From 1baeaac7268d111ab621cd9de947ce142cd011ad Mon Sep 17 00:00:00 2001
From: dmakeroam <cpfapp@gmail.com>
Date: Thu, 9 Mar 2023 15:12:43 +0700
Subject: [PATCH] feat: Override a secret name for service principal in case
 you have multiple AGIC controllers.

---
 helm/ingress-azure/templates/_helpers.tpl    | 11 +++++++++++
 helm/ingress-azure/templates/deployment.yaml |  2 +-
 helm/ingress-azure/templates/secrets.yaml    |  2 +-
 helm/ingress-azure/values.yaml               |  1 +
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/helm/ingress-azure/templates/_helpers.tpl b/helm/ingress-azure/templates/_helpers.tpl
index 04c19311a..3156f1869 100644
--- a/helm/ingress-azure/templates/_helpers.tpl
+++ b/helm/ingress-azure/templates/_helpers.tpl
@@ -101,4 +101,15 @@ If release name contains chart name it will be used as a full name.
 {{- printf "%s-azidbinding-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
+{{- end -}}
+
+{{/*
+Override a secret name for service principal in case you have multiple AGIC controllers.
+*/}}
+{{- define "application-gateway-kubernetes-ingress.servicePrincipalSecretName" -}}
+{{- if .Values.armAuth.secretName -}}
+{{- .Values.armAuth.secretName -}}
+{{- else -}}
+{{- printf "networking-appgw-k8s-azure-service-principal" -}}
+{{- end -}}
 {{- end -}}
\ No newline at end of file
diff --git a/helm/ingress-azure/templates/deployment.yaml b/helm/ingress-azure/templates/deployment.yaml
index 3fd671d4b..5734475f4 100644
--- a/helm/ingress-azure/templates/deployment.yaml
+++ b/helm/ingress-azure/templates/deployment.yaml
@@ -113,7 +113,7 @@ spec:
       {{- if eq .Values.armAuth.type "servicePrincipal"}}
       - name: networking-appgw-k8s-azure-service-principal-mount
         secret:
-          secretName: networking-appgw-k8s-azure-service-principal
+          secretName: {{ template "application-gateway-kubernetes-ingress.servicePrincipalSecretName" . }}
       {{- end}}
       {{- end}}
       {{- if .Values.kubernetes.volumes }}
diff --git a/helm/ingress-azure/templates/secrets.yaml b/helm/ingress-azure/templates/secrets.yaml
index 911e15842..827ac86e3 100644
--- a/helm/ingress-azure/templates/secrets.yaml
+++ b/helm/ingress-azure/templates/secrets.yaml
@@ -3,7 +3,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: networking-appgw-k8s-azure-service-principal
+  name: {{ template "application-gateway-kubernetes-ingress.servicePrincipalSecretName" . }}
 type: Opaque
 data:
   armAuth.json: "{{- required "armAuth.secretJSON is required when using servicePrincipal" .Values.armAuth.secretJSON -}}"
diff --git a/helm/ingress-azure/values.yaml b/helm/ingress-azure/values.yaml
index 2e68618ee..29377c646 100644
--- a/helm/ingress-azure/values.yaml
+++ b/helm/ingress-azure/values.yaml
@@ -103,6 +103,7 @@ appgw: {}
 #   # Generate this value with:
 #   #   az ad sp create-for-rbac --subscription <subscription-uuid> --sdk-auth | base64 -w0
 #   secretJSON: <base64-encoded-JSON-blob>
+#   secretName: <your-secret-name>
 #
 # - Option 3: Workload Identity (https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview)
 # armAuth: