feat: secrets

smardigo/templates/connect/secret.yml

@@ -1,6 +1,4 @@
-# store the secret-name as var
-# in my case, the name was very long and containing a lot of fields
-# so it helps me a lot
+# store the secret-name as variable
 {{- $secret_name := "connect-secrets" -}}
 ---
 apiVersion: v1
@@ -9,8 +7,14 @@ metadata:
   name: "{{ $secret_name }}"
   annotations:
     "helm.sh/resource-policy": "keep"
-{{- $previous := lookup "v1" "Secret" .Release.Namespace $secret_name }}
 data:
+  # try to get the old secrets
+  # keep in mind, that a dry-run only returns an empty map
+  {{- $previous := lookup "v1" "Secret" .Release.Namespace $secret_name }}
+
+  # check, if a secret is already set
+  {{- if or (not $previous) (not $previous.data) }}
+  # if not set, then generate a new password
   JWT_SECRET: "{{ .Values.connect.jwt.secret | b64enc }}"
   ADMIN_PASSWORD: "{{ .Values.connect.database.password | b64enc }}"
   DATASOURCE_USERNAME: "{{ .Values.connect.database.username | b64enc }}"
@@ -19,4 +23,16 @@ data:
   ELASTIC_PASSWORD: "{{ .Values.connect.database.password | b64enc }}"
   OIDC_CLIENT_SECRET: "{{ .Values.connect.oidc.client_secret | b64enc }}"
   MAIL_USER: "{{ .Values.connect.mail.username | b64enc }}"
-  MAIL_PASSWORD: "{{ .Values.connect.mail.password | b64enc }}"
+  MAIL_PASSWORD: "{{ .Values.connect.mail.password | b64enc }}"
+  {{ else }}
+  # if set, then use the old value
+  JWT_SECRET: "{{ index $old_sec.data "JWT_SECRET" }}"
+  ADMIN_PASSWORD: "{{ index $old_sec.data "JWT_SECRET" }}"
+  DATASOURCE_USERNAME: "{{ index $old_sec.data "JWT_SECRET" }}"
+  DATASOURCE_PASSWORD: "{{ index $old_sec.data "JWT_SECRET" }}"
+  ELASTIC_USERNAME: "{{ index $old_sec.data "JWT_SECRET" }}"
+  ELASTIC_PASSWORD: "{{ index $old_sec.data "JWT_SECRET" }}"
+  OIDC_CLIENT_SECRET: "{{ index $old_sec.data "JWT_SECRET" }}"
+  MAIL_USER: "{{ index $old_sec.data "JWT_SECRET" }}"
+  MAIL_PASSWORD: "{{ index $old_sec.data "JWT_SECRET" }}"
+  {{ end }}