{{- /*
      https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918
  */}}
apiVersion: v1
kind: Secret
metadata:
  name: "kubernetes-secrets-secret"
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
  # retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result
  {{- $existing_secret := (lookup "v1" "Secret" .Release.Namespace "kubernetes-secrets-secret") | default dict }}
  {{- $secretData := (get $existing_secret "data") | default dict }}
  # set $secret to existing secret data or generate a random one when not exists
  {{- $secret := (get $secretData "secret") | default (randAlphaNum 32 | b64enc) }}
  # generate 32 chars long random string, base64 encode it and then double-quote the result string.
  SECRET_KEY: {{ $secret | quote }}
  # Duplicate the secret-value with a different key so that it can be mounted into the environment of a pod which
  # required a different name (to the best of my knowledge, there's no way to mount a secret as an env variable but
  # transform the key)
  DRONE_SECRET_PLUGIN_TOKEN: {{ $secret | quote }}