From 04339b0efcc7a34794e611c4196abf2df1843558 Mon Sep 17 00:00:00 2001 From: Manuel Ganter Date: Tue, 2 Dec 2025 14:56:26 +0100 Subject: [PATCH] added lookup for garm db password and jwtSecret to prevent regeneration --- charts/garm/templates/_credentials.tpl | 20 +++++++++----------- charts/garm/values.yaml | 3 --- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/charts/garm/templates/_credentials.tpl b/charts/garm/templates/_credentials.tpl index cc41a51..e93bd03 100644 --- a/charts/garm/templates/_credentials.tpl +++ b/charts/garm/templates/_credentials.tpl @@ -33,24 +33,22 @@ Get Gitea token - either user-provided or generated {{- end -}} {{- end -}} -{{/* -Get JWT secret - either user-provided or generated -*/}} {{- define "garm.jwtSecret" -}} -{{- if .Values.garm.jwtAuth.secret -}} -{{- .Values.garm.jwtAuth.secret -}} +{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}} +{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).jwt_auth.secret) -}} +{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}} +{{ $another.jwt_auth.secret }} {{- else -}} {{- include "garm.randomString" . -}} {{- end -}} {{- end -}} -{{/* -Get database passphrase - either user-provided or generated -*/}} {{- define "garm.dbPassphrase" -}} -{{- if .Values.garm.database.passphrase -}} -{{- .Values.garm.database.passphrase -}} +{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}} +{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).database.passphrase) -}} +{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}} +{{ $another.database.passphrase }} {{- else -}} {{- include "garm.randomString" . -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/garm/values.yaml b/charts/garm/values.yaml index 484cf2a..2e3629f 100644 --- a/charts/garm/values.yaml +++ b/charts/garm/values.yaml @@ -52,8 +52,6 @@ garm: disableAuth: false jwtAuth: - # You should change this in production - # secret: "changeme-use-a-secure-random-string" timeToLive: "8760h" apiserver: @@ -65,7 +63,6 @@ garm: database: backend: sqlite3 - # passphrase: "changeme-use-a-secure-random-string" sqlite3: dbFile: "/garm/garm.db"