Support vector chart using existing `Secret` instead of supplying secrets contents to`secrets.generic` value

[ktmq]

The vector chart currently requires you to supply the Secret contents through Helm values, so the chart creates and manages the secrets that vector depends on: https://github.com/vectordotdev/helm-charts/blob/develop/charts/vector/values.yaml#L46-L55

It is useful for charts to provide the option to rely on an existing Secret in the namespace, so the user can manage secrets outside of Helm (e.g., through kubernetes-external-secrets) and not have to worry about the security implications of passing the secret at helm install time, and risking accidentally committing the value to Github.

Example of using a pre-existing secret: https://github.com/DataDog/helm-charts/blob/main/charts/datadog/values.yaml#L29-L31

[spencergilbert]

Hi! It's not a requirement per se, and it was added to have similar behavior to the Datadog chart:

helm install <RELEASE_NAME> \
    --set datadog.apiKey=<DATADOG_API_KEY> datadog/datadog

vs

helm install vector vector/vector --namespace vector --create-namespace \
    --values examples/datadog-values.yaml  --set secrets.generic.datadog_api_key="${DATADOG_API_KEY}"

(ref)

Using existing secrets is supported today just by using the env key:

env:
  - name: DATADOG_API_KEY
    valueFrom:
      secretKeyRef:
        name: <existing_secret>
        key: datadog_api_key

From what I can tell, the Datadog chart uses datadog.apiKey or datadog.apiKeyExistingSecret always to inject the environment variable. Since not all Vector deployments require the use of secrets, I see less of an opportunity to "hard code" this.

@ktmq, if env doesn't cover your requirements, what sort of interface would you like to see here?

[ktmq]

Oh! I totally missed that I could use env 😅 That should be perfect. I'll try that out, thanks so much @spencergilbert !

Edit: setting via env worked great :) thanks again!