search

vsphere-tmm / helm-charts

A repository of unofficial helm charts for vSphere components
https://vsphere-tmm.github.io/helm-charts/
21 stars 27 forks source link

vsphere-csi: Optional use existing secret #38

Closed ErikLundJensen closed 2 years ago

ErikLundJensen commented 2 years ago

Currently the vsphere-csi chart only supports password in clear text from Helm values. https://github.com/vsphere-tmm/helm-charts/blob/296619a452f71c894a27a1ebaa865171f2fcdf07/charts/vsphere-csi/templates/secret.yaml#L16

Either the chart either should support secretName as the vsphere-cpi chart or it should support using an existing secret. The later solution is probably more easy to implement.

vsphere-cpi usage of ConfigMap with references to secret: https://github.com/vsphere-tmm/helm-charts/blob/296619a452f71c894a27a1ebaa865171f2fcdf07/charts/vsphere-cpi/templates/configmap.yaml#L16

ErikLundJensen commented 2 years ago

A work-a-round for this is to inject a secret containing the credentials. That is create secret:

apiVersion: v1
kind: Secret
metadata:
  name: vsphere-csi-credentials
  namespace: vmware-system-csi
type: Opaque
stringData:
  VSPHERE_USER: "myuser"
  VSPHERE_PASSWORD: "mypassword"

and then in values.yaml refer to the secret. Only the controller and syncer need the password from the secret (as far as I can see).

          controller:
            extraEnvVarsSecret: vsphere-csi-credentials
            syncer:
              extraEnvVarsSecret: vsphere-csi-credentials

If multiple datacenters are defined with different username/password then the environment variables VSPHERE_VCENTER_<id> and VCENTER_<id>_USERand VCENTER_<id>_PASSWORD must be configured in the secret.

Thereby I suggest that we close this issue.