oncall-engine/helm/oncall/templates/secrets.yaml

{{- if not .Values.oncall.secrets.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "oncall.fullname" . }}
  labels:
    {{- include "oncall.labels" . | nindent 4 }}
  {{- if .Values.migrate.useHook }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-weight": "-5"
  {{- end }}
type: Opaque
data:
  {{ include "snippet.oncall.secret.secretKey" . }}: {{ (.Values.oncall.secrets.secretKey | default (randAlphaNum 40)) | b64enc | quote }}
  {{ include "snippet.oncall.secret.mirageSecretKey" . }}: {{ (.Values.oncall.secrets.mirageSecretKey | default (randAlphaNum 40)) | b64enc | quote }}
---
{{- end }}
{{- if and (eq .Values.database.type "mysql") (not .Values.mariadb.enabled) (not .Values.externalMysql.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "oncall.fullname" . }}-mysql-external
  {{- if .Values.migrate.useHook }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-weight": "-5"
  {{- end }}
type: Opaque
data:
  mariadb-root-password: {{ required "externalMysql.password is required if not mariadb.enabled and not externalMysql.existingSecret" .Values.externalMysql.password | b64enc | quote }}
---
{{- end }}
{{- if and (not .Values.postgresql.enabled) (eq .Values.database.type "postgresql") (not .Values.externalPostgresql.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "oncall.fullname" . }}-postgresql-external
  {{- if .Values.migrate.useHook }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-weight": "-5"
  {{- end }}
type: Opaque
data:
  postgres-password: {{ required "externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret" .Values.externalPostgresql.password | b64enc | quote }}
---
{{- end }}
{{- if and (eq .Values.broker.type "rabbitmq") (.Values.externalRabbitmq.password) (not .Values.rabbitmq.enabled) (not .Values.externalRabbitmq.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "oncall.fullname" . }}-rabbitmq-external
  {{- if .Values.migrate.useHook }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-weight": "-5"
  {{- end }}
type: Opaque
data:
  rabbitmq-password: {{ required "externalRabbitmq.password is required if not rabbitmq.enabled and not externalRabbitmq.existingSecret" .Values.externalRabbitmq.password | b64enc | quote }}
---
{{- end }}
{{- if and (.Values.externalRedis.host) (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "oncall.fullname" . }}-redis-external
  {{- if .Values.migrate.useHook }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-weight": "-5"
  {{- end }}
type: Opaque
data:
  redis-password: {{ required "externalRedis.password is required if not redis.enabled and not externalRedis.existingSecret" .Values.externalRedis.password | b64enc | quote }}
---
{{- end }}
{{- if and .Values.oncall.smtp.enabled .Values.oncall.smtp.password }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "oncall.fullname" . }}-smtp
type: Opaque
data:
  smtp-password: {{ .Values.oncall.smtp.password | b64enc | quote }}
---
{{- end }}
{{- if and .Values.oncall.exporter.enabled .Values.oncall.exporter.authToken }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "oncall.fullname" . }}-exporter
type: Opaque
data:
  exporter-secret: {{ .Values.oncall.exporter.authToken | b64enc | quote }}
---
{{- end }}