feat: secrets 2

smardigo/templates/connect/secret.yml

@@ -8,16 +8,15 @@ kind: Secret
 metadata:
   name: "{{ $secret_name }}"
 data:
-  # try to get the old secret
+  # retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result
-  # keep in mind, that a dry-run only returns an empty map 
+  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "connect-secrets") | default dict }}
-  {{- $old_sec := lookup "v1" "Secret" .Release.Namespace $secret_name | default dict }}
+  {{- $secretData := (get $secretObj "data") | default dict }}
-  {{- $old_sec_data := (get $old_sec "data") | default dict }}
+  # set $jwtSecret to existing secret data or generate a random one when not exists
+  {{- $someSecret := (get $secretData "some-secret") | default (randAlphaNum 32 | b64enc) }}
+  some-secret: {{ $jwtSecret | quote }}
 
-  {{- $jwtSecret := (get $old_sec_data "JWT_SECRET") }}
+  JWT_SECRET: "{{ .Values.connect.jwt.secret | b64enc }}"
-  JWT_SECRET_2: {{ $jwtSecret }}
+  ADMIN_PASSWORD: "{{ .Values.connect.database.password | b64enc }}"
-  JWT_SECRET: {{ default (randAlphaNum 32) | b64enc }}
-
-  ADMIN_PASSWORD: "{{ .Values.connect.database.password | b64enc}}"
   DATASOURCE_USERNAME: "{{ .Values.connect.database.username | b64enc }}"
   DATASOURCE_PASSWORD: "{{ .Values.connect.database.password | b64enc }}"
   ELASTIC_USERNAME: "{{ .Values.connect.database.username | b64enc }}"