This example shows how to generate something like a random password and keeping it consistent during upgrades.
IF YOU CAN, you should let helm generate a random secret during every upgrade and update the app to rotate the password from old one to new one. There are many options available by means of jobs and hooks to figure this out.
Create a new helm chart with with no templates.
% helm create chart-name
Creating chart-name
% mv chart-name chart
% ls -l
total 0
drwxr-xr-x 7 bob bob 224 Feb 24 20:28 chart
% rm -rf chart/templates/*
Add generated-secret.yaml
to chart/tempaltes/
.
Create a kind cluster.
% cat <<EOF | kind create cluster --config /dev/stdin
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
## You can define the image for each kind node
# image: kindest/node:v1.24.7
# image: kindest/node:v1.22.15
- role: worker
- role: worker
- role: worker
EOF
% kubectl get nodes
Test the chart by installing, upgrading, and making sure the random secret stays the same.
% cat <<EOF | helm upgrade --install my-release chart/ --values -
## Put your values here or something 🤷🏻♂️
EOF
% kubectl get secrets my-secret-name -oyaml | yq .data
% cat <<EOF | helm upgrade --install my-release chart/ --values - --dry-run
## Put your values here or something
EOF
% kubectl get secrets my-secret-name -oyaml | yq .data
Bonus thing... There will come a time that you want to get lazy and just know your default values. You can't read values.yaml
in charts, because someone thought they were smart. Just make a symlink like this and read values.readable.yaml
.
% cd chart/
% mv values.yaml values.readable.yaml
% ln -s values.readable.yaml values.yaml