Support pre-existing kubernetes secrets

sonatype / nxrm3-ha-repository

Repository for YAML configuration files for Nexus Repository Manager High Availability Feature

16 stars 17 forks source link

Support pre-existing kubernetes secrets #61

Open renesch-de opened 5 months ago

renesch-de commented 5 months ago

Currently, two option exist for referencing the License-File and DB-/Admin-credentials:

Via the secrets-store.csi.x-k8s.io/v1 API.
As a Kubernetes secret, directly created by the Helm-Chart.

It would be helpful to introduce a third option where a pre-existing Kubernetes secret can be referenced. This would be beneficial when other Azure Key-Vault synchronization mechanisms are in use, like akv2k8s (https://akv2k8s.io/).

snakebyte91 commented 5 months ago

We use the external secrets operator to manage our kubernetes secrets. The reference of existing secrets would help us.

snakebyte91 commented 4 months ago

Workaround for pre-existing secrets:

nameOverride: nexus-ha
secret:
  license:
    name: license.lic
    licenseSecret:
      mountPath: /etc/nexus-license/
statefulset:
  additionalVolumes:
    - name: nexus-pro-license
      secret:
        secretName: nexus-pro-license
  additionalVolumeMounts:
    - name: nexus-pro-license
      mountPath: /etc/nexus-license/
      readOnly: true

Create the secrets nexus-ha-adminsecret and nexus-ha-dbsecret. This could be done by a tool of your choice or manually. The prefix nexus-ha is taken from nameOverride.

bobotimi commented 4 months ago

We have some work in progress to support external-secret operator: https://github.com/sonatype/nxrm3-ha-repository/pull/66