err != nil {
+		if errors.IsNotFound(err) {
+			kubeConfigMap = nil
+		} else {
+			return nil, fmt.Errorf("GetConfigMapByNamespacedName: unable to fetch config map in [namespacedName=%s] [err=%s]", OPERATOR_SETTINGS_CONFIGMAP_NAMESPACE, err)
+		}
+	}
+
+	if kubeConfigMap == nil {
+		return defaultConfigMapData, nil
+	} else {
+		for key, value := range defaultConfigMapData {
+			_, exists := kubeConfigMap.Data[key]
+			if !exists {
+				kubeConfigMap.Data[key] = value
+			}
+		}
+
+		return kubeConfigMap.Data, nil
+	}
+}
 
 func (r *InfisicalSecretReconciler) GetKubeSecretByNamespacedName(ctx context.Context, namespacedName types.NamespacedName) (*corev1.Secret, error) {
 	kubeSecret := &corev1.Secret{}

k8-operator/kubectl-install/install-secrets-operator.yaml

@@ -44,7 +44,6 @@ spec:
             description: InfisicalSecretSpec defines the desired state of InfisicalSecret
             properties:
               hostAPI:
-                default: https://app.infisical.com/api
                 description: Infisical host to pull secrets from
                 type: string
               managedSecretReference: