1 files changed, 23 insertions, 16 deletions

diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml
index f30d582110..71a89d019b 100644
--- a/kubernetes/common/mariadb-init/templates/secret.yaml
+++ b/kubernetes/common/mariadb-init/templates/secret.yaml
@@ -12,19 +12,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  db-user-password: {{ index .Values.config.userPassword | b64enc | quote }}
-{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
-  {{ printf "db-%s-user-password" $db}}: {{ $dbInfos.password | b64enc | quote }}
-{{ end }}
+{{- define "mariadb-init._update-secrets" -}}
+  {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+{{ printf "- uid: %s" $db }}
+{{ printf "  type: basicAuth" }}
+    {{- if $dbInfos.externalSecret }}
+{{ printf "  externalSecret: %s" $dbInfos.externalSecret }}
+    {{- end }}
+{{ printf "  login: %s" $dbInfos.user }}
+{{ printf "  password: %s" $dbInfos.password }}
+{{ printf "  passwordPolicy: required" }}
+  {{- end -}}
+{{- end -}}
+
+{{ $global := . }}
+{{ $secretsString := .Values.secrets | toYaml | indent 2 }}
+{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }}
+{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace "   -" "  -" }}
+{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }}
+
+{{ $newValues := set $global.Values "secrets" $finalSecrets }}
+{{ $tmpGlobal := set $global "Values" $newValues }}
+
+{{ include "common.secret" $tmpGlobal }}