apiVersion: v1
kind: Secret
metadata:
  name: {{ include "exam.fullname" . }}-secrets
  labels:
  {{- include "exam.labels" . | nindent 4 }}
data:
  {{- range $key, $val := .Values.secrets }}
  {{ $key }}: {{ required "A value is required, configure .Values.secrets or create secrets.yaml" $val | b64enc | quote }}
  {{- end }}
type: Opaque
---
{{- if .Values.ingress.ssl.enabled }}
{{- $secretName := printf "%s-crt" (include "exam.fullname" .) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ $secretName }}
  labels:
  {{- include "exam.labels" . | nindent 4 }}
type: kubernetes.io/tls
data:
{{- if (include "exam.createTlsSecret" . ) }}
  {{- $ca := genCA "ingress-ca" 365 }}
  {{- $fullname := (include "exam.host" . ) }}
  {{- $cert := genSignedCert $fullname nil nil 365 $ca }}
  tls.crt: {{ include "exam.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
  tls.key: {{ include "exam.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
  ca.crt: {{ include "exam.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- else }}
  tls.crt: {{ .Files.Get $.Values.ingress.ssl.cert | b64enc | quote }}
  tls.key: {{ .Files.Get $.Values.ingress.ssl.key | b64enc | quote }}
{{- end }}
{{- end }}