8d70bbe78b
Interestingly, the existence of this chart somewhat contradicts the [docs](https://docs.drone.io/runner/extensions/kube/), which suggest you should "_\[d\]eploy the secret extension in the same Pod as your Kubernetes runner_". Though the interaction appears to be via an HTTP call, so that doesn't seem like would be an issue.
23 lines
1.1 KiB
YAML
23 lines
1.1 KiB
YAML
{{- /*
|
|
https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918
|
|
*/}}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: "kubernetes-secrets-secret"
|
|
annotations:
|
|
"helm.sh/resource-policy": "keep"
|
|
type: Opaque
|
|
data:
|
|
# retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result
|
|
{{- $existing_secret := (lookup "v1" "Secret" .Release.Namespace "kubernetes-secrets-secret") | default dict }}
|
|
{{- $secretData := (get $existing_secret "data") | default dict }}
|
|
# set $secret to existing secret data or generate a random one when not exists
|
|
{{- $secret := (get $secretData "secret") | default (randAlphaNum 32 | b64enc) }}
|
|
# generate 32 chars long random string, base64 encode it and then double-quote the result string.
|
|
SECRET_KEY: {{ $secret | quote }}
|
|
# Duplicate the secret-value with a different key so that it can be mounted into the environment of a pod which
|
|
# required a different name (to the best of my knowledge, there's no way to mount a secret as an env variable but
|
|
# transform the key)
|
|
DRONE_SECRET_PLUGIN_TOKEN: {{ $secret | quote }}
|