claude
134d3e8bfc
Helm Chart Release / release-chart (push) Successful in 4s
Use lookup to check for an existing Secret before generating a new random key. Priority order: 1. values.yaml n8n.encryptionKey (explicit) 2. Existing Secret in the cluster (upgrade-safe) 3. randAlphaNum 32 (first install only) This prevents the "Mismatching encryption keys" error caused by randAlphaNum generating a new key on every helm upgrade. Same stable-value pattern applied to basicAuth password. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
34 lines
1.3 KiB
YAML
34 lines
1.3 KiB
YAML
{{- if not .Values.n8n.existingSecret -}}
|
|
{{- $secretName := include "n8n.fullname" . -}}
|
|
{{- $existing := lookup "v1" "Secret" .Release.Namespace $secretName -}}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ $secretName }}
|
|
labels:
|
|
{{- include "n8n.labels" . | nindent 4 }}
|
|
annotations:
|
|
helm.sh/resource-policy: keep
|
|
type: Opaque
|
|
data:
|
|
{{- if .Values.n8n.encryptionKey }}
|
|
encryption-key: {{ .Values.n8n.encryptionKey | b64enc | quote }}
|
|
{{- else if $existing }}
|
|
encryption-key: {{ index $existing.data "encryption-key" }}
|
|
{{- else }}
|
|
encryption-key: {{ randAlphaNum 32 | b64enc | quote }}
|
|
{{- end }}
|
|
{{- if and .Values.n8n.basicAuth.enabled (not .Values.n8n.basicAuth.existingSecret) }}
|
|
{{- if .Values.n8n.basicAuth.password }}
|
|
basic-auth-password: {{ .Values.n8n.basicAuth.password | b64enc | quote }}
|
|
{{- else if $existing }}
|
|
basic-auth-password: {{ index $existing.data "basic-auth-password" | default (randAlphaNum 16 | b64enc) }}
|
|
{{- else }}
|
|
basic-auth-password: {{ randAlphaNum 16 | b64enc | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if and (eq .Values.n8n.database.type "postgresdb") (not .Values.n8n.database.postgresdb.existingSecret) }}
|
|
postgres-password: {{ .Values.n8n.database.postgresdb.password | b64enc | quote }}
|
|
{{- end }}
|
|
{{- end }}
|