-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Copy pathsecret-postgresql.yaml
36 lines (36 loc) · 1.59 KB
/
secret-postgresql.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{{- if .Values.createPostgresqlSecret -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.postgresql.auth.existingSecret }}
labels:
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- with .Values.extraLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
helm.sh/resource-policy: keep
helm.sh/hook: "pre-install"
helm.sh/hook-delete-policy: "before-hook-creation"
type: Opaque
data:
{{- if .Values.postgresql.auth.password }}
{{ .Values.postgresql.auth.secretKeys.adminPasswordKey }}: {{ .Values.postgresql.auth.password | b64enc | quote }}
{{ .Values.postgresql.auth.secretKeys.userPasswordKey }}: {{ .Values.postgresql.auth.password | b64enc | quote }}
{{- else }}
{{- $postgresRandomPassword := randAlphaNum 16 | b64enc | quote }}
{{ .Values.postgresql.auth.secretKeys.adminPasswordKey }}: {{ $postgresRandomPassword }}
{{ .Values.postgresql.auth.secretKeys.userPasswordKey }}: {{ $postgresRandomPassword }}
{{- end }}
# TODO: check if replication password in injected into the values
{{ if eq .Values.postgresql.architecture "replication" -}}
{{- if .Values.postgresql.postgresqlReplicationPassword }}
{{ .Values.postgresql.auth.secretKeys.replicationPasswordKey }}: {{ .Values.postgresql.postgresqlReplicationPassword | b64enc | quote }}
{{- else }}
{{ .Values.postgresql.auth.secretKeys.replicationPasswordKey }}: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}