northern-lighthouse/solidtime-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ff107596ab484f36b30eff17473cfa95850ea72c
solidtime-chart/templates/job-generate-keys.yaml
olof.pettersson ff107596ab
All checks were successful
Publish Helm Chart / publish (push) Successful in 25s
Details
Fix script permissions
2025-12-12 11:16:50 +01:00

41 lines
1.4 KiB
YAML
Raw Blame History

apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "solidtime.fullname" . }}-keygen
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
template:
spec:
serviceAccountName: {{ include "solidtime.fullname" . }}-keygen
restartPolicy: OnFailure
containers:
- name: keygen
image: bitnami/kubectl:latest
command:
- /bin/sh
- -c
- |
SECRET_NAME="solidtime-app-secrets"
# 1. Check if secret already exists
if kubectl get secret $SECRET_NAME; then
echo "Keys already exist. Skipping generation."
exit 0
fi
echo "Generating keys in /tmp..."
# 2. Generate Keys into /tmp (which is writable)
openssl genrsa -out /tmp/private.key 4096
openssl rsa -in /tmp/private.key -pubout -out /tmp/public.key
# Generate App Key
APP_KEY="base64:$(openssl rand -base64 32)"
# 3. Create Secret reading from /tmp
kubectl create secret generic $SECRET_NAME \
--from-literal=APP_KEY="$APP_KEY" \
--from-file=PASSPORT_PRIVATE_KEY=/tmp/private.key \
--from-file=PASSPORT_PUBLIC_KEY=/tmp/public.key
Reference in New Issue View Git Blame Copy Permalink