support not generating heimdall-signer-cert

We are moving to using secrets-manager to create this secret
for dev/staging/production environments. Local envs will still generate
this via helm.

Issue: LFXV2-893
Signed-off-by: Jordan Evans <[email protected]>

Author: jordane

charts/lfx-platform/templates/heimdall/heimdall-signer-cert.yaml

@@ -1,7 +1,7 @@
 # Copyright The Linux Foundation and each contributor to LFX.
 # SPDX-License-Identifier: MIT
 ---
-{{ if .Values.heimdall.enabled -}}
+{{ if and .Values.heimdall.enabled .Values.lfx.generateHeimdallSignerCert.enabled -}}
 {{/*
 Generate a cert for Heimdall on install of Chart
   TODO: Create RBAC rule to limit secret access to heimdall Pods
@@ -13,7 +13,7 @@ apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: heimdall-signer-cert
+  name: {{ .Values.lfx.generateHeimdallSignerCert.name }}
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "lfx-platform.labels" . | nindent 4 }}

charts/lfx-platform/values.yaml

@@ -16,6 +16,12 @@ lfx:
     name: heimdall-trust-bundle
     configKey: ca-certificates.crt
 
+  # Have helm generate the heimdall-signer-cert secret
+  # Recommended to disable for production values and manage separately.
+  generateHeimdallSignerCert:
+    enabled: true
+    name: heimdall-signer-cert
+
   whoami:
     enabled: true