SealedSecrets support

charts/onechart/templates/deployment.yaml

@@ -47,6 +47,10 @@ spec:
             - secretRef:
                 name: {{ .Release.Name }}
             {{- end }}
+            {{- if .Values.sealedSecrets }}
+            - secretRef:
+                name: {{ .Release.Name }}
+            {{- end }}
           ports:
             - name: http
               containerPort: {{ .Values.containerPort }}

charts/onechart/templates/sealed-secret.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.sealedSecrets }}
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "helm-chart.labels" . | nindent 4 }}
+spec:
+  encryptedData:
+  {{- range $key, $val := .Values.sealedSecrets }}
+    {{ $key }}: {{ $val | quote }}
+  {{- end }}
+  template:
+    metadata:
+      name: {{ .Release.Name }}
+      namespace: {{ .Release.Namespace }}
+{{- end }}

charts/onechart/tests/deployment_secret_test.yaml

@@ -18,3 +18,13 @@ tests:
     asserts:
       - isNull:
           path: spec.template.spec.containers[0].envFrom
+  - it: Should reference secret if sealedSecrets is set
+    set:
+      sealedSecrets:
+        secret1: supersecret
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].envFrom
+          content:
+            secretRef:
+              name: RELEASE-NAME

charts/onechart/tests/sealed_secret_test.yaml

@@ -0,0 +1,15 @@
+suite: test deployment
+templates:
+  - sealed-secret.yaml
+tests:
+  - it: Should put sealed secrets in SealedSecret
+    set:
+      sealedSecrets:
+        var1: value1
+        var2: value2
+    asserts:
+      - equal:
+          path: spec.encryptedData
+          value:
+            var1: value1
+            var2: value2