diff --git a/contrib/charts/bivac/templates/deployment.yaml b/contrib/charts/bivac/templates/deployment.yaml index aa3bbd4e..f7407e9e 100644 --- a/contrib/charts/bivac/templates/deployment.yaml +++ b/contrib/charts/bivac/templates/deployment.yaml @@ -53,12 +53,22 @@ spec: - name: RESTIC_PASSWORD {{- if .Values.resticPassword }} value: {{ .Values.resticPassword }} + {{- else if .Values.resticPasswordFromSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.resticPasswordFromSecret.name }} + key: {{ .Values.resticPasswordFromSecret.key }} {{- else }} value: {{ randAlphaNum 15 }} {{- end }} - name: BIVAC_SERVER_PSK {{- if .Values.serverPSK }} value: {{ .Values.serverPSK }} + {{- else if .Values.serverPSKFromSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.serverPSKFromSecret.name }} + key: {{ .Values.serverPSKFromSecret.key }} {{- else }} value: {{ randAlphaNum 15 }} {{- end }} diff --git a/contrib/charts/bivac/values.yaml b/contrib/charts/bivac/values.yaml index e3f279a4..0f891d66 100644 --- a/contrib/charts/bivac/values.yaml +++ b/contrib/charts/bivac/values.yaml @@ -22,14 +22,24 @@ watchAllNamespaces: true targetURL: "" ## Password used by Restic to encrypt the backups -# If left empty, a generated one will be used -# +# Use `resticPassword` to set password as a raw string. +# Use `resticPasswordFromSecret` to use a password stored in a Secret. +# If those values are null/empty, a random password will be generated. resticPassword: "" +resticPasswordFromSecret: "" +#resticPasswordFromSecret: +# name: secret_name +# key: key_name ## Pre-shared key which protect the Bivac server -# If left empty, a generated one will be used -# +# Use `resticPassword` to set password as a raw string. +# Use `resticPasswordFromSecret` to use a password stored in a Secret. +# If those values are null/empty, a random password will be generated. serverPSK: "" +serverPSKFromSecret: "" +#serverPSKFromSecret: +# name: secret_name +# key: key_name ## Additional environment variables #