kind: Secret apiVersion: v1 metadata: name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} type: Opaque data: {{- $values := merge dict .Values }} {{- /* also passthrough subset of Chart / Release */}} {{- $_ := set $values "Chart" (dict "Name" .Chart.Name "Version" .Chart.Version) }} {{- $_ := set $values "Release" (pick .Release "Name" "Namespace" "Service") }} values.yaml: {{ $values | toYaml | b64enc | quote }} {{- with .Values.hub.db.password }} # Used to mount MYSQL_PWD or PGPASSWORD on hub pod, unless hub.existingSecret # is set as then that k8s Secret's value must be specified instead. hub.db.password: {{ . | b64enc | quote }} {{- end }} # Any JupyterHub Services api_tokens are exposed in this k8s Secret as a # convinience for external services running in the k8s cluster that could # mount them directly from this k8s Secret. {{- range $key, $service := .Values.hub.services }} hub.services.{{ $key }}.apiToken: {{ include "jupyterhub.hub.services.get_api_token" (list $ $key) | b64enc | quote }} {{- end }} # During Helm template rendering, these values that can be autogenerated for # users are set using the following logic: # # 1. Use chart configuration's value # 2. Use k8s Secret's value # 3. Use a new autogenerated value # # hub.config.ConfigurableHTTPProxy.auth_token: for hub to proxy-api authorization (JupyterHub.proxy_auth_token is deprecated) # hub.config.JupyterHub.cookie_secret: for cookie encryption # hub.config.CryptKeeper.keys: for auth state encryption # hub.config.ConfigurableHTTPProxy.auth_token: {{ include "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" . | required "This should not happen: blank output from 'jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token' template" | b64enc | quote }} hub.config.JupyterHub.cookie_secret: {{ include "jupyterhub.hub.config.JupyterHub.cookie_secret" . | required "This should not happen: blank output from 'jupyterhub.hub.config.JupyterHub.cookie_secret' template" | b64enc | quote }} hub.config.CryptKeeper.keys: {{ include "jupyterhub.hub.config.CryptKeeper.keys" . | required "This should not happen: blank output from 'jupyterhub.hub.config.CryptKeeper.keys' template" | b64enc | quote }} {{- with include "jupyterhub.extraFiles.data" .Values.hub.extraFiles }} {{- . | nindent 2 }} {{- end }} {{- with include "jupyterhub.extraFiles.stringData" .Values.hub.extraFiles }} stringData: {{- . | nindent 2 }} {{- end }}