added lookup for garm db password and jwtSecret to prevent regeneration

2025-12-02 14:56:26 +01:00 · 2025-12-02 14:56:26 +01:00 · 04339b0efc
commit 04339b0efc
parent dae2d3240c
2 changed files with 9 additions and 14 deletions
--- a/charts/garm/templates/_credentials.tpl
+++ b/charts/garm/templates/_credentials.tpl
@ -33,24 +33,22 @@ Get Gitea token - either user-provided or generated
 {{- end -}}
 {{- end -}}

-{{/*
-Get JWT secret - either user-provided or generated
-*/}}
 {{- define "garm.jwtSecret" -}}
-{{- if .Values.garm.jwtAuth.secret -}}
-{{- .Values.garm.jwtAuth.secret -}}
+{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}}
+{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).jwt_auth.secret) -}}
+{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}}
+{{ $another.jwt_auth.secret }}
 {{- else -}}
 {{- include "garm.randomString" . -}}
 {{- end -}}
 {{- end -}}

-{{/*
-Get database passphrase - either user-provided or generated
-*/}}
 {{- define "garm.dbPassphrase" -}}
-{{- if .Values.garm.database.passphrase -}}
-{{- .Values.garm.database.passphrase -}}
+{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}}
+{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).database.passphrase) -}}
+{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}}
+{{ $another.database.passphrase }}
 {{- else -}}
 {{- include "garm.randomString" . -}}
 {{- end -}}
-{{- end -}}
+{{- end -}}
--- a/charts/garm/values.yaml
+++ b/charts/garm/values.yaml
@ -52,8 +52,6 @@ garm:
    disableAuth: false

  jwtAuth:
-    # You should change this in production
-    # secret: "changeme-use-a-secure-random-string"
    timeToLive: "8760h"

  apiserver:
@ -65,7 +63,6 @@ garm:

  database:
    backend: sqlite3
-    # passphrase: "changeme-use-a-secure-random-string"
    sqlite3:
      dbFile: "/garm/garm.db"