secrets.yaml 3.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. {{- if (include "mastodon.createSecret" .) -}}
  2. apiVersion: v1
  3. kind: Secret
  4. metadata:
  5. name: {{ template "mastodon.fullname" . }}
  6. labels:
  7. {{- include "mastodon.labels" . | nindent 4 }}
  8. type: Opaque
  9. data:
  10. {{- if .Values.mastodon.s3.enabled }}
  11. {{- if not .Values.mastodon.s3.existingSecret }}
  12. AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
  13. AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
  14. {{- end }}
  15. {{- end }}
  16. {{- if not .Values.mastodon.secrets.existingSecret }}
  17. {{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
  18. SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
  19. {{- else }}
  20. SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }}
  21. {{- end }}
  22. {{- if not (empty .Values.mastodon.secrets.otp_secret) }}
  23. OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}"
  24. {{- else }}
  25. OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }}
  26. {{- end }}
  27. {{- if not (empty .Values.mastodon.secrets.vapid.private_key) }}
  28. VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}"
  29. {{- else }}
  30. VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }}
  31. {{- end }}
  32. {{- if not (empty .Values.mastodon.secrets.vapid.public_key) }}
  33. VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}"
  34. {{- else }}
  35. VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
  36. {{- end }}
  37. {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
  38. ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
  39. {{- else }}
  40. ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
  41. {{- end }}
  42. {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
  43. ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
  44. {{- else }}
  45. ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
  46. {{- end }}
  47. {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
  48. ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
  49. {{- else }}
  50. ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
  51. {{- end }}
  52. {{- end }}
  53. {{- if not .Values.postgresql.enabled }}
  54. {{- if not .Values.postgresql.auth.existingSecret }}
  55. password: "{{ .Values.postgresql.auth.password | b64enc }}"
  56. {{- end }}
  57. {{- end }}
  58. {{- end }}