From 078bd9f8b6d2f6dbfeb978c89ae62404b50e796a Mon Sep 17 00:00:00 2001
From: Eli Nesterov <eli.nesterov@gmail.com>
Date: Sat, 16 Sep 2023 17:18:43 -0700
Subject: [PATCH] enable spirl csi volume injeciton by default

---
 charts/spiffe-demo-app/Chart.yaml                |  2 +-
 charts/spiffe-demo-app/README.md                 |  7 ++++---
 charts/spiffe-demo-app/templates/deployment.yaml | 11 +++++++++--
 charts/spiffe-demo-app/values.yaml               |  4 +++-
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/charts/spiffe-demo-app/Chart.yaml b/charts/spiffe-demo-app/Chart.yaml
index 436ce75..20cb463 100644
--- a/charts/spiffe-demo-app/Chart.yaml
+++ b/charts/spiffe-demo-app/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
 name: spiffe-demo-app
 description: A Helm chart to install spiffe-demo-app
 type: application
-version: 0.3.1
\ No newline at end of file
+version: 0.3.2
\ No newline at end of file
diff --git a/charts/spiffe-demo-app/README.md b/charts/spiffe-demo-app/README.md
index d9edfa5..2a472a0 100644
--- a/charts/spiffe-demo-app/README.md
+++ b/charts/spiffe-demo-app/README.md
@@ -1,6 +1,6 @@
 # spiffe-demo-app
 
-![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart to install spiffe-demo-app
 
@@ -8,9 +8,10 @@ A Helm chart to install spiffe-demo-app
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| app | object | `{"enableBusybox":false,"spiffeCSIDriverVolume":true,"spiffeSocketMountPathDir":"/spiffe-workload-api","spiffeSocketName":"agent.sock"}` | The App configuration |
+| app | object | `{"enableBusybox":false,"spiffeCSIDriverInjectionEnabled":true,"spiffeCSIDriverVolume":false,"spiffeSocketMountPathDir":"/spiffe-workload-api","spiffeSocketName":"agent.sock"}` | The App configuration |
 | app.enableBusybox | bool | `false` | Enable busybox container |
-| app.spiffeCSIDriverVolume | bool | `true` | Add SPIFFE CSIdirver volume |
+| app.spiffeCSIDriverInjectionEnabled | bool | `true` | SPIRL SPIFFE CSI injeciton enabled |
+| app.spiffeCSIDriverVolume | bool | `false` | Add SPIFFE CSIdirver volume |
 | app.spiffeSocketMountPathDir | string | `"/spiffe-workload-api"` | SPIFFE Workload API socket mount path |
 | app.spiffeSocketName | string | `"agent.sock"` | SPIFFE Workload API socket name exposed by the agent the resulting default socket path will be /spiffe-workload-api/agent.sock spiffeSocketName is a filename from the socket path for the agent |
 | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy |
diff --git a/charts/spiffe-demo-app/templates/deployment.yaml b/charts/spiffe-demo-app/templates/deployment.yaml
index ad1024f..1b67cda 100644
--- a/charts/spiffe-demo-app/templates/deployment.yaml
+++ b/charts/spiffe-demo-app/templates/deployment.yaml
@@ -12,28 +12,35 @@ spec:
     metadata:
       labels:
         app: spiffe-demo-app
+        {{- if .Values.app.spiffeCSIDriverInjectionEnabled }}
+        k8s.spirl.com/spiffe-csi: enabled
+        {{- end }}
     spec:
       containers:
       - name: spiffe-demo-app
         image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
+        {{- if not .Values.app.spiffeCSIDriverInjectionEnabled }}
         env:
           - name: SPIFFE_ENDPOINT_SOCKET
             value: "unix://{{ .Values.app.spiffeSocketMountPathDir }}/{{ .Values.app.spiffeSocketName }}"
+        {{- end }}
         ports:
         - containerPort: 8080
-      {{- if .Values.app.spiffeCSIDriverVolume }}
+        {{- if .Values.app.spiffeCSIDriverVolume }}
         volumeMounts:
         - name: spiffe-csi-driver-volume
           mountPath: {{ .Values.app.spiffeSocketMountPathDir }}
-      {{- end }}
+        {{- end }}
       {{- if .Values.app.enableBusybox }}
       - name: busybox
         image: busybox
         command: ['sleep', '3600']
+        {{- if not .Values.app.spiffeCSIDriverInjectionEnabled }}
         env:
           - name: SPIFFE_ENDPOINT_SOCKET
             value: "unix://{{ .Values.app.spiffeSocketMountPathDir }}/{{ .Values.app.spiffeSocketName }}"
+        {{- end }}
         imagePullPolicy: IfNotPresent
         {{- if .Values.app.spiffeCSIDriverVolume }}
         volumeMounts:
diff --git a/charts/spiffe-demo-app/values.yaml b/charts/spiffe-demo-app/values.yaml
index d7ee80b..6c0b0e4 100644
--- a/charts/spiffe-demo-app/values.yaml
+++ b/charts/spiffe-demo-app/values.yaml
@@ -17,6 +17,8 @@ service:
 
 # -- The App configuration
 app:
+  # -- SPIRL SPIFFE CSI injeciton enabled
+  spiffeCSIDriverInjectionEnabled: true
   # -- SPIFFE Workload API socket mount path
   spiffeSocketMountPathDir: /spiffe-workload-api
   # -- SPIFFE Workload API socket name exposed by the agent
@@ -24,7 +26,7 @@ app:
   # spiffeSocketName is a filename from the socket path for the agent
   spiffeSocketName: agent.sock
   # -- Add SPIFFE CSIdirver volume
-  spiffeCSIDriverVolume: true
+  spiffeCSIDriverVolume: false
   # -- Enable busybox container
   enableBusybox: false