File tree Expand file tree Collapse file tree
charts/wger/templates/hooks Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # updates or creates the jwt secret
2+ {{- define "manipulate" -}}
3+ {{- if (lookup "v1" "Secret" .Release.Namespace .Values.app.jwt.secret.name) -}}
4+ {{- if .Values.app.jwt.secret.update -}}
5+ doit
6+ {{- end -}}
7+ {{- else -}}
8+ doit
9+ {{- end -}}
10+ {{- end -}}
11+
12+ {{- $manipulate := (include "manipulate" .) }}
13+ {{- if eq $manipulate "doit" }}
14+ apiVersion : batch/v1
15+ kind : Job
16+ metadata :
17+ name : {{ .Release.Name }}-keygen
18+ labels :
19+ app.kubernetes.io/name : {{ .Release.Name }}
20+ annotations :
21+ helm.sh/hook : pre-install,pre-upgrade,pre-rollback
22+ helm.sh/hook-weight : " -5"
23+ helm.sh/hook-delete-policy : hook-succeeded
24+ spec :
25+ template :
26+ spec :
27+ restartPolicy : Never
28+ serviceAccountName : {{ .Release.Name }}
29+ containers :
30+ - name : keygen
31+ image : alpine:latest
32+ command :
33+ - sh
34+ - -c
35+ - |
36+ # Generate a 2048-bit RSA private key
37+ openssl genpkey -algorithm RSA -out /tmp/jwt.key -pkeyopt rsa_keygen_bits:2048
38+
39+ # Derive the public key (PEM format)
40+ openssl rsa -pubout -in /tmp/jwt.key -out /tmp/jwt.pub
41+
42+ # Update or create the secret
43+ cat <<EOF | kubectl apply -f -
44+ apiVersion: v1
45+ kind: Secret
46+ metadata:
47+ name: {{ .Values.app.jwt.secret.name | default "jwt" }}
48+ namespace: {{ .Release.Namespace }}
49+ stringData:
50+ private-key: {{ .Values.app.jwt.secret.privateKey | default $(cat /tmp/jwt.key) | quote }}
51+ public-key: {{ .Values.app.jwt.secret.publicKey | default $(cat /tmp/jwt.pub) | quote }}
52+ EOF
53+ {{- end }}
You can’t perform that action at this time.
0 commit comments