f5a757b106
This patch makes the fernet and credential secret something that gets created only once when the deployment is first done, as when using Helm, it's possible that it overrides it's values with an empty secret in the runs afterwards. By making it a hook, it will instead create it and leave an owner reference in Helm 3 to delete it later if the release is deleted. It will not manage it afterwards as well. Change-Id: I7c1c97f38877e0e54bea7fc09b37dd6f77c9dc8a
29 lines
819 B
YAML
29 lines
819 B
YAML
{{/*
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{- if .Values.manifests.secret_fernet_keys }}
|
|
{{- $envAll := . }}
|
|
{{- if eq .Values.conf.keystone.token.provider "fernet" }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: keystone-fernet-keys
|
|
annotations:
|
|
"helm.sh/hook": pre-install
|
|
type: Opaque
|
|
data:
|
|
{{- end }}
|
|
{{- end }}
|