[bitnami/schema-registry] Add value to use existing secret for external Kafka SASL

[vikiscience]

Name and Version

bitnami/schema-registry 11.0.0

What is the problem this feature will solve?

The password for external Kafka SASL authentication is set as plaintext value in the Helm chart: https://github.com/bitnami/charts/blob/main/bitnami/schema-registry/values.yaml#L673

While there is a mechanism to use an existing secret, which is implemented here: https://github.com/bitnami/charts/blob/main/bitnami/schema-registry/templates/external-kafka-secrets.yaml#L20

However, this mechanism does not work, if a Helm chart is installed from templates, as e.g. ArgoCD does, because the lookup function from common.secrets.passwords.manage does not work there, and so the existing secret is never used.

Thus, the only way to set a correct password is to have it plaintext in values.yaml file in a GitOps repo, which is not a great choice from security perspective.

What is the feature you are proposing to solve the problem?

Please add a value existingSecret, analogous to this: https://github.com/bitnami/charts/blob/main/bitnami/kafka/values.yaml#L293

and add a condition for external-kafka-secrets.yaml to be created only if this value is not set.

P.S.: I can contribute the PR if needed, the change itself is small (~ 3 LOC)...

What alternatives have you considered?

No response

[carrodher]

Thanks for reporting this issue. Would you like to contribute by creating a PR to solve the issue? The Bitnami team will be happy to review it and provide feedback. Here you can find the contributing guidelines.

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.