Merge pull request #11657 from Budibase/fix/k8s-secrets-management

ensure secrets are not replaced on every helm run
This commit is contained in:
Martin McKeaveney 2023-09-04 18:03:51 +01:00 committed by GitHub
commit dcca93c195
1 changed files with 10 additions and 2 deletions

View File

@ -1,4 +1,5 @@
{{- if .Values.globals.createSecrets -}}
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "budibase.fullname" .) }}
{{- if .Values.globals.createSecrets }}
apiVersion: v1
kind: Secret
metadata:
@ -10,8 +11,15 @@ metadata:
heritage: "{{ .Release.Service }}"
type: Opaque
data:
{{- if $existingSecret }}
internalApiKey: {{ index $existingSecret.data "internalApiKey" }}
jwtSecret: {{ index $existingSecret.data "jwtSecret" }}
objectStoreAccess: {{ index $existingSecret.data "objectStoreAccess" }}
objectStoreSecret: {{ index $existingSecret.data "objectStoreSecret" }}
{{- else }}
internalApiKey: {{ template "budibase.defaultsecret" .Values.globals.internalApiKey }}
jwtSecret: {{ template "budibase.defaultsecret" .Values.globals.jwtSecret }}
objectStoreAccess: {{ template "budibase.defaultsecret" .Values.services.objectStore.accessKey }}
objectStoreSecret: {{ template "budibase.defaultsecret" .Values.services.objectStore.secretKey }}
{{- end -}}
{{- end }}
{{- end }}