我正在尝试创建一个秘密,如果数据库中的用户不存在该秘密,并且存在使用当前秘密,因此它不会被覆盖。
用户.yaml
{{ range $_, $db_instance := .Values.sql_instances_users }}
{{- $merged_users := include "users.merged" $db_instance | fromYaml }}
{{ range $_, $db_user := $merged_users.emails | uniq }}
---
apiVersion: sql.cnrm.cloud.google.com/v1beta1
kind: User
.....
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: "ro-secret"
type: Opaque
data:
{{- ( include "gen.secret" . ) | indent 2 -}}
{{- end }}
---
helpers.tpl
{{/*
Secret lookup function
*/}}
{{- define "gen.secret" -}}
{{- range .users }}
{{- $secret := lookup "v1" "Secret" "cp" .user -}}
{{- if $secret -}}
{{/* Reusing existing secret data if available */}}
accesskey: {{ $secret.data.accesskey }}
secretkey: {{ $secret.data.secretkey }}
{{- else -}}
{{/* Generate new data if no existing secret is found */}}
accesskey: {{ randAlphaNum 10 | b64enc }}
secretkey: {{ randAlphaNum 10 | b64enc }}
{{- end -}}
{{- end -}}
{{- end -}}
values.yaml
sql_instances_users:
- name: dev
grants: &play-users
- user: [email protected]
access: ro
- users:
- user: ro-user
type: internal
- name: dev-play
grants: *play-users
- name: courses
grants: *play-users
- name: qmp
图表看起来像
helm upgrade --debug -f values.yaml --namespace default test1-default .---
# Source: sql-proxy/templates/users.yaml
apiVersion: v1
kind: Secret
metadata:
name: "ro-secret"
type: Opaque
data:
---
# Source: sql-proxy/templates/users.yaml
apiVersion: v1
kind: Secret
metadata:
name: "ro-secret"
type: Opaque
data:
accesskey: HTI2GiuNgTNWTA==
secretkey: L2N0Dfgthm9HWg==
---
我认为问题是只有一些图表有
data:"sql--user-ro-user" is invalid:dev"sql-dev-user-ro-user" is invalid:错误:
helm.go:84: [debug] SQLUser.sql.cnrm.cloud.google.com "sql--user-ro-user" is invalid: [<nil>: Invalid value: "": "spec.instanceRef" must validate one and only one schema (oneOf). Found none valid, spec.instanceRef.name: Required value]
如有任何建议,我们将不胜感激。