feat: secrets 1

smardigo/templates/connect/secret.yml

@@ -1,23 +1,23 @@
-# store the secret-name as var
-# in my case, the name was very long and containing a lot of fields
-# so it helps me a lot
-{{- $secret_name := "connect-secrets" -}}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: "{{ $secret_name }}"
+  name: "connect-secrets"
   annotations:
     "helm.sh/resource-policy": "keep"
+{{- $previous := lookup "v1" "Secret" .Release.Namespace "connect-secrets" }}
 data:
-  # retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result
+  {{- if $previous }}
-  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "connect-secrets") | default dict }}
+  {{- $previousSecret := index $previous "data" "some-secret" }}
-  {{- $secretData := (get $secretObj "data") | default dict }}
+  {{- if $previousSecret }}
-  # set $jwtSecret to existing secret data or generate a random one when not exists
+  SOME_SECRET_OLD: {{ $previousSecret }}
-  {{- $someSecret := (get $secretData "some-secret") | default (randAlphaNum 32 | b64enc) }}
+  {{- end }}
-  some-secret: {{ $someSecret | b64enc | quote }}
+  SOME_SECRET: {{ $previous.data.SOME_SECRET }}
-  some-secret1: {{ $someSecret | b64enc | quote }}
+  {{- else if .Values.connect.jwt.secret }}
-  some-secret2: {{ $someSecret | b64enc | quote }}
+  SOME_SECRET: {{ .Values.connect.jwt.secret | b64enc | quote }}
+  {{- else }}
+  SOME_SECRET: {{ randAlphaNum 32 | b64enc | quote }}
+  {{- end }}
 
   JWT_SECRET: "{{ .Values.connect.jwt.secret | b64enc }}"
   ADMIN_PASSWORD: "{{ .Values.connect.database.password | b64enc }}"