camunda-platform-helm
camunda-platform-helm copied to clipboard
Published
20 hours ago •
camunda
camunda
[ENHANCEMENT] Inconsistent inputs for existingSecret
Describe the use case:
Hey all, I'm using this ticket as a way of documenting all of the different usages of existingSecret and which format they accept as input. This github issue is for tracking the inconsistency between the different usages.
Existing references
| Path in values.yaml | Expected input | Is subchart |
|---|---|---|
| global.elasticsearch.tls.existingSecret | Name of k8s secret (string) | No |
| global.elasticsearch.auth.existingSecret | Name of k8s secret (string) | No |
| global.opensearch.tls.existingSecret | Name of k8s secret (string) | No |
| global.opensearch.auth.existingSecret | Name of k8s secret (string) | No |
| global.identity.auth.connectors.existingSecret | explicit password (string) or K8s Secret under name subkey (map) | No |
| global.identity.auth.identity.existingSecret | explicit password (string) ONLY | No |
| global.identity.auth.operate.existingSecret | explicit password (string) or K8s Secret under name subkey (map) | No |
| global.identity.auth.tasklist.existingSecret | explicit password (string) or K8s Secret under name subkey (map) | No |
| global.identity.auth.optimize.existingSecret | explicit password (string) or K8s Secret under name subkey (map) | No |
| global.identity.auth.console.existingSecret | explicit password (string) or K8s Secret under name subkey (map) | No |
| global.identity.auth.zeebe.existingSecret | explicit password (string) or K8s Secret under name subkey (map) | No |
| global.identity.auth.connectors.existingSecret | explicit password (string) or K8s Secret under name subkey (map) | No |
| identity.firstUser.existingSecret | Name of k8s secret (string) | No |
| identity.externalDatabase.existingSecret | Name of k8s secret (string) | No |
| connectors.inbound.auth.existingSecret | explicit password (string) ONLY | No |
| webModeler.restapi.externalDatabase.existingSecret | explicit password (string) or K8s Secret under name subkey (map) | No |
| webModeler.restapi.mail.existingSecret | explicit password (string) or K8s Secret under name subkey (map) | No |
Existing references in subcharts
| Path in values.yaml | Expected input | Is subchart |
|---|---|---|
| identityPostgresql.auth.existingSecret | Name of k8s secret (string) | Yes |
| identityKeycloak.auth.existingSecret | Name of k8s secret (string) | Yes |
| postgresql.auth.existingSecret | Name of k8s secret (string) | Yes |
| global.identity.keycloak.auth.existingSecret | Name of k8s secret (string) | Yes |
Describe the enhancement/feature:
Ideally, we should be using the same sort of input formats everywhere, however, we have some limitations:
- It's difficult to configure support for
existingSecretANDexistingSecret.name - We do not get to modify how subcharts specify their own values.yaml's
- Changes we do would be considered a breaking change.
Desired outcome and acceptance tests:
