holms
commented
1 year ago I'll close this because.. just having any helm-chart is more than a dream in here.
Closed holms closed 1 year ago
holms
commented
1 year ago I'll close this because.. just having any helm-chart is more than a dream in here.
I'm actually heavily confused why there's a secret generated in chart template and secret string is just being passed as variable in open form? When you describe the deployment with kubectl, you'll expose the secret to all admins who manages kubernetes. This is not wrong. I have SRE who doesn't have access to view secrets, but have access to describe deployments. In terraform this secret string could be passed securely, but this violates pretty much basic security standards.
In this there's a need to have a secret in place already. So why not to do it this way?
https://github.com/cloudflare/argo-tunnel-examples/blob/86a2dccc880669ef3b5f9f2e6c2f034242c08f12/helm/cloudflare-tunnel/templates/secret.yaml#L4-L16