k8s-manifests/jupyter/base/charts/jupyterhub/templates/hub/secret.yaml

kind: Secret
apiVersion: v1
metadata:
  name: {{ include "jupyterhub.hub.fullname" . }}
  labels:
    {{- include "jupyterhub.labels" . | nindent 4 }}
type: Opaque
data:
  {{- $values := merge dict .Values }}
  {{- /* also passthrough subset of Chart / Release */}}
  {{- $_ := set $values "Chart" (dict "Name" .Chart.Name "Version" .Chart.Version) }}
  {{- $_ := set $values "Release" (pick .Release "Name" "Namespace" "Service") }}
  values.yaml: {{ $values | toYaml | b64enc | quote }}

  {{- with .Values.hub.db.password }}
  # Used to mount MYSQL_PWD or PGPASSWORD on hub pod, unless hub.existingSecret
  # is set as then that k8s Secret's value must be specified instead.
  hub.db.password: {{ . | b64enc | quote }}
  {{- end }}

  # Any JupyterHub Services api_tokens are exposed in this k8s Secret as a
  # convinience for external services running in the k8s cluster that could
  # mount them directly from this k8s Secret.
  {{- range $key, $service := .Values.hub.services }}
  hub.services.{{ $key }}.apiToken: {{ include "jupyterhub.hub.services.get_api_token" (list $ $key) | b64enc | quote }}
  {{- end }}

  # During Helm template rendering, these values that can be autogenerated for
  # users are set using the following logic:
  #
  # 1. Use chart configuration's value
  # 2. Use k8s Secret's value
  # 3. Use a new autogenerated value
  #
  # hub.config.ConfigurableHTTPProxy.auth_token: for hub to proxy-api authorization (JupyterHub.proxy_auth_token is deprecated)
  # hub.config.JupyterHub.cookie_secret:         for cookie encryption
  # hub.config.CryptKeeper.keys:                 for auth state encryption
  #
  hub.config.ConfigurableHTTPProxy.auth_token: {{ include "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" . | required "This should not happen: blank output from 'jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token' template" | b64enc | quote }}
  hub.config.JupyterHub.cookie_secret: {{ include "jupyterhub.hub.config.JupyterHub.cookie_secret" . | required "This should not happen: blank output from 'jupyterhub.hub.config.JupyterHub.cookie_secret' template" | b64enc | quote }}
  hub.config.CryptKeeper.keys: {{ include "jupyterhub.hub.config.CryptKeeper.keys" . | required "This should not happen: blank output from 'jupyterhub.hub.config.CryptKeeper.keys' template" | b64enc | quote }}

  {{- with include "jupyterhub.extraFiles.data" .Values.hub.extraFiles }}
  {{- . | nindent 2 }}
  {{- end }}

{{- with include "jupyterhub.extraFiles.stringData" .Values.hub.extraFiles }}
stringData:
  {{- . | nindent 2 }}
{{- end }}
Jupytherhub: Export 3.0.3 like so: ``` helm repo add jupyterhub https://hub.jupyter.org/helm-chart/ helm fetch jupyterhub/jupyterhub --version 3.0.3 --untar --untardir . ``` 2023-09-25 14:28:39 +00:00			`kind: Secret`
			`apiVersion: v1`
			`metadata:`
			`name: {{ include "jupyterhub.hub.fullname" . }}`
			`labels:`
			`{{- include "jupyterhub.labels" . \| nindent 4 }}`
			`type: Opaque`
			`data:`
			`{{- $values := merge dict .Values }}`
			`{{- /* also passthrough subset of Chart / Release */}}`
			`{{- $_ := set $values "Chart" (dict "Name" .Chart.Name "Version" .Chart.Version) }}`
			`{{- $_ := set $values "Release" (pick .Release "Name" "Namespace" "Service") }}`
			`values.yaml: {{ $values \| toYaml \| b64enc \| quote }}`

			`{{- with .Values.hub.db.password }}`
			`# Used to mount MYSQL_PWD or PGPASSWORD on hub pod, unless hub.existingSecret`
			`# is set as then that k8s Secret's value must be specified instead.`
			`hub.db.password: {{ . \| b64enc \| quote }}`
			`{{- end }}`

			`# Any JupyterHub Services api_tokens are exposed in this k8s Secret as a`
			`# convinience for external services running in the k8s cluster that could`
			`# mount them directly from this k8s Secret.`
			`{{- range $key, $service := .Values.hub.services }}`
			`hub.services.{{ $key }}.apiToken: {{ include "jupyterhub.hub.services.get_api_token" (list $ $key) \| b64enc \| quote }}`
			`{{- end }}`

			`# During Helm template rendering, these values that can be autogenerated for`
			`# users are set using the following logic:`
			`#`
			`# 1. Use chart configuration's value`
			`# 2. Use k8s Secret's value`
			`# 3. Use a new autogenerated value`
			`#`
			`# hub.config.ConfigurableHTTPProxy.auth_token: for hub to proxy-api authorization (JupyterHub.proxy_auth_token is deprecated)`
			`# hub.config.JupyterHub.cookie_secret: for cookie encryption`
			`# hub.config.CryptKeeper.keys: for auth state encryption`
			`#`
			`hub.config.ConfigurableHTTPProxy.auth_token: {{ include "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" . \| required "This should not happen: blank output from 'jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token' template" \| b64enc \| quote }}`
			`hub.config.JupyterHub.cookie_secret: {{ include "jupyterhub.hub.config.JupyterHub.cookie_secret" . \| required "This should not happen: blank output from 'jupyterhub.hub.config.JupyterHub.cookie_secret' template" \| b64enc \| quote }}`
			`hub.config.CryptKeeper.keys: {{ include "jupyterhub.hub.config.CryptKeeper.keys" . \| required "This should not happen: blank output from 'jupyterhub.hub.config.CryptKeeper.keys' template" \| b64enc \| quote }}`

			`{{- with include "jupyterhub.extraFiles.data" .Values.hub.extraFiles }}`
			`{{- . \| nindent 2 }}`
			`{{- end }}`

			`{{- with include "jupyterhub.extraFiles.stringData" .Values.hub.extraFiles }}`
			`stringData:`
			`{{- . \| nindent 2 }}`
			`{{- end }}`