mohamed-essam
commented
9 months ago I've gone through the helm docs for plugins and the Helm source code as well, I don't see any way for plugins to manipulate templates generated by helm install or helm upgrade, helm plugins seem to be addons that have nothing to do with Helm itself.
The only way for this to work using Helm plugins would be to have the plugin itself call helm template and then modify the returned values and then apply them manually, but that would interfere with the way Helm manages releases and such and would practically remove the point of it.
My current work around is the same as your second alternative, but until Helm implements the ability for a plugin to edit manifests during install and upgrade that's all we can do.
Which component:
N/A
Is your feature request related to a problem? Please describe.
When I use Helm charts to deploy (or rendering the templates for later deploying) certain apps, I need to perform complementary steps to manage the secrets shipped on these charts with Sealed Secrets.
Describe the solution you'd like
I'd like the Sealed Secrets team to develop some plugin for Helm that extends the
helm install,helm template&helm upgradecommands with new flags for configuring how to encrypt secrets shipped on a chart with Sealed Secrets (--sealed-secrets-controller-name,--sealed-secrets-controller-namespace,sealed-secrets-cert, etc.).This plugin should allow
helmto automatically encrypt secrets using Kubeseal libraries & introducing the steps below in the mentioned Helm commands workflows:Describe alternatives you've considered
There are two main approaches to deal with this without the requested plugin:
helm template ...) -> Manually encrypt resulting secrets with Kubeseal -> Manually deploy manifests replacing secrets manifests with corresponding sealed-secrets ones.Additional context
N/A