Skip to content

Commit 64f5047

Browse files
committed
working on autogenerated jwt keys
1 parent 90cc55b commit 64f5047

1 file changed

Lines changed: 53 additions & 0 deletions

File tree

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
# updates or creates the jwt secret
2+
{{- define "manipulate" -}}
3+
{{- if (lookup "v1" "Secret" .Release.Namespace .Values.app.jwt.secret.name) -}}
4+
{{- if .Values.app.jwt.secret.update -}}
5+
doit
6+
{{- end -}}
7+
{{- else -}}
8+
doit
9+
{{- end -}}
10+
{{- end -}}
11+
12+
{{- $manipulate := (include "manipulate" .) }}
13+
{{- if eq $manipulate "doit" }}
14+
apiVersion: batch/v1
15+
kind: Job
16+
metadata:
17+
name: {{ .Release.Name }}-keygen
18+
labels:
19+
app.kubernetes.io/name: {{ .Release.Name }}
20+
annotations:
21+
helm.sh/hook: pre-install,pre-upgrade,pre-rollback
22+
helm.sh/hook-weight: "-5"
23+
helm.sh/hook-delete-policy: hook-succeeded
24+
spec:
25+
template:
26+
spec:
27+
restartPolicy: Never
28+
serviceAccountName: {{ .Release.Name }}
29+
containers:
30+
- name: keygen
31+
image: alpine:latest
32+
command:
33+
- sh
34+
- -c
35+
- |
36+
# Generate a 2048-bit RSA private key
37+
openssl genpkey -algorithm RSA -out /tmp/jwt.key -pkeyopt rsa_keygen_bits:2048
38+
39+
# Derive the public key (PEM format)
40+
openssl rsa -pubout -in /tmp/jwt.key -out /tmp/jwt.pub
41+
42+
# Update or create the secret
43+
cat <<EOF | kubectl apply -f -
44+
apiVersion: v1
45+
kind: Secret
46+
metadata:
47+
name: {{ .Values.app.jwt.secret.name | default "jwt" }}
48+
namespace: {{ .Release.Namespace }}
49+
stringData:
50+
private-key: {{ .Values.app.jwt.secret.privateKey | default $(cat /tmp/jwt.key) | quote }}
51+
public-key: {{ .Values.app.jwt.secret.publicKey | default $(cat /tmp/jwt.pub) | quote }}
52+
EOF
53+
{{- end }}

0 commit comments

Comments
 (0)