mercure icon indicating copy to clipboard operation
mercure copied to clipboard

Published 20 hours ago • verified publisher icon dunglas

Allow passing existing secret in helm chart values

Open Julian-Louis opened this issue 1 year ago • 10 comments

Hello 👋 This pull request will allow passing an existing secret name into the helm chart values. This is useful when using the GitOps approach, where values need to be committed to a git repository.

Related issues:

  • https://github.com/dunglas/mercure/issues/771

Julian-Louis avatar Sep 18 '23 13:09 Julian-Louis

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Sep 18 '23 13:09 CLAassistant

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Dec 15 '23 06:12 stale[bot]

Hello, why it has been closed ? as stated this would be usefull to work with tools like eso

VincentDugard avatar Apr 08 '24 13:04 VincentDugard

Hello @VincentDugard I didn't get any feedback, so I figured my pr wasn't very useful for this project.

Julian-Louis avatar Apr 08 '24 16:04 Julian-Louis

Sorry about that @Julian-Louis. We need to check if it's the "correct" (standard) way according to current Helm best practices and haven't had the time to do it so far.

dunglas avatar Apr 08 '24 17:04 dunglas

@Julian-Louis do you have any example of an "official" (or Bitnami) chart, or a link pointing to the relevant documentation entry? It looks weird to me to allow to entirely bypass the values system.

dunglas avatar Apr 09 '24 08:04 dunglas

@dunglas There are multiple bitnami charts that use this system. For exemple in the postgresql chart , you can provide an existing secrets for postgres credentials. There is also the possibility to override key name in the secret.

edit : In this PR the existing secret override all secrets. It may be better to be able to provide an existing secret only for jwt

VincentDugard avatar Apr 09 '24 09:04 VincentDugard

Indeed, to me, it makes more sense to allow this for the JWTs!

dunglas avatar Apr 09 '24 09:04 dunglas

Why not to just allow to add an extra secret to the env? So the deployment needs only a new envFrom at the end and the user can create a secret with only the two subscriberJWT and publisherJWT keys

          env:
            # keep env as is
            # ...
          # allow to overwrite config
          envFrom:
            - secretRef:
                name: the-user-secret-with-the-keys-he-wants-to-overwrite

JoniJnm avatar Apr 10 '24 15:04 JoniJnm

Hi @dunglas, Do you have any reason not to merge it?

We also want to keep the same JWT key between deployments with ArgoCD using our external-secret system. This would allow us to use an existing secret in our cluster, which is a must-have feature.

lerminou avatar Jun 26 '24 13:06 lerminou

Thanks!

dunglas avatar Jul 09 '24 23:07 dunglas

Hi @dunglas ,

Could you prepare a new release on the helm chart to adapt this change?

janosmiko avatar Aug 05 '24 09:08 janosmiko