solidtime-chart/templates/job-generate-keys.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: {{ include "solidtime.fullname" . }}-keygen
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
  template:
    spec:
      serviceAccountName: {{ include "solidtime.fullname" . }}-keygen
      restartPolicy: OnFailure
      containers:
        - name: keygen
          image: bitnami/kubectl:latest
          command:
            - /bin/sh
            - -c
            - |
              SECRET_NAME="solidtime-app-secrets"
              
              # 1. Check if secret already exists
              if kubectl get secret $SECRET_NAME; then
                echo "Keys already exist. Skipping generation."
                exit 0
              fi

              echo "Generating keys in /tmp..."
              
              # 2. Generate Keys into /tmp (which is writable)
              openssl genrsa -out /tmp/private.key 4096
              openssl rsa -in /tmp/private.key -pubout -out /tmp/public.key
              
              # Generate App Key
              APP_KEY="base64:$(openssl rand -base64 32)"

              # 3. Create Secret reading from /tmp
              kubectl create secret generic $SECRET_NAME \
                --from-literal=APP_KEY="$APP_KEY" \
                --from-file=PASSPORT_PRIVATE_KEY=/tmp/private.key \
                --from-file=PASSPORT_PUBLIC_KEY=/tmp/public.key
Add oauth key secret 2025-12-12 11:08:55 +01:00			`apiVersion: batch/v1`
			`kind: Job`
			`metadata:`
			`name: {{ include "solidtime.fullname" . }}-keygen`
			`annotations:`
			`"helm.sh/hook": pre-install,pre-upgrade`
			`"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded`
			`spec:`
			`template:`
			`spec:`
			`serviceAccountName: {{ include "solidtime.fullname" . }}-keygen`
			`restartPolicy: OnFailure`
			`containers:`
			`- name: keygen`
			`image: bitnami/kubectl:latest`
			`command:`
			`- /bin/sh`
			`- -c`
			`- \|`
			`SECRET_NAME="solidtime-app-secrets"`

Fix script permissions 2025-12-12 11:16:50 +01:00			`# 1. Check if secret already exists`
Add oauth key secret 2025-12-12 11:08:55 +01:00			`if kubectl get secret $SECRET_NAME; then`
			`echo "Keys already exist. Skipping generation."`
			`exit 0`
			`fi`

Fix script permissions 2025-12-12 11:16:50 +01:00			`echo "Generating keys in /tmp..."`
Add oauth key secret 2025-12-12 11:08:55 +01:00
Fix script permissions 2025-12-12 11:16:50 +01:00			`# 2. Generate Keys into /tmp (which is writable)`
			`openssl genrsa -out /tmp/private.key 4096`
			`openssl rsa -in /tmp/private.key -pubout -out /tmp/public.key`
Add oauth key secret 2025-12-12 11:08:55 +01:00
Fix script permissions 2025-12-12 11:16:50 +01:00			`# Generate App Key`
Add oauth key secret 2025-12-12 11:08:55 +01:00			`APP_KEY="base64:$(openssl rand -base64 32)"`

Fix script permissions 2025-12-12 11:16:50 +01:00			`# 3. Create Secret reading from /tmp`
Add oauth key secret 2025-12-12 11:08:55 +01:00			`kubectl create secret generic $SECRET_NAME \`
			`--from-literal=APP_KEY="$APP_KEY" \`
Fix script permissions 2025-12-12 11:16:50 +01:00			`--from-file=PASSPORT_PRIVATE_KEY=/tmp/private.key \`
			`--from-file=PASSPORT_PUBLIC_KEY=/tmp/public.key`