# values-existing-secret.yaml # # When to use: GitOps workflows where secrets are managed outside Helm via # Sealed Secrets, SOPS, kubeseal, or manual `kubectl create secret`. The # chart references your pre-created Kubernetes Secret objects by name # instead of templating values into a chart-managed Secret. # # Prerequisites: # Create the Secret objects before `helm install`. Example: # kubectl create secret generic my-app-secrets --namespace sim \ # --from-literal=BETTER_AUTH_SECRET=$(openssl rand -hex 32) \ # --from-literal=ENCRYPTION_KEY=$(openssl rand -hex 32) \ # --from-literal=INTERNAL_API_SECRET=$(openssl rand -hex 32) \ # --from-literal=CRON_SECRET=$(openssl rand -hex 32) # Full Secret manifests are at the bottom of this file. # # Install: # helm install sim ./helm/sim \ # --namespace sim --create-namespace \ # --values ./helm/sim/examples/values-existing-secret.yaml app: enabled: true replicaCount: 2 secrets: existingSecret: enabled: true name: "sim-app-secrets" env: NEXT_PUBLIC_APP_URL: "https://sim.example.com" BETTER_AUTH_URL: "https://sim.example.com" NEXT_PUBLIC_SOCKET_URL: "wss://sim-ws.example.com" NODE_ENV: "production" realtime: enabled: true replicaCount: 2 env: NEXT_PUBLIC_APP_URL: "https://sim.example.com" BETTER_AUTH_URL: "https://sim.example.com" ALLOWED_ORIGINS: "https://sim.example.com" NODE_ENV: "production" postgresql: enabled: true auth: username: postgres database: sim existingSecret: enabled: true name: "sim-postgresql-secret" passwordKey: "POSTGRES_PASSWORD" # --- # Create secrets before installing: # --- # kubectl create secret generic sim-app-secrets \ # --namespace sim \ # --from-literal=BETTER_AUTH_SECRET="$(openssl rand -hex 32)" \ # --from-literal=ENCRYPTION_KEY="$(openssl rand -hex 32)" \ # --from-literal=INTERNAL_API_SECRET="$(openssl rand -hex 32)" \ # --from-literal=CRON_SECRET="$(openssl rand -hex 32)" \ # --from-literal=API_ENCRYPTION_KEY="$(openssl rand -hex 32)" # kubectl create secret generic sim-postgresql-secret \ # --namespace sim \ # --from-literal=POSTGRES_PASSWORD="$(openssl rand -base64 16 | tr -d '/+=')"