Open aresfkonrad opened 1 month ago
I think a less intrusive solution would be to allow passing arbitrary env variables to the operator deployment, this is what is done for all other deployment and would allow you to set the API key or basic auth env variable to anything: other env variables, secret or config map, ...
@loicmathieu that should be fine as well.
Feature description
As of now, the kestra operator does not allow the direct use of secrets for its configuration:
https://github.com/kestra-io/helm-charts/blob/0d3cff853315b91e8b5bbe46e14a14e66393cfce/charts/kestra/templates/operator.yaml#L249
For other components, we could figure out a hacky way to use existingSecrets for the super admin account:
for the kestra-ee license the following way:
etc.
Unfortunately, this does not seem to work with the operator. We can set the variable only as a text based value - or leave it unset. We cannot redefine the environment variable on our own either, because we cannot provide any
extraEnv
-Style environment variable overrides.A more elegant solution for all of these cases would be to allow the user to choose between a deployment using existingSecret and a deployment using plain strings. I found a relatively simple example here: https://stackoverflow.com/questions/74739625/can-we-define-env-variable-in-the-helm-charts-only-if-secrets-are-provisioned
The situation with Postgres and Minio is a little more complex since the secret is cross referenced between the kestra chart itself and the sub charts. This Feature request does not address the affected secrets on both of those dependencies.
We are looking forward to your opinions on that topic.
Thank you very much.