Improve helm secrets template #8598
Conversation
| rootPassword: example | ||
| # custom secret values | ||
| secret: | ||
| rootPassword: null |
There was a problem hiding this comment.
Charts will no longer ship with a dev default value. It must be explicitly provided by the cluster owner if randomizedSecrets=false else helm will error out because of this line
| @@ -11,6 +11,7 @@ data: | |||
| defaultRootPassword: {{ include "common.secrets.set" (dict | |||
| "secret" $secretName | |||
| "key" "defaultRootPassword" | |||
| "default" .Values.node.defaultSecret.defaultRootPassword | |||
| "randomDefault" .Values.global.randomizedSecrets | |||
There was a problem hiding this comment.
MAYBE: it would be good to setup application level secret randomization
instead of global.randomizedSecrets.
it could be
.Values.global.node.randomizedSecrets
Where for example if users , need to set a custom secret only for syft container, they could do it easily.
There was a problem hiding this comment.
This could be done similarly for mongo, seaweedfs
There was a problem hiding this comment.
Hmm ... looks like it didn't get pushed
There was a problem hiding this comment.
Where for example if users , need to set a custom secret only for syft container, they could do it easily.
for that they can use what you had implemented, provide a custom Secret and use it through values.backend.secretKeyName.
Description
Part of https://github.com/OpenMined/Heartbeat/issues/1113
global.useDefaultSecretsis changed toglobal.randomizedSecrets.common.secrets.setis should be a bit more clear when dealing with using generated passwords vs. default static passwordspackages/grid/helm/values.dev.yamlwhich includes the dev secretsAffected Dependencies
List any dependencies that are required for this change.
How has this been tested?
Checklist