Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret value not transferred to output values.yaml #103

Open
Vaintti opened this issue Apr 5, 2023 · 9 comments
Open

Secret value not transferred to output values.yaml #103

Vaintti opened this issue Apr 5, 2023 · 9 comments

Comments

@Vaintti
Copy link

Vaintti commented Apr 5, 2023

I have a secret defined in a kubernetes yaml file but the value doesn't get transferred to generated values.yaml file

Input

apiVersion: v1
kind: Secret
metadata:
  name: db-password
type: Opaque
data:
  password: c3VwZXJzZWNyZXRwYXNzd29yZAo=

Output

dbPassword:
  password: ""
kubernetesClusterDomain: cluster.local

Expected output

dbPassword:
  password: "supersecretpassword"
kubernetesClusterDomain: cluster.local
@Vaintti Vaintti closed this as not planned Won't fix, can't repro, duplicate, stale Apr 5, 2023
@Vaintti Vaintti reopened this Apr 5, 2023
@arttor
Copy link
Owner

arttor commented Apr 5, 2023

Hi @Vaintti, thank you for the question. This was done on purpose. In most cases, generated chart will be stored in git. In this case, it is not a good idea to have secrets in values.yaml. So secretes are omitted from values.yaml and marked as required in a template to force chart user to provide it as flags in helm install.

@Vaintti
Copy link
Author

Vaintti commented Apr 5, 2023

Just thinking if this should be made possible with a flag. --use-unsafe-secrets or something to make it clear it's not the safest of practices

@arttor
Copy link
Owner

arttor commented Apr 6, 2023

I agree that it is inconvenient but it is true for all security measures. I suggest not implementing this option right now. But we can do so if we have more votes for this feature.

@vmath3us
Copy link

vmath3us commented Aug 4, 2023

I'm interested. My use case would be something like:
Take a single kubernetes.yaml coming from the repository, concatenate it with a local secret.yaml, run helmify, and apply the resulting helmchart. It would be useful in airgaped scenarios

@saper44rus
Copy link

+1

@maobuji
Copy link

maobuji commented Dec 15, 2023

In most cases, using a template is the correct approach. However, in some cases, I require an instance configuration that can be used for quick conversion and unified management. In such cases, I prefer the configuration to remain as close to the original as possible, so that I can use it quickly.

I suggest splitting it into different modes. This can help avoid similar issues from occurring.

@rcaballeron
Copy link

+1
I’m supporting this feature as well. In my case, the secrets are already encrypted using SOPS so that it isn’t a problem at all to commit them to the remote repo. Indeed, as part of our gitops setup, it’s expected to have them committed. It will be great to have such feature.

@arttor
Copy link
Owner

arttor commented Nov 16, 2024

can this feature be covered by external secrets #152?

@rcaballeron
Copy link

Hi Artem,
I think that it could work. The main idea is to transfer the existing values in the secrets to the generated helm values.yaml file. If that is achieved by implementing #152, this use case is covered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rcaballeron @Vaintti @arttor @maobuji @saper44rus @vmath3us