The naive, first implementation pushed for s3-operator chart only allowed to set the S3 access key and secret key directly in the values.yaml file, which basically makes them readable by anyone with rights on the kubernetes cluster.
This PR adds the "existing secret" pattern, which allows referencing a secret instead of defining the keys directly. While a k8s secret by itself is not terribly secure, it allows using other tools like Sealed Secrets to further protect these keys.
Totally unrelated to this, the PR also adds an imagePullPolicy parameter to the deployment template and values.yaml file, as we needed it to force the pull of inseefrlab/s3-operator while testing.
The naive, first implementation pushed for s3-operator chart only allowed to set the S3 access key and secret key directly in the
values.yaml
file, which basically makes them readable by anyone with rights on the kubernetes cluster.This PR adds the "existing secret" pattern, which allows referencing a secret instead of defining the keys directly. While a k8s secret by itself is not terribly secure, it allows using other tools like Sealed Secrets to further protect these keys.
Totally unrelated to this, the PR also adds an
imagePullPolicy
parameter to the deployment template andvalues.yaml
file, as we needed it to force the pull of inseefrlab/s3-operator while testing.