Skip to main content

priv/templates/helm/secret_files.yaml.eex

<%!--
  secret_files — Kubernetes Secret with file payloads.

  Same shape as `configmap_files`, but reads from `marea.d/secrets/`
  and base64-encodes the entire file contents before writing each
  entry under the Secret's `data:` block. Mount the Secret as a volume
  to expose one file per key on disk inside the pod (TLS certs and
  keys, service-account credentials, signed configs, …).

  Wiring (marea.yaml):

      releases:
        api:
          helm:
            template: secret_files.yaml
            values:
              tls.crt: api.tls.crt          # <data key>: <file basename>
              tls.key: api.tls.key

  Assigns used: @name, @values, @secret_files.
--%>
<%
  import Marea.Templates, only: [to_dashes: 1]
  files =
    for {key, file} <- @values do
      {key, Map.fetch!(@secret_files, file)}
    end
%>
apiVersion: v1
kind: Secret
metadata:
  name: <%= to_dashes(@name) %>
data:
  <%= for {key, data} <- files do %>
  <%= key %>: |-
    <%= Base.encode64(data) %>
  <% end %>