kubewatch icon indicating copy to clipboard operation
kubewatch copied to clipboard

Published 20 hours ago verified publisher icon robusta-dev

helm charts not having secretKeyRef usage

Open mrwormhole opened this issue 1 year ago • 2 comments

ideally, helm charts that have sensitive information uses secretKeyRef to decode base64 k8s secret and takes the name of the secret, this improves the usage of helm charts in public gitops based repos which use helm charts.

Can this be added to helm charts?

The best example of it is given here which allows both plain information or secret key reference https://github.com/minio/minio/blob/master/helm/minio/values.yaml#L344-L348

mrwormhole avatar May 20 '23 03:05 mrwormhole

I'm looking at this same issue for both kubewatch and kubernetes-event-exporter https://github.com/resmoio/kubernetes-event-exporter/issues/48 . In both cases the API token (or user/pass etc) is intended to be stored in a ConfigMap.

One strategy I've come across is to store the secrets in CI/CD and pass it in during deployment with envsubst but that's not ideal either.

joshuaganger avatar May 24 '23 19:05 joshuaganger

Hey, we don’t support this yet. Would you be interested in opening a PR for it?

aantn avatar May 27 '23 16:05 aantn