Skip to content

[self-hosted] Set sensitive values via secrets - fixes #3094 #4033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 44 commits into from
Closed

[self-hosted] Set sensitive values via secrets - fixes #3094 #4033

wants to merge 44 commits into from

Conversation

cyrilcros
Copy link

@cyrilcros cyrilcros commented Apr 21, 2021
edited
Loading

Configure the chart via existingSecrets; fixes #3094

  • I fetch values via Helm lookup calls. This is Helm 3 only compatible.
  • I do not alter the templates to use the existing secrets, I fetch from them and let gitpod create (possibly redundant) secrets.
  • In theory you can use secrets gitpod has previously generated as existingSecretNameand be fine.
  • serverProxyApiKey / db.password / components.server.sessionSecret can be set, added via secret with arbitrary key and are autogenerated otherwise
  • rabbitmq secret can be set, assuming username and password are keys in the secret
  • nothing is done for minio secrets because it is a subchart with a April 2021 deprecation warning
  • I haven't touched the Gihub oAuth secret yet; because it is a list it would be messier?

[self-hosted] Set sensitive values via secrets - fixes gitpod-io#3094
d318a89 
- I fetch values via Helm `lookup` calls. This is Helm 3 only compatible.
- I do not alter the templates to use the existing secrets, I fetch from them and let gitpod create (possibly redundant) secrets
- serverProxyApiKey / db.password / components.server.sessionSecret can be set, added via secret with arbitrary key and are autogenerated otherwise
- rabbitmq secret can be set, assuming username and password are keys in the secret
- nothing is done for minio secrets because it is a subchart with a April 2021 deprecation warning
@cyrilcros
Copy link
Author

Putting this in for consideration, I need to properly test all those configurations.

@csweichel
Copy link
Contributor

csweichel commented Apr 22, 2021
edited by werft-gitpod-dev-com bot
Loading

/werft run

👍 started the job as gitpod-build-chart-config-existing-secrets-fork.0

@cyrilcros cyrilcros force-pushed the chart_config_existing_secrets branch from 6422ab4 to 061da1c Compare April 25, 2021 22:24
@cyrilcros cyrilcros force-pushed the chart_config_existing_secrets branch from 626b492 to c155b2a Compare April 25, 2021 22:32
@stale
Copy link

stale bot commented Jul 25, 2021

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the meta: stale This issue/PR is stale and will be closed soon label Jul 25, 2021
@stale stale bot closed this Aug 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
community-contribution meta: stale This issue/PR is stale and will be closed soon
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Helm chart] Configuring sensitive values via secrets
2 participants
@cyrilcros @csweichel