Fix helm chart secret generator (#262)

deploy/helm/Chart.yaml

@@ -8,4 +8,4 @@ description: DataLens Helm chart for Kubernetes
 type: application
 
 # helm chart version
-version: 1.0.0
+version: 1.0.1

deploy/helm/templates/secret.yaml

@@ -1,31 +1,22 @@
 # find secret resource with name datalens-secret
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace "datalens-secret") }}
-{{- $pg_password := (randAlphaNum 32 | b64enc) }}
-{{- if and $secret (hasKey $secret.data "POSTGRES_PASSWORD") }}
-  {{- $pg_password = $secret.data.POSTGRES_PASSWORD }}
-{{- end }}
+{{- $US_MASTER_TOKEN := .Values.secrets.US_MASTER_TOKEN | default (randAlphaNum 32) }}
+{{- $CONTROL_API_CRYPTO_KEY := .Values.secrets.CONTROL_API_CRYPTO_KEY | default (randAlphaNum 32 | b64enc) }}
+{{- $POSTGRES_PASSWORD := .Values.secrets.POSTGRES_PASSWORD | default (randAlphaNum 32) }}
+{{- $DICT := dict "US_MASTER_TOKEN" ($US_MASTER_TOKEN | b64enc) "CONTROL_API_CRYPTO_KEY" ($CONTROL_API_CRYPTO_KEY | b64enc) "POSTGRES_PASSWORD" ($POSTGRES_PASSWORD | b64enc) }}
+{{- $SECRET := (lookup "v1" "Secret" .Release.Namespace "datalens-secret").data | default $DICT }}
+{{- $US_MASTER_TOKEN := get $SECRET "US_MASTER_TOKEN" | default ($US_MASTER_TOKEN | b64enc) }}
+{{- $CONTROL_API_CRYPTO_KEY := get $SECRET "CONTROL_API_CRYPTO_KEY" | default ($CONTROL_API_CRYPTO_KEY | b64enc) }}
+{{- $POSTGRES_PASSWORD := get $SECRET "POSTGRES_PASSWORD" | default ($POSTGRES_PASSWORD | b64enc) }}
 apiVersion: v1
 kind: Secret
 metadata:
   name: datalens-secret
   namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
-  # US_MASTER_TOKEN
-  {{- if and $secret (hasKey $secret.data "US_MASTER_TOKEN") }}
-  US_MASTER_TOKEN: {{ $secret.data.US_MASTER_TOKEN }}
-  {{- else }}
-  US_MASTER_TOKEN: {{ randAlphaNum 32 | b64enc }}
-  {{- end }}
-  # CONTROL_API_CRYPTO_KEY
-  {{- if and $secret (hasKey $secret.data "CONTROL_API_CRYPTO_KEY") }}
-  CONTROL_API_CRYPTO_KEY: {{ $secret.data.CONTROL_API_CRYPTO_KEY }}
-  {{- else }}
+  US_MASTER_TOKEN: {{ $US_MASTER_TOKEN }}
   # double base64 encoding is not error
-  CONTROL_API_CRYPTO_KEY: {{ randAlphaNum 32 | b64enc | b64enc }}
-  {{- end }}
-  # POSTGRES_PASSWORD
-  POSTGRES_PASSWORD: {{ $pg_password }}
-  # POSTGRES_DSN_LIST
-  POSTGRES_DSN_LIST_US: {{ print "postgres://pg-user:" ($pg_password | b64dec) "@datalens-pg-cip:5432/pg-us-db" | b64enc }}
-  POSTGRES_DSN_LIST_COMPENG: {{ print "postgres://pg-user:" ($pg_password | b64dec) "@datalens-pg-cip:5432/pg-compeng-db" | b64enc }}
+  CONTROL_API_CRYPTO_KEY: {{ $CONTROL_API_CRYPTO_KEY }}
+  POSTGRES_PASSWORD: {{ $POSTGRES_PASSWORD }}
+  POSTGRES_DSN_LIST_US: {{ print "postgres://pg-user:" ($POSTGRES_PASSWORD | b64dec) "@datalens-pg-cip:5432/pg-us-db" | b64enc }}
+  POSTGRES_DSN_LIST_COMPENG: {{ print "postgres://pg-user:" ($POSTGRES_PASSWORD | b64dec) "@datalens-pg-cip:5432/pg-compeng-db" | b64enc }}

deploy/helm/values.yaml

@@ -15,7 +15,7 @@ database:
       memory: 128Mi
     limits:
       cpu: 1000m
-      memory: 512Mi    
+      memory: 512Mi
 
 ingress:
   enabled: true
@@ -32,6 +32,11 @@ config:
     enabled: false
     token: null
 
+secrets:
+  US_MASTER_TOKEN: null
+  CONTROL_API_CRYPTO_KEY: null
+  POSTGRES_PASSWORD: null
+
 application:
   ui:
     replicas: 1

templates/helm-values.j2

@@ -15,7 +15,7 @@ database:
       memory: 128Mi
     limits:
       cpu: 1000m
-      memory: 512Mi    
+      memory: 512Mi
 
 ingress:
   enabled: true
@@ -32,6 +32,11 @@ config:
     enabled: false
     token: null
 
+secrets:
+  US_MASTER_TOKEN: null
+  CONTROL_API_CRYPTO_KEY: null
+  POSTGRES_PASSWORD: null
+
 application:
   ui:
     replicas: 1