vmware-tanzu
[velero] Support for Multiple Secrets
Special notes for your reviewer:
- Bump chart version from 11.0.0 to 12.0.0
- Replace
secretContentswithextraSecretsarray to allow multiple secrets - Update templates to handle new credentials format
- Update README with instructions for upgrading and securing Restic passwords
- Adjust test values to match new secret structure
- Move secret env vars to helper template
Fixes #268
Checklist
- [x] DCO signed
- [x] Chart Version bumped, please refer to the chart version instruction
- [x] Variables are documented in the values.yaml or README.md
- [x] Title of the PR starts with chart name (e.g.
[velero])
Hello @jenting, hello @ywk253100, can you tell me what needs to be done to get this pull request merged please?
Is it a good idea to even allow to specify secret values in plain text? Besides you can easily add secrets via .Values.extraObjects and then reference them in BackupStorageLocation. As for Restic/Kopia password I guess you can also use .Values.extraObjects, but I think is meant to be deployed outside of the chart
Is it a good idea to even allow to specify secret values in plain text?
No, you should use tools like SOPS to encrypt your secrets in configuration.
Besides you can easily add secrets via
.Values.extraObjectsand then reference them inBackupStorageLocation. As for Restic/Kopia password I guess you can also use.Values.extraObjects, but I think is meant to be deployed outside of the chart
If you use .Values.extraObjects, these objects are missing the generated annotations by Helm then.