From c96de44ac144baefa2b78309ae9ea484bdb4ba19 Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Thu, 16 May 2024 14:59:01 -0700 Subject: [PATCH 01/17] save --- stack/templates/external_secrets_env.yaml | 49 +++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 stack/templates/external_secrets_env.yaml diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml new file mode 100644 index 0000000..f331be9 --- /dev/null +++ b/stack/templates/external_secrets_env.yaml @@ -0,0 +1,49 @@ +{{- define "service.externalSecretsTarget" -}} +target: + # Enum with values: 'Owner', 'Merge', or 'None' + # Default value of 'Owner' + # Owner creates the secret and sets .metadata.ownerReferences of the resource + # Merge does not create the secret, but merges in the data fields to the secret + # None does not create a secret (future use with injector) + # TODO: make this secret by default + creationPolicy: 'Merge' + deletionPolicy: "Delete" +{{- end}} + +{{- define "service.externalSecretsData" -}} +data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: {{ . }} + metadataPolicy: None + version: AWSCURRENT +{{- end}} + +{{ $global := . }} +{{ range $serviceName, $serviceValues := .Values.services }} + {{- $globalValuesDict := $global.Values.global | toYaml -}} + {{- $values := fromYaml $globalValuesDict -}} + {{- $values = set $values "name" $serviceName -}} + {{- $values := mergeOverwrite $values $serviceValues -}} + {{- $service := dict "Chart" $global.Chart "Release" $global.Release "Capabilities" $global.Capabilities "Values" $values -}} + +{{ range $appConfigKey, $secretName := .Values.appConfig }} +{{- with $service -}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $secretName }} + labels: + {{- include "service.labels" . | nindent 4 }} +spec: + secretStoreRef: + # TODO: make this + name: aws-secretsmanager + kind: SecretStore + refreshInterval: "30s" + {{- include "service.externalSecretsTarget" . | nindent 2 -}} + {{- include "service.externalSecretsData" $secretName | nindent 2 -}} +{{end}} +{{end}} From e5ea9b23f0c4756efe61641d2298d6479351a073 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Mon, 20 May 2024 13:03:40 -0600 Subject: [PATCH 02/17] refactor --- stack/templates/external_secrets_env.yaml | 44 ++++++++--------------- stack/values.yaml | 12 +++++-- 2 files changed, 23 insertions(+), 33 deletions(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index f331be9..43dfe5d 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -1,25 +1,3 @@ -{{- define "service.externalSecretsTarget" -}} -target: - # Enum with values: 'Owner', 'Merge', or 'None' - # Default value of 'Owner' - # Owner creates the secret and sets .metadata.ownerReferences of the resource - # Merge does not create the secret, but merges in the data fields to the secret - # None does not create a secret (future use with injector) - # TODO: make this secret by default - creationPolicy: 'Merge' - deletionPolicy: "Delete" -{{- end}} - -{{- define "service.externalSecretsData" -}} -data: - - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: {{ . }} - metadataPolicy: None - version: AWSCURRENT -{{- end}} - {{ $global := . }} {{ range $serviceName, $serviceValues := .Values.services }} {{- $globalValuesDict := $global.Values.global | toYaml -}} @@ -28,22 +6,28 @@ data: {{- $values := mergeOverwrite $values $serviceValues -}} {{- $service := dict "Chart" $global.Chart "Release" $global.Release "Capabilities" $global.Capabilities "Values" $values -}} -{{ range $appConfigKey, $secretName := .Values.appConfig }} +{{ range $secretsKey, $secretValue := .Values.appSecrets }} {{- with $service -}} --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: {{ $secretName }} + name: {{ $secretValue.kubeSecretName }} labels: - {{- include "service.labels" . | nindent 4 }} + {{- include "service.labels" . | nindent 4 }} + annotations: + {{- include "stack.annotations" $service | nindent 4 }} spec: secretStoreRef: - # TODO: make this name: aws-secretsmanager - kind: SecretStore - refreshInterval: "30s" - {{- include "service.externalSecretsTarget" . | nindent 2 -}} - {{- include "service.externalSecretsData" $secretName | nindent 2 -}} + kind: ClusterSecretStore + refreshInterval: "10m" + target: + deletionPolicy: Delete + data: + - secretKey: {{ $secretValue.kubeSecretName }} + remoteRef: + key: {{ $secretValue.remoteRefKey }} + {{end}} {{end}} diff --git a/stack/values.yaml b/stack/values.yaml index 8766957..f6fe985 100644 --- a/stack/values.yaml +++ b/stack/values.yaml @@ -66,11 +66,17 @@ global: initContainers: [] sidecars: [] - appConfig: + appContext: envContextConfigMapName: "" # App environment level configuration configmap name stackContextConfigMapName: "" # Stack level configuration configmap name - envSecretName: "" # App environment level configuration secret name - stackSecretName: "" # Stack level configuration secret name + + appSecrets: + envSecret: # App environment level configuration secret + kubeSecretName: "" + remoteRefKey: "" + stackSecret: # Stack level configuration secret + kubeSecretName: "" + remoteRefKey: "" # Global annotations to add to all resources annotations: {} From 4c5696959f7c48ddf08185fc7512a4197a700ae8 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Mon, 20 May 2024 14:45:27 -0600 Subject: [PATCH 03/17] try this --- stack/templates/external_secrets_env.yaml | 19 ++++++++++++++++--- stack/values.yaml | 8 ++++---- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 43dfe5d..140aada 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -12,7 +12,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: {{ $secretValue.kubeSecretName }} + name: {{ $secretValue.secretName }} labels: {{- include "service.labels" . | nindent 4 }} annotations: @@ -24,10 +24,23 @@ spec: refreshInterval: "10m" target: deletionPolicy: Delete + template: + engineVersion: v2 + mergePolicy: Replace + templateFrom: + - target: Data + literal: | + {{ + `{{ range $key, $value := . }} + {{ range $name, $val := $value | fromJson }} + {{$name | upper}}: {{$val}} + {{ end }} + {{ end }}` | nindent 7 + }} data: - - secretKey: {{ $secretValue.kubeSecretName }} + - secretKey: {{ $secretValue.secretName }} remoteRef: - key: {{ $secretValue.remoteRefKey }} + key: {{ $secretValue.secretKey }} {{end}} {{end}} diff --git a/stack/values.yaml b/stack/values.yaml index f6fe985..f0dc349 100644 --- a/stack/values.yaml +++ b/stack/values.yaml @@ -72,11 +72,11 @@ global: appSecrets: envSecret: # App environment level configuration secret - kubeSecretName: "" - remoteRefKey: "" + secretName: "" + secretKey: "" stackSecret: # Stack level configuration secret - kubeSecretName: "" - remoteRefKey: "" + secretName: "" + secretKey: "" # Global annotations to add to all resources annotations: {} From bb96e021d4d7528ffde1181f5ac7970e6d1e80f4 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Mon, 20 May 2024 14:54:52 -0600 Subject: [PATCH 04/17] try this --- stack/templates/external_secrets_env.yaml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 140aada..668f9a0 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -1,3 +1,7 @@ +{{- define "secretsTemplate" -}} +`{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` +{{-end }} + {{ $global := . }} {{ range $serviceName, $serviceValues := .Values.services }} {{- $globalValuesDict := $global.Values.global | toYaml -}} @@ -29,14 +33,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: | - {{ - `{{ range $key, $value := . }} - {{ range $name, $val := $value | fromJson }} - {{$name | upper}}: {{$val}} - {{ end }} - {{ end }}` | nindent 7 - }} + literal: {{- include "secretsTemplate" -}} data: - secretKey: {{ $secretValue.secretName }} remoteRef: From 7698203d60dacb90f6c1678cefa0db115b0ae57b Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Mon, 20 May 2024 15:09:06 -0600 Subject: [PATCH 05/17] fixes --- stack/templates/external_secrets_env.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 668f9a0..a407e3a 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -1,6 +1,6 @@ {{- define "secretsTemplate" -}} `{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` -{{-end }} +{{- end }} {{ $global := . }} {{ range $serviceName, $serviceValues := .Values.services }} @@ -10,8 +10,8 @@ {{- $values := mergeOverwrite $values $serviceValues -}} {{- $service := dict "Chart" $global.Chart "Release" $global.Release "Capabilities" $global.Capabilities "Values" $values -}} -{{ range $secretsKey, $secretValue := .Values.appSecrets }} {{- with $service -}} +{{ range $secretsKey, $secretValue := .Values.appSecrets }} --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret @@ -33,11 +33,11 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: {{- include "secretsTemplate" -}} + literal: {{- include "secretsTemplate" . -}} data: - secretKey: {{ $secretValue.secretName }} remoteRef: key: {{ $secretValue.secretKey }} - +{{end}} {{end}} {{end}} From 9425c6d51a7b40a82aaf744058ee40a86d94bb31 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 10:45:12 -0600 Subject: [PATCH 06/17] remove labels --- stack/templates/external_secrets_env.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index a407e3a..066e6e8 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -17,10 +17,6 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ $secretValue.secretName }} - labels: - {{- include "service.labels" . | nindent 4 }} - annotations: - {{- include "stack.annotations" $service | nindent 4 }} spec: secretStoreRef: name: aws-secretsmanager From 5031619c530b8949416a7daebabd72976633526f Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 10:50:54 -0600 Subject: [PATCH 07/17] update helpers naming --- stack/templates/_helpers.tpl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/stack/templates/_helpers.tpl b/stack/templates/_helpers.tpl index 7120956..17be407 100644 --- a/stack/templates/_helpers.tpl +++ b/stack/templates/_helpers.tpl @@ -84,26 +84,26 @@ Create the name of the service account to use {{- end }} {{- define "service.configuration" -}} -{{- if or (or (or (ne (trim .Values.appConfig.envSecretName) "") (ne (trim .Values.appConfig.envSecretName) "")) (ne (trim .Values.appConfig.envContextConfigMapName) "")) (ne (trim .Values.appConfig.stackContextConfigMapName) "") -}} +{{- if or (or (or (ne (trim .Values.appSecrets.envSecret.secretName) "") (ne (trim .Values.appSecrets.envSecret.secretName) "")) (ne (trim .Values.appContext.envContextConfigMapName) "")) (ne (trim .Values.appContext.stackContextConfigMapName) "") -}} envFrom: -{{- if ne (trim .Values.appConfig.envSecretName) "" }} +{{- if ne (trim .Values.appSecrets.envSecret.secretName) "" }} - secretRef: - name: {{ .Values.appConfig.envSecretName }} + name: {{ .Values.appSecrets.envSecret.secretName }} optional: true {{- end }} -{{- if ne (trim .Values.appConfig.stackSecretName) "" }} +{{- if ne (trim .Values.appSecrets.stackSecret.secretName) "" }} - secretRef: - name: {{ .Values.appConfig.stackSecretName }} + name: {{ .Values.appSecrets.stackSecret.secretName }} optional: true {{- end }} -{{- if ne (trim .Values.appConfig.envContextConfigMapName) "" }} +{{- if ne (trim .Values.appContext.envContextConfigMapName) "" }} - configMapRef: - name: {{ .Values.appConfig.envContextConfigMapName }} + name: {{ .Values.appContext.envContextConfigMapName }} optional: true {{- end }} -{{- if ne (trim .Values.appConfig.stackContextConfigMapName) "" }} +{{- if ne (trim .Values.appContext.stackContextConfigMapName) "" }} - configMapRef: - name: {{ .Values.appConfig.stackContextConfigMapName }} + name: {{ .Values.appContext.stackContextConfigMapName }} optional: true {{- end }} {{- end }} From 33bec48e1ab67de8b3a35c3dcce6fd65f6ea125b Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 10:55:38 -0600 Subject: [PATCH 08/17] fix for helm --- stack/templates/external_secrets_env.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 066e6e8..7c4c671 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -1,7 +1,3 @@ -{{- define "secretsTemplate" -}} -`{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` -{{- end }} - {{ $global := . }} {{ range $serviceName, $serviceValues := .Values.services }} {{- $globalValuesDict := $global.Values.global | toYaml -}} @@ -29,7 +25,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: {{- include "secretsTemplate" . -}} + literal: "{{ `{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` }}" data: - secretKey: {{ $secretValue.secretName }} remoteRef: From 4ed94dfa4c2ab1e3224a8bbf174e1bc136260291 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 11:07:18 -0600 Subject: [PATCH 09/17] refactor --- stack/templates/external_secrets_env.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 7c4c671..5bc25ee 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -25,7 +25,11 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: "{{ `{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` }}" + literal: | + {{ `{{ range $key, $value := . }} + {{ range $name, $val := $value | fromJson }} + {{$name | upper}}: {{$val}}{{ end }} + {{ end }}` }} data: - secretKey: {{ $secretValue.secretName }} remoteRef: From 117edf16dd573737cc5c270e1ac3e041ab018efb Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 11:14:12 -0600 Subject: [PATCH 10/17] revert --- stack/templates/external_secrets_env.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 5bc25ee..7c4c671 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -25,11 +25,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: | - {{ `{{ range $key, $value := . }} - {{ range $name, $val := $value | fromJson }} - {{$name | upper}}: {{$val}}{{ end }} - {{ end }}` }} + literal: "{{ `{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` }}" data: - secretKey: {{ $secretValue.secretName }} remoteRef: From 97c609623013a26c7873892186b15b4cd380f307 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 11:26:47 -0600 Subject: [PATCH 11/17] escape pipe --- stack/templates/external_secrets_env.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 7c4c671..5a58ee1 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -25,7 +25,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: "{{ `{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` }}" + literal: "{{ `{{ range $key, $value := . }}{{ range $name, $val := $value \| fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` }}" data: - secretKey: {{ $secretValue.secretName }} remoteRef: From 34fd91739a107ec02cf85db7a0d8f3aa4c8fc9b5 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 11:36:04 -0600 Subject: [PATCH 12/17] different quotes --- stack/templates/external_secrets_env.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 5a58ee1..e952930 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -25,7 +25,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: "{{ `{{ range $key, $value := . }}{{ range $name, $val := $value \| fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` }}" + literal: {{ "{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}" }} data: - secretKey: {{ $secretValue.secretName }} remoteRef: From f5c68d63324a73178ee33671835c4f635f9444a4 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 11:40:28 -0600 Subject: [PATCH 13/17] outer quotes --- stack/templates/external_secrets_env.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index e952930..b3c397f 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -25,7 +25,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: {{ "{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}" }} + literal: '{{ "{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}" }}' data: - secretKey: {{ $secretValue.secretName }} remoteRef: From 71ec89b8e0599816f1fe91ef77abd5777188ab67 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 11:43:47 -0600 Subject: [PATCH 14/17] swap quotes --- stack/templates/external_secrets_env.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index b3c397f..74620ab 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -25,7 +25,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: '{{ "{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}" }}' + literal: "{{ '{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}' }}" data: - secretKey: {{ $secretValue.secretName }} remoteRef: From a27d6f7c2f1571a06a55f8d6a0ea5cd4434311ad Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 11:51:12 -0600 Subject: [PATCH 15/17] no inner quotes --- stack/templates/external_secrets_env.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 74620ab..acc48fd 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -25,7 +25,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: "{{ '{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}' }}" + literal: "{{ {{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }} }}" data: - secretKey: {{ $secretValue.secretName }} remoteRef: From 205f06901908e62be6905e43c15055d3fe40f5d7 Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 11:52:40 -0600 Subject: [PATCH 16/17] revert quotes --- stack/templates/external_secrets_env.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index acc48fd..7c4c671 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -25,7 +25,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: "{{ {{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }} }}" + literal: "{{ `{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` }}" data: - secretKey: {{ $secretValue.secretName }} remoteRef: From c5635b30ca4e5aad42909e2b11b30d5c6519a00b Mon Sep 17 00:00:00 2001 From: Hayden Spitzley Date: Tue, 21 May 2024 11:59:40 -0600 Subject: [PATCH 17/17] newline --- stack/templates/external_secrets_env.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/templates/external_secrets_env.yaml b/stack/templates/external_secrets_env.yaml index 7c4c671..8103497 100644 --- a/stack/templates/external_secrets_env.yaml +++ b/stack/templates/external_secrets_env.yaml @@ -25,7 +25,7 @@ spec: mergePolicy: Replace templateFrom: - target: Data - literal: "{{ `{{ range $key, $value := . }}{{ range $name, $val := $value | fromJson }}{{$name | upper}}: {{$val}}{{ end }}{{ end }}` }}" + literal: "{{ `{{ range $key, $value := . }}\n{{ range $name, $val := $value | fromJson }}\n{{$name | upper}}: {{$val}}\n{{ end }}\n{{ end }}\n` }}" data: - secretKey: {{ $secretValue.secretName }} remoteRef: