Allow existing secret to be used

zapier / kubechecks

Check your Kubernetes changes before they hit the cluster

https://kubechecks.readthedocs.io/en/latest/

Mozilla Public License 2.0

147 stars 9 forks source link

Allow existing secret to be used #164

Closed pauloconnor closed 5 months ago

pauloconnor commented 5 months ago

This adds the ability to use a secret in the namespace that already exists. For sample, I want to use external-secrets-operator to populate the secret with data from AWS secrets manager, which I can't do with the existing layout.

djeebus commented 5 months ago

Thanks for the PR! What's the difference between this and adding an item to the deployment.envFrom array?

pauloconnor commented 5 months ago

I might be reading it wrong, but envFrom is a clear text field in the Values.yaml. That means you'll have secrets stored in Git.

djeebus commented 5 months ago

Ah, no, envFrom populates the same thing that your new existingSecretName field would support.

In other words, these two values.yaml files would end up with the same content:

current:

deployment:
  envFrom:
    - secretRef:
        name: some-other-secret

PR version:

secrets:
  existingSecretName: some-other-secret

The secrets contained in some-other-secret don't need to be store in git, they refer to the secret that already exists in the cluster.

pauloconnor commented 5 months ago

I really should read manifests more clearly... Apologies for the misopened PR