<%!--
secret_env — Kubernetes Secret with env-style keys.
Same shape as `configmap_env`, but reads the YAML file from
`marea.d/secrets/` (kept out of git via `.gitignore`) and
base64-encodes each value before placing it under the Secret's
`data:` block with UPPER_CASED keys. Mount with `envFrom:` on your
Deployment to inject the secrets as env vars in one go.
Wiring (marea.yaml):
releases:
api:
helm:
template: secret_env.yaml
values:
file: api.secrets.yaml # basename under marea.d/secrets/
Assigns used: @name, @values["file"], @secret_files.
--%>
<%
import Marea.Templates, only: [to_dashes: 1, yaml!: 1]
file = Map.fetch!(@values, "file")
data = Map.fetch!(@secret_files, file) |> yaml!()
%>
apiVersion: v1
kind: Secret
metadata:
name: <%= to_dashes(@name) %>
data:
<%= for {key, value} <- data do %>
<%= String.upcase(to_string(key)) %>: '<%= Base.encode64(to_string(value)) %>'
<% end %>