Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-16 06:47:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
36932cd3f49689edac8c3fb6932b6dc24f655432
charts/bitnami/supabase/templates/jwt-init-job.yaml
Juan Ariza Toledano a4635060d5 [bitnami/supabase]: Use merge helper (#19111)
2023-09-08 14:15:35 +02:00

148 lines
7.1 KiB
YAML
Raw Blame History

{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (include "supabase.createInitJob" .) (not .Values.global.jwt.existingSecret) }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "common.names.fullname" . }}-jwt-init
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: supabase
{{- if or .Values.jwt.autoGenerate.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.jwt.autoGenerate.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
backoffLimit: {{ .Values.jwt.autoGenerate.backoffLimit }}
template:
metadata:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.jwt.autoGenerate.podLabels .Values.commonLabels ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: init
{{- if .Values.jwt.autoGenerate.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "supabase.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ template "supabase.serviceAccountName" . }}
restartPolicy: OnFailure
{{- if .Values.jwt.autoGenerate.podSecurityContext.enabled }}
securityContext: {{- omit .Values.jwt.autoGenerate.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.jwt.autoGenerate.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.hostAliases "context" $) | nindent 8 }}
{{- end }}
initContainers:
- name: create-jwt-token
image: {{ template "supabase.jwt-cli.image" . }}
imagePullPolicy: {{ .Values.jwt.autoGenerate.image.pullPolicy }}
command:
- /bin/bash
- -ec
args:
- |
#!/bin/bash
echo "Generating JWT token"
# Taken from https://supabase.com/docs/guides/self-hosting#api-keys
{{- if not .Values.jwt.anonKey }}
ANON_KEY="$(jwt encode --secret=$SECRET '{"role":"anon","iss":"supabase","iat":1676934000,"exp":1834700400}')"
{{- end }}
{{- if not .Values.jwt.serviceKey }}
SERVICE_KEY="$(jwt encode --secret=$SECRET '{"role":"service_role","iss":"supabase","iat":1676934000,"exp":1834700400}')"
{{- end }}
echo "Writing JWT token to file"
echo -n "$SECRET" > /bitnami/supabase/secrets/secret
echo -n "$ANON_KEY" > /bitnami/supabase/secrets/anon-key
echo -n "$SERVICE_KEY" > /bitnami/supabase/secrets/service-key
env:
- name: SECRET
valueFrom:
secretKeyRef:
name: {{ include "supabase.jwt.secretName" . }}
key: secret
{{- if .Values.jwt.anonKey }}
- name: ANON_KEY
valueFrom:
secretKeyRef:
name: {{ include "supabase.jwt.secretName" . }}
key: secret
{{- end }}
{{- if .Values.jwt.serviceKey }}
- name: SERVICE_KEY
valueFrom:
secretKeyRef:
name: {{ include "supabase.jwt.secretName" . }}
key: secret
{{- end }}
{{- if .Values.jwt.autoGenerate.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.jwt.autoGenerate.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if or .Values.jwt.autoGenerate.extraEnvVarsCM .Values.jwt.autoGenerate.extraEnvVarsSecret }}
envFrom:
{{- if .Values.jwt.autoGenerate.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.jwt.autoGenerate.extraEnvVarsCM }}
{{- end }}
{{- if .Values.jwt.autoGenerate.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.jwt.autoGenerate.extraEnvVarsSecret }}
{{- end }}
{{- end }}
volumeMounts:
- name: secret-files
mountPath: /bitnami/supabase/secrets
{{- if .Values.jwt.autoGenerate.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.jwt.autoGenerate.resources }}
resources: {{- toYaml .Values.jwt.autoGenerate.resources | nindent 12 }}
{{- end }}
containers:
- name: create-update-secret
image: {{ template "supabase.kubectl.image" . }}
imagePullPolicy: {{ .Values.jwt.autoGenerate.kubectlImage.pullPolicy }}
command:
- /bin/bash
- -ec
args:
- |
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
echo "Creating secret"
kubectl create secret --namespace={{ include "common.names.namespace" . }} generic {{ include "supabase.jwt.secretName" . }} --from-file=/bitnami/supabase/secrets/secret --from-file=/bitnami/supabase/secrets/anon-key --from-file=/bitnami/supabase/secrets/service-key --dry-run -o yaml | kubectl apply -f -
{{- if .Values.jwt.autoGenerate.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.jwt.autoGenerate.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if or .Values.jwt.autoGenerate.extraEnvVarsCM .Values.jwt.autoGenerate.extraEnvVarsSecret }}
envFrom:
{{- if .Values.jwt.autoGenerate.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.jwt.autoGenerate.extraEnvVarsCM }}
{{- end }}
{{- if .Values.jwt.autoGenerate.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.jwt.autoGenerate.extraEnvVarsSecret }}
{{- end }}
{{- end }}
volumeMounts:
- name: secret-files
mountPath: /bitnami/supabase/secrets
{{- if .Values.jwt.autoGenerate.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.jwt.autoGenerate.resources }}
resources: {{- toYaml .Values.jwt.autoGenerate.resources | nindent 12 }}
{{- end }}
volumes:
- name: secret-files
emptyDir: {}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.extraVolumes "context" $) | nindent 6 }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink