Closed ktmq closed 2 years ago
Hi! It's not a requirement per se, and it was added to have similar behavior to the Datadog chart:
helm install <RELEASE_NAME> \
--set datadog.apiKey=<DATADOG_API_KEY> datadog/datadog
vs
helm install vector vector/vector --namespace vector --create-namespace \
--values examples/datadog-values.yaml --set secrets.generic.datadog_api_key="${DATADOG_API_KEY}"
(ref)
Using existing secrets is supported today just by using the env
key:
env:
- name: DATADOG_API_KEY
valueFrom:
secretKeyRef:
name: <existing_secret>
key: datadog_api_key
From what I can tell, the Datadog chart uses datadog.apiKey
or datadog.apiKeyExistingSecret
always to inject the environment variable. Since not all Vector deployments require the use of secrets, I see less of an opportunity to "hard code" this.
@ktmq, if env
doesn't cover your requirements, what sort of interface would you like to see here?
Oh! I totally missed that I could use env
😅 That should be perfect. I'll try that out, thanks so much @spencergilbert !
Edit: setting via env
worked great :) thanks again!
The
vector
chart currently requires you to supply theSecret
contents through Helm values, so the chart creates and manages the secrets that vector depends on: https://github.com/vectordotdev/helm-charts/blob/develop/charts/vector/values.yaml#L46-L55It is useful for charts to provide the option to rely on an existing
Secret
in the namespace, so the user can manage secrets outside of Helm (e.g., throughkubernetes-external-secrets
) and not have to worry about the security implications of passing the secret athelm install
time, and risking accidentally committing the value to Github.Example of using a pre-existing secret: https://github.com/DataDog/helm-charts/blob/main/charts/datadog/values.yaml#L29-L31