feat(agent): Enable the possibility to specify an existing secret containing the local forwarder configuration [FR-2992] (#2382)

Co-authored-by: Francesco Furlan <[email protected]>

Author: gi-erre

charts/agent/Chart.yaml

@@ -30,4 +30,4 @@ sources:
 - https://app.sysdigcloud.com/#/settings/user
 - https://github.com/draios/sysdig
 type: application
-version: 2.3.2
+version: 2.3.3

charts/agent/templates/daemonset.yaml

@@ -394,7 +394,11 @@ spec:
         {{- if .Values.localForwarder.enabled }}
         - name: local-forwarder-config
           secret:
+            {{- if eq .Values.localForwarder.existingSecretName "" }}
             secretName: {{ include "agent.localForwarderSecretName" . }}
+            {{- else }}
+            secretName: {{ .Values.localForwarder.existingSecretName }}
+            {{- end }}
         {{- end }}
         - name: sysdig-agent-secrets
           secret:

charts/agent/templates/secrets.yaml

@@ -49,7 +49,7 @@ type: Opaque
 data:
 {{ include "agent.httpProxyCredentials" . | indent 2 }}
 {{- end }}
-{{- if .Values.localForwarder.enabled }}
+{{- if and .Values.localForwarder.enabled (eq .Values.localForwarder.existingSecretName "") }}
 ---
 apiVersion: v1
 kind: Secret

charts/agent/values.yaml

@@ -341,6 +341,11 @@ leaderelection:
   enable: false
 localForwarder:
   enabled: false
+  # If existingSecretName is set to anything different than an empty string
+  # the local forwarder secret generation is skipped and the existing secret
+  # name is used to mount the secret volume instead of the one defined in
+  # the secrets template
+  existingSecretName: ""
   transmitMessageTypes:
     - POLICY_EVENTS
     - SECURE_AUDIT