matrix-synapse: Better generated secret handling
Should hopefully make the chart even safer for use with tools like Argo Fixes #38
This commit is contained in:
Alexander Olofsson
parent
db32226fb5
commit
d8abe3bcc1
3 changed files with 18 additions and 18 deletions
|
|
@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg
|
|||
appVersion: 1.79.0
|
||||
|
||||
type: application
|
||||
version: 3.2.2
|
||||
version: 3.2.3
|
||||
maintainers:
|
||||
- name: Alexander Olofsson
|
||||
email: ace@haxalot.com
|
||||
|
|
|
|||
|
|
@ -86,20 +86,3 @@ stringData:
|
|||
## Extra secrets ##
|
||||
{{ . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.signingkey.job.enabled (not .Values.signingkey.existingSecret) }}
|
||||
{{- $name := include "matrix-synapse.workername" (dict "global" . "worker" "signingkey") }}
|
||||
{{- if not (lookup "v1" "Secret" .Release.Namespace $name) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
helm.sh/hook: pre-install
|
||||
helm.sh/resource-policy: keep
|
||||
name: {{ $name }}
|
||||
labels:
|
||||
{{- include "matrix-synapse.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: signingkey-job
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -131,4 +131,21 @@ spec:
|
|||
parallelism: 1
|
||||
completions: 1
|
||||
backoffLimit: 1
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
helm.sh/hook: pre-install
|
||||
helm.sh/hook-delete-policy: never
|
||||
helm.sh/resource-policy: keep
|
||||
name: {{ $secretName }}
|
||||
labels:
|
||||
{{- include "matrix-synapse.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: signingkey-job
|
||||
{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
|
||||
{{ if $secret -}}
|
||||
data:
|
||||
signing.key: {{ (b64dec (index $secret.data "signing.key")) | b64enc }}
|
||||
{{ end -}}
|
||||
{{- end }}
|
||||
|
|
|
|||
Loading…
Reference in a new issue