-
Notifications
You must be signed in to change notification settings - Fork 74
Expand file tree
/
Copy pathsecret.yaml
More file actions
59 lines (54 loc) · 2.3 KB
/
secret.yaml
File metadata and controls
59 lines (54 loc) · 2.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
{{- if and (not .Values.externalSecrets.enabled) (not .Values.externalSecrets.externalSecretsOperator.enabled) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "retool.fullname" . }}
{{- if or (not .Values.retoolJwtSecret) (not .Values.config.encryptionKey) }}
labels:
{{- include "retool.labels" . | nindent 4 }}
annotations:
"helm.sh/resource-policy": no-upgrade-existing
{{- end }}
type: Opaque
{{- $secretName := (include "retool.fullname" .) }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName | default dict }}
{{- $secretData := (get $secret "data") | default dict }}
data:
{{ if and (not .Values.env.RETOOL_LOAD_FILE_SECRETS) (not .Values.env.LICENSE_KEY_FILE) }}
license-key: {{ .Values.config.licenseKey | default "" | b64enc | quote }}
{{ end }}
{{ if and (not .Values.env.RETOOL_LOAD_FILE_SECRETS) (not .Values.env.JWT_SECRET_FILE) }}
{{ if not .Values.config.jwtSecretSecretName }}
{{ if .Values.config.jwtSecret }}
jwt-secret: {{ .Values.config.jwtSecret | b64enc | quote }}
{{ else if (get $secretData "jwt-secret") }}
jwt-secret: {{ (get $secretData "jwt-secret") }}
{{ else }}
jwt-secret: {{ randAlphaNum 20 | b64enc | quote }}
{{ end }}
{{ end }}
{{ end }}
{{ if and (not .Values.env.RETOOL_LOAD_FILE_SECRETS) (not .Values.env.ENCRYPTION_KEY_FILE) }}
{{ if not .Values.config.encryptionKeySecretName }}
{{ if .Values.config.encryptionKey }}
encryption-key: {{ .Values.config.encryptionKey | b64enc | quote }}
{{ else if (get $secretData "encryption-key") }}
encryption-key: {{ get $secretData "encryption-key" }}
{{ else }}
encryption-key: {{ required "Please set a value for .Values.config.encryptionKey" .Values.config.encryptionKey }}
{{ end }}
{{ end }}
{{ end }}
{{ if and (not .Values.env.RETOOL_LOAD_FILE_SECRETS) (not .Values.env.GOOGLE_CLIENT_SECRET_FILE) }}
{{ if .Values.config.auth.google.clientSecret }}
google-client-secret: {{ .Values.config.auth.google.clientSecret | b64enc | quote }}
{{ else }}
google-client-secret: ""
{{ end }}
{{ end }}
{{ if not .Values.postgresql.enabled }}
{{ if and (not .Values.env.RETOOL_LOAD_FILE_SECRETS) (not .Values.env.POSTGRES_PASSWORD_FILE) }}
postgresql-password: {{ .Values.config.postgresql.password | default "" | b64enc | quote }}
{{ end }}
{{ end }}
{{- end }}