27 lines
1.3 KiB
YAML
27 lines
1.3 KiB
YAML
{{- /*
|
|
This is a Kubernetes secret that holds the token for the Machine user used to poll the Drone API
|
|
This pattern was taken from:
|
|
https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918
|
|
|
|
This secret provides two values:
|
|
* `DRONE_USER_CREATE`, an environment variable which will prompt Drone to create a user with the given configuration
|
|
* `token`, the bare token of the created user, that other services can use in order to act as the user
|
|
*/}}
|
|
{{- if empty .Values.primaryDroneMachineUserSecret }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: "primary-drone-machine-user-secret"
|
|
annotations:
|
|
"helm.sh/resource-policy": "keep"
|
|
type: Opaque
|
|
data:
|
|
# retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result
|
|
{{- $existing_secret := (lookup "v1" "Secret" .Release.Namespace "primary-drone-machine-user-secret") | default dict }}
|
|
{{- $secretData := (get $existing_secret "data") | default dict }}
|
|
# set $secret to existing secret data or generate a random one (32 chars long) when not exists
|
|
{{- $secret := (get $secretData "token") | default (randAlphaNum 32) }}
|
|
token: {{ $secret | b64enc | quote }}
|
|
DRONE_USER_CREATE: {{ printf "%s%s" "username:root,admin:true,machine:true,token:" $secret | b64enc | quote }}
|
|
{{- end }}
|