25 lines
875 B
YAML
25 lines
875 B
YAML
{{- if not .Values.jwtSecret.existingSecret }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}-jwt
|
|
labels:
|
|
{{- include "bjw-s.common.lib.controller.metadata.labels" . | nindent 4 }}
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
type: Opaque
|
|
data:
|
|
{{- if .Values.jwtSecret.value }}
|
|
JWT_SECRET: {{ .Values.jwtSecret.value | b64enc | quote }}
|
|
{{- else }}
|
|
# Generate a random JWT secret if not provided
|
|
# This uses a lookup to preserve the secret across upgrades
|
|
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-jwt" (include "bjw-s.common.lib.chart.names.fullname" .)) }}
|
|
{{- if $existingSecret }}
|
|
JWT_SECRET: {{ index $existingSecret.data "JWT_SECRET" | quote }}
|
|
{{- else }}
|
|
JWT_SECRET: {{ randAlphaNum 43 | b64enc | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }} |