24 lines
No EOL
1.1 KiB
YAML
24 lines
No EOL
1.1 KiB
YAML
{{- if and (.Values.vault.enabled) (eq .Values.vault.type "hashicorp") -}}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ .Release.Name }}-vault-secret
|
|
type: opaque
|
|
data:
|
|
{{- if .Values.vault.create.enabled }}
|
|
# Because we create the Hashicorp Vault instance as part of the Helm chart,
|
|
# we can use the name of the created resource (utilizing k8s built-in container connections)
|
|
# to connect to the Vault instance without having to hard-code the Vault name.
|
|
vault-name: {{ printf "%s-vault" .Release.Name | b64enc }}
|
|
# Because we create the Hashicorp Vault instance as part of the Helm chart,
|
|
# We know the port that the Vault instance is running on.
|
|
vault-port: {{ printf "%d" 80 | b64enc }}
|
|
{{- else }}
|
|
# Because the Vault wasn't created as part of the Helm chart,
|
|
# we need the deployer to specify the name of the Vault instance to connect to.
|
|
vault-name: {{ .Values.vault.vaultName | b64enc }}
|
|
# Because the Vault wasn't created as part of the Helm chart,
|
|
# we need the deployer to specify the port that the Vault instance is running on.
|
|
vault-port: {{ .Values.passVault.vaultPort | b64enc }}
|
|
{{- end }}
|
|
{{- end -}} |