Feature Request: Enable helm.valuesFrom[*].secretKeyRef for Cluster API via Fleet

[atsai1220]

Is your feature request related to a problem?

I'm unable to use Fleet to deploy external cloud providers (as GitRepo objects) to Fleet generated clusters because the nodes are created with the taint node.cloudprovider.kubernetes.io/uninitialized:NoSchedule during initialization when kubelet has the flag --cloud-provider=external.

Fleet-agent does not tolerate that taint so I'm unable to use GitRepo and ExternalSecrets to provide the necessary credentials via Fleet CI/CD. Fleet CI/CD does not apply valuesFrom so I'm also unable to provide the necessary credentials to the cluster via Helm values of a chart that deploys cluster.provisioning objects.

In the documentation here, under the title Deploying Clusters from a Template with Fleet, it says

All values must be set in the values.yaml of the template.

Solution you'd like

It would be great if I can deploy my cluster.provisioning objects along with secrets as a Helm chart to the fleet-local namespace and Fleet will populate the Helm values with contents from the secret using the existing valuesFrom feature.

Alternatives you've considered

I've considered using ArgoCD to deploy cluster.provisioning objects and the helm-secrets plugin to dynamically inject secrets into Helm values but this can be problematic when ArgoCD is referencing an external Helm Chart.

Anything else?

No response