From c53d0ad2b57e477b367319bea1f0c7399ed855e3 Mon Sep 17 00:00:00 2001 From: Jim Park Date: Sun, 4 Apr 2021 16:08:22 -0700 Subject: [PATCH 1/4] fix: some minor fixes for AWS deployment --- charts/papercups/Chart.yaml | 2 +- charts/papercups/README.md.gotmpl | 4 ++++ charts/papercups/templates/ingress.yaml | 4 +++- charts/papercups/values.yaml | 20 +++++++++++++------- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/charts/papercups/Chart.yaml b/charts/papercups/Chart.yaml index 2631781..5e7d48a 100644 --- a/charts/papercups/Chart.yaml +++ b/charts/papercups/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart to deploy the papercups chat server to Kubernetes type: application # This is the chart version. -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. appVersion: "latest" diff --git a/charts/papercups/README.md.gotmpl b/charts/papercups/README.md.gotmpl index cb86c6d..f7e3fa0 100644 --- a/charts/papercups/README.md.gotmpl +++ b/charts/papercups/README.md.gotmpl @@ -28,4 +28,8 @@ $ helm repo add bitnami https://charts.bitnami.com/bitnami $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercups,postgresqlPassword=changeit,postgresqlDatabase=papercups ``` +## Deploying to AWS + +Read more at [https://docs.papercups.io/aws](https://docs.papercups.io/aws). + {{ template "chart.valuesSection" . }} diff --git a/charts/papercups/templates/ingress.yaml b/charts/papercups/templates/ingress.yaml index 06978ca..0b14bd0 100644 --- a/charts/papercups/templates/ingress.yaml +++ b/charts/papercups/templates/ingress.yaml @@ -1,7 +1,9 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "papercups.fullname" . -}} {{- $svcPort := .Values.service.port -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 diff --git a/charts/papercups/values.yaml b/charts/papercups/values.yaml index d76bee3..99e873a 100644 --- a/charts/papercups/values.yaml +++ b/charts/papercups/values.yaml @@ -50,18 +50,24 @@ securityContext: {} # runAsUser: 1000 service: - type: ClusterIP + type: NodePort port: 4000 -# -- TODO: This is untested ingress: + # -- Enable using an Ingress controller. enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + # -- Specify Ingress controller's annotations. + annotations: + # AWS annotations - Read more at https://docs.papercups.io/aws + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: instance + # -- Specify what hosts the listener will listen for. + # -- If external-dns is enabled, then create DNS records for each host entry hosts: - - host: papercups.example.com - paths: [] + - host: "*" + paths: + - / tls: [] # - secretName: papercups-example-com-tls # hosts: From 22d3b4600d230abda223f04a27329164ad075ac0 Mon Sep 17 00:00:00 2001 From: jim80net Date: Sun, 4 Apr 2021 23:13:34 +0000 Subject: [PATCH 2/4] :robot: update docs [skip ci] --- charts/papercups/README.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/charts/papercups/README.md b/charts/papercups/README.md index e3d57b8..4f3e7fe 100644 --- a/charts/papercups/README.md +++ b/charts/papercups/README.md @@ -1,6 +1,6 @@ # Papercups Helm Chart -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) This chart was designed to deploy [papercups](https://papercups.io) to your Kubernetes cluster. @@ -28,6 +28,10 @@ $ helm repo add bitnami https://charts.bitnami.com/bitnami $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercups,postgresqlPassword=changeit,postgresqlDatabase=papercups ``` +## Deploying to AWS + +Read more at [https://docs.papercups.io/aws](https://docs.papercups.io/aws). + ## Values | Key | Type | Default | Description | @@ -40,9 +44,12 @@ $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercup | image.command | list | `["/entrypoint.sh"]` | Equivalent to Docker's Entrypoint | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"papercups/papercups"` | Override default registry + image.name | -| image.tag | string | `"latest@sha256:3c369ea5d68b258c88b12c9fbdfa97e651e4a5b6136f4651553afd217fa55299"` | Override the image tag | +| image.tag | string | `"latest@sha256:9134991ef653cdaceeead862bafdfe332ba9d1e24f49fce386ea092e26bbbd1e"` | Override the image tag | | imagePullSecrets | list | `[]` | | -| ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"papercups.example.com","paths":[]}],"tls":[]}` | TODO: This is untested | +| ingress.annotations | object | `{"alb.ingress.kubernetes.io/scheme":"internet-facing","alb.ingress.kubernetes.io/target-type":"instance","kubernetes.io/ingress.class":"alb"}` | Specify Ingress controller's annotations. | +| ingress.enabled | bool | `false` | Enable using an Ingress controller. | +| ingress.hosts | list | `[{"host":"*","paths":["/"]}]` | Specify what hosts the listener will listen for. -- If external-dns is enabled, then create DNS records for each host entry | +| ingress.tls | list | `[]` | | | initialize_database.enabled | bool | `true` | Create the databases upon install/upgrade. This runs in a distinct job. This is idempotent, but you can disable this if you want. | | migration.enabled | bool | `true` | Perform a DB migration upon install/upgrade. This runs in a distinct job. | | nameOverride | string | `""` | Override name of app | @@ -55,7 +62,7 @@ $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercup | secrets.SECRET_KEY_BASE | string | `"dvPPvOjpgX2Wk8Y3ONrqWsgM9ZtU4sSrs4l/5CFD1sLm4H+CjLU+EidjNGuSz7bz"` | The secret Phoenix uses to sign and encrypt important information | | securityContext | object | `{}` | SecurityContext holds security configuration that will be applied to a container. | | service.port | int | `4000` | | -| service.type | string | `"ClusterIP"` | | +| service.type | string | `"NodePort"` | | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | From 24207ead6c75f61eea6b3da0c220913d533308e8 Mon Sep 17 00:00:00 2001 From: Greg Stephens Date: Sat, 9 Oct 2021 09:51:57 -0700 Subject: [PATCH 3/4] postgresql subchart --- .gitignore | 7 +- README.md | 41 +++++++-- charts/papercups/Chart.yaml | 11 ++- charts/papercups/README.md | 4 +- charts/papercups/templates/_postgres.tpl | 96 ++++++++++++++++++++++ charts/papercups/templates/deployment.yaml | 4 +- charts/papercups/templates/dnsutils.yaml | 16 ++++ charts/papercups/templates/secrets.yaml | 13 ++- charts/papercups/values.yaml | 36 +++++++- 9 files changed, 216 insertions(+), 12 deletions(-) create mode 100644 charts/papercups/templates/_postgres.tpl create mode 100644 charts/papercups/templates/dnsutils.yaml diff --git a/.gitignore b/.gitignore index 72c5f0f..79368b5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,8 @@ helm-docs kubeval -charts/**/rendered/ \ No newline at end of file +charts/**/rendered/ +.vscode +charts/*/charts +charts/*/index.yaml +charts/*/Chart.lock +.history \ No newline at end of file diff --git a/README.md b/README.md index 6d7f60a..eb1c585 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ -# The Papercups Library for Kubernetes -Deploy the Papercups application to Kubernetes +# Papercups Helm Chart for Kubernetes +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/papercups)](https://artifacthub.io/packages/search?repo=papercups) + +Deploy the [Papercups](https://papercups.io) application to Kubernetes ## TL;DR ``` @@ -12,7 +14,36 @@ $ helm repo update - [Kubernetes 1.17.4+](http://kubernetes.io/docs/getting-started-guides/) - [Helm 3.4+](https://github.com/helm/helm#install) -### Add Repo +## Common Settings + +```yml +secrets: + # PUT YOUR OWN SECRET KEYBASE HERE (MUST BE AT LEAST 64 BYTES) + SECRET_KEY_BASE: "dvPPvOjpgX2Wk8Y3ONrqWsgM9ZtU4sSrs4l/5CFD1sLm4H+CjLU+EidjNGuSz7bz" + # -- The connection parameters for ecto to connect to EXTERNAL postgresql + #DATABASE_URL: "ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups" + +## PostgreSQL specific settings (https://hub.helm.sh/charts/bitnami/postgresql/10.3.18) +postgresql: + # -- Install PostgreSQL using subchart + install: true + +global: + postgresql: + enabled: true + + # -- postgresqlUsername which should be used by Rasa to connect to Postgres + postgresqlUsername: "postgres" + + # -- postgresqlPassword is the password which is used when the postgresqlUsername equals "postgres" + postgresqlPassword: "password" + + # -- existingSecret which should be used for the password instead of putting it in the values file + existingSecret: "" + + # -- postgresDatabase which should be used by Papercups + postgresqlDatabase: "papercups" + + # -- servicePort which is used to expose postgres to the other components + servicePort: 5432 ``` -$ helm repo add papercups http://helm.papercups.io/ -``` \ No newline at end of file diff --git a/charts/papercups/Chart.yaml b/charts/papercups/Chart.yaml index 2631781..fcdcb3f 100644 --- a/charts/papercups/Chart.yaml +++ b/charts/papercups/Chart.yaml @@ -4,13 +4,22 @@ description: A Helm chart to deploy the papercups chat server to Kubernetes type: application # This is the chart version. -version: 0.1.3 +version: 0.2.0 # This is the version number of the application being deployed. appVersion: "latest" +dependencies: + - name: postgresql + version: ~10.10.3 + repository: https://charts.bitnami.com/bitnami + condition: postgresql.install + maintainers: - name: jim80net email: jim@ramtank.com url: https://github.com/jim80net +- name: rgstephens + email: greg@udon.org + url: https://github.com/rgstephens icon: https://papercups.io/papercups-v2.svg diff --git a/charts/papercups/README.md b/charts/papercups/README.md index e3d57b8..c4bee01 100644 --- a/charts/papercups/README.md +++ b/charts/papercups/README.md @@ -1,6 +1,7 @@ # Papercups Helm Chart ![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) This chart was designed to deploy [papercups](https://papercups.io) to your Kubernetes cluster. @@ -51,7 +52,7 @@ $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercup | podSecurityContext | object | `{}` | PodSecurityContext holds pod-level security attributes and common container settings. | | replicaCount | int | `1` | Specify the number of papercups instances. | | resources | object | `{}` | Set resources requests / limits for pods. | -| secrets.DATABASE_URL | string | `"ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups"` | The connection parameters for ecto to connect to postgresql | +| secrets.DATABASE_URL | string | `"ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups"` | The connection parameters for ecto to connect to external postgres postgresql | | secrets.SECRET_KEY_BASE | string | `"dvPPvOjpgX2Wk8Y3ONrqWsgM9ZtU4sSrs4l/5CFD1sLm4H+CjLU+EidjNGuSz7bz"` | The secret Phoenix uses to sign and encrypt important information | | securityContext | object | `{}` | SecurityContext holds security configuration that will be applied to a container. | | service.port | int | `4000` | | @@ -60,3 +61,4 @@ $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercup | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints. | +| global.postgresql.enabled | bool | `true` | Deploy Postgresql [subchart](https://hub.helm.sh/charts/bitnami/postgresql/10.3.18) | diff --git a/charts/papercups/templates/_postgres.tpl b/charts/papercups/templates/_postgres.tpl new file mode 100644 index 0000000..81d5c62 --- /dev/null +++ b/charts/papercups/templates/_postgres.tpl @@ -0,0 +1,96 @@ +{{/* +Return the postgresql host. +*/}} +{{- define "papercups.psql.host" -}} + {{- if .Values.postgresql.install -}} + {{- template "papercups.psql.fullname" . -}} + {{- else if .Values.postgresql.external.enabled -}} + {{- .Values.postgresql.external.host -}} + {{- end -}} +{{- end -}} + +{{/* +Override the fullname template of the subchart. +*/}} +{{- define "papercups.psql.fullname" -}} +{{- printf "%s-postgresql" .Release.Name -}} +{{- end -}} + +{{/* +Return the db database name. +*/}} +{{- define "papercups.psql.database" -}} +{{- coalesce .databaseName .Values.global.postgresql.postgresqlDatabase "papercups" -}} +{{- end -}} + +{{/* +Return the db username. +*/}} +{{- define "papercups.psql.username" -}} +{{- coalesce .Values.global.postgresql.postgresqlUsername "papercups" -}} +{{- end -}} + +{{/* +Return the db port. +*/}} +{{- define "papercups.psql.port" -}} +{{- coalesce .Values.global.postgresql.servicePort 5432 -}} +{{- end -}} + +{{/* +Return the secret name. +*/}} +{{- define "papercups.psql.password.secret" -}} +{{- default (include "papercups.psql.fullname" .) .Values.global.postgresql.existingSecret | quote -}} +{{- end -}} + + +{{/* +Return the name of the key in a secret that contains the postgres password. +*/}} +{{- define "papercups.psql.password.key" -}} + {{- if .Values.postgresql.existingSecretKey -}} + {{- .Values.postgresql.existingSecretKey -}} + {{- else if (not (eq .Values.global.postgresql.postgresqlUsername "postgres")) -}} +postgresql-postgres-password + {{- else -}} +postgresql-password + {{- end -}} +{{- end -}} + +{{/* +Determine if PostgreSQL is available +*/}} +{{- define "papercups.psql.available" -}} +{{- if or .Values.postgresql.external.enabled .Values.postgresql.install -}} +{{- print "true" -}} +{{- else -}} +{{- print "false" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the common database env variables. + value: {{- print "ecto://" .Values.global.postgresql.postgresqlUsername -}} + #value: "ecto://{{ .Values.global.postgresql.postgresqlUsername }}:{{ .Values.global.postgresql.postgresqlPassword }}@papercups-postgresql.default.svc.cluster.local/{{ .Values.global.postgresql.postgresqlDatabase }}" +*/}} +{{- define "papercups.psql.envs" -}} +- name: "DB_USER" + value: "{{ template "papercups.psql.username" . }}" +- name: "DB_HOST" + value: "{{ template "papercups.psql.host" . }}" +- name: "DB_PORT" + value: "{{ template "papercups.psql.port" . }}" +- name: "DB_DATABASE" + value: "{{ template "papercups.psql.database" . }}" +- name: "DB_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ template "papercups.psql.password.secret" . }} + key: {{ template "papercups.psql.password.key" . }} +#- name: "DATABASE_URL" +# valueFrom: +# secretKeyRef: +# name: {{ template "papercups.psql.password.secret" . }} +# key: {{ template "papercups.psql.password.key" . }} +{{- end -}} diff --git a/charts/papercups/templates/deployment.yaml b/charts/papercups/templates/deployment.yaml index c4d679f..1d0447e 100644 --- a/charts/papercups/templates/deployment.yaml +++ b/charts/papercups/templates/deployment.yaml @@ -57,12 +57,14 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} {{- if or ($.Values.configMap) ($.Values.secrets) }} + env: + {{- include "papercups.psql.envs" . | nindent 12 }} envFrom: {{- if $.Values.configMap }} - configMapRef: name: {{ template "papercups.fullname" $ }} {{- end }} - {{- if $.Values.secrets }} + {{- if or $.Values.secrets $.Values.global.postgresql }} - secretRef: name: {{ template "papercups.fullname" $ }} {{- end }} diff --git a/charts/papercups/templates/dnsutils.yaml b/charts/papercups/templates/dnsutils.yaml new file mode 100644 index 0000000..bdbb70f --- /dev/null +++ b/charts/papercups/templates/dnsutils.yaml @@ -0,0 +1,16 @@ +{{- if .Values.dnsutils.install -}} +apiVersion: v1 +kind: Pod +metadata: + name: dnsutils + namespace: default +spec: + containers: + - name: dnsutils + image: gcr.io/kubernetes-e2e-test-images/dnsutils:1.3 + command: + - sleep + - "3600" + imagePullPolicy: IfNotPresent + restartPolicy: Always +{{- end }} \ No newline at end of file diff --git a/charts/papercups/templates/secrets.yaml b/charts/papercups/templates/secrets.yaml index 1b7e6be..dd711d9 100644 --- a/charts/papercups/templates/secrets.yaml +++ b/charts/papercups/templates/secrets.yaml @@ -1,4 +1,3 @@ -{{- if .Values.secrets }} apiVersion: v1 kind: Secret metadata: @@ -7,7 +6,17 @@ metadata: {{- include "papercups.labels" . | nindent 4 }} type: Opaque data: +{{- $db_host := include "papercups.psql.host" . -}} +{{- $db_name := coalesce .databaseName .Values.global.postgresql.postgresqlDatabase "papercups" -}} +{{- $db_user := coalesce .Values.global.postgresql.postgresqlUsername "papercups" -}} +{{- $db_password := coalesce .Values.global.postgresql.postgresqlPassword "changeit" -}} +{{- $db_url := printf "ecto://%s:%s@%s.default.svc.cluster.local/%s" $db_user $db_password $db_host $db_name -}} +{{- if .Values.secrets }} {{- range $key, $value := .Values.secrets }} {{ $key }}: {{ default "MISSING" $value | b64enc | quote }} {{- end }} -{{- end}} \ No newline at end of file +{{- end }} +{{- if and .Values.global.postgresql (not .Values.secrets.DATABASE_URL) }} +# DATABASE_URL_ASCII: {{ $db_url | quote }} + DATABASE_URL: {{ $db_url | b64enc | quote }} +{{ end }} diff --git a/charts/papercups/values.yaml b/charts/papercups/values.yaml index d76bee3..bddd628 100644 --- a/charts/papercups/values.yaml +++ b/charts/papercups/values.yaml @@ -106,7 +106,7 @@ secrets: # -- The secret Phoenix uses to sign and encrypt important information SECRET_KEY_BASE: "dvPPvOjpgX2Wk8Y3ONrqWsgM9ZtU4sSrs4l/5CFD1sLm4H+CjLU+EidjNGuSz7bz" # -- The connection parameters for ecto to connect to postgresql - DATABASE_URL: "ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups" + #DATABASE_URL: "ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups" migration: # -- Perform a DB migration upon install/upgrade. This runs in a distinct job. @@ -116,3 +116,37 @@ initialize_database: # -- Create the databases upon install/upgrade. This runs in a distinct job. # This is idempotent, but you can disable this if you want. enabled: true + +## PostgreSQL specific settings (https://hub.helm.sh/charts/bitnami/postgresql/10.3.18) +postgresql: + # -- Install PostgreSQL + install: true + + ## Use external PostgreSQL installation + ## This section is not a part of the PostgreSQL subchart + external: + # -- Determine if use an external PostgreSQL host + enabled: false + + # -- External PostgreSQL hostname + ## The host value is accessible via the `${DB_HOST}` environment variable + host: "external-postgresql" + +global: + postgresql: + enabled: true + + # -- postgresqlUsername which should be used by Rasa to connect to Postgres + postgresqlUsername: "postgres" + + # -- postgresqlPassword is the password which is used when the postgresqlUsername equals "postgres" + postgresqlPassword: "password" + + # -- existingSecret which should be used for the password instead of putting it in the values file + existingSecret: "" + + # -- postgresDatabase which should be used by Papercups + postgresqlDatabase: "papercups" + + # -- servicePort which is used to expose postgres to the other components + servicePort: 5432 From 9879a65ba72cb1b40917d3e63c1ffa68e65bbd95 Mon Sep 17 00:00:00 2001 From: Greg Stephens Date: Thu, 14 Oct 2021 21:32:20 -0700 Subject: [PATCH 4/4] fix db_url namespace setting --- charts/papercups/templates/dnsutils.yaml | 2 +- charts/papercups/templates/secrets.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/papercups/templates/dnsutils.yaml b/charts/papercups/templates/dnsutils.yaml index bdbb70f..e4de58a 100644 --- a/charts/papercups/templates/dnsutils.yaml +++ b/charts/papercups/templates/dnsutils.yaml @@ -1,4 +1,4 @@ -{{- if .Values.dnsutils.install -}} +{{- if (.Values.dnsutils).install -}} apiVersion: v1 kind: Pod metadata: diff --git a/charts/papercups/templates/secrets.yaml b/charts/papercups/templates/secrets.yaml index dd711d9..1b80a7a 100644 --- a/charts/papercups/templates/secrets.yaml +++ b/charts/papercups/templates/secrets.yaml @@ -10,7 +10,7 @@ data: {{- $db_name := coalesce .databaseName .Values.global.postgresql.postgresqlDatabase "papercups" -}} {{- $db_user := coalesce .Values.global.postgresql.postgresqlUsername "papercups" -}} {{- $db_password := coalesce .Values.global.postgresql.postgresqlPassword "changeit" -}} -{{- $db_url := printf "ecto://%s:%s@%s.default.svc.cluster.local/%s" $db_user $db_password $db_host $db_name -}} +{{- $db_url := printf "ecto://%s:%s@%s.%s.svc.cluster.local/%s" $db_user $db_password $db_host .Release.Namespace $db_name -}} {{- if .Values.secrets }} {{- range $key, $value := .Values.secrets }} {{ $key }}: {{ default "MISSING" $value | b64enc | quote }}