<%!--
secret_files — Kubernetes Secret with file payloads.
Same shape as `configmap_files`, but reads from `marea.d/secrets/`
and base64-encodes the entire file contents before writing each
entry under the Secret's `data:` block. Mount the Secret as a volume
to expose one file per key on disk inside the pod (TLS certs and
keys, service-account credentials, signed configs, …).
Wiring (marea.yaml):
releases:
api:
helm:
template: secret_files.yaml
values:
tls.crt: api.tls.crt # <data key>: <file basename>
tls.key: api.tls.key
Assigns used: @name, @values, @secret_files.
--%>
<%
import Marea.Templates, only: [to_dashes: 1]
files =
for {key, file} <- @values do
{key, Map.fetch!(@secret_files, file)}
end
%>
apiVersion: v1
kind: Secret
metadata:
name: <%= to_dashes(@name) %>
data:
<%= for {key, data} <- files do %>
<%= key %>: |-
<%= Base.encode64(data) %>
<% end %>