shmileee
commented
3 years ago +1, would love such implementation.
Open jtackaberry opened 4 years ago
shmileee
commented
3 years ago +1, would love such implementation.
jimsheldon
commented
2 years ago Apologies for the delay on this.
This sounds like a great feature request, but since so much time has passed since August of 2020, I do want to investigate other options before implementing this.
I will get back to you.
sebastiangaiser
commented
2 years ago I've implemented that via Sealed Secrets which is added via extraSecretNamesForEnvFrom.
jtackaberry
commented
2 years ago Sealed Secrets is one very specific and opinionated approach. The request here is first of all to ensure secret content is stored in the appropriate K8s resource (Secret rather than ConfigMap), and then to provide a mechanism to receive secrets as direct helm chart values and leave it up to the user to manage the input, such as, in my case, using a secrets plugin for Helm.
loeffel-io
commented
2 years ago +1
Values such as
DRONE_DATABASE_SECRET,DRONE_RPC_SECRET,DRONE_GITEA_CLIENT_SECRET(and similar such secrets from other providers) are stored in a ConfigMap rather than a K8s Secret.I understand I can use
extraSecretNamesForEnvFromand pass my own pre-created secret, but of course the value proposition of the Helm chart is that it creates K8s resources for me. I use the Helm Secrets plugin that allows security passing secret values into Helm charts, and I'd prefer to use this mechanism for Drone secrets as well, rather than manually create a secret outside the chart.Perhaps a separate
envSecretsin the Helm chart, to facilitate this? Something like:Or, maybe the chart could be clever enough to automagically place everything matching
*_SECRETinto a k8s secret.Happy to submit a PR if you'd accept it.