Using an existing Kubernetes Secret for Harbor internal database password with Helm & ArgoCD

[morganbasset]

Hi,

I'm deploying Harbor using GitOps with ArgoCD and the official Helm chart.

I would like to define the internal database password using a pre-existing Kubernetes Secret, rather than storing the password directly in my values.yaml, which is versioned in Git.

I noticed that the _helpers.tpl template (specifically harbor.database.rawPassword) appears to support reading the password from an existing secret. However, the chart still creates the -database secret during deployment, which ends up overwriting the one I create beforehand.

Is there a recommended way to disable the creation of the database secret when providing it externally, or a better approach to securely reference an existing secret for the internal database password?

Thanks in advance!

[pat-s]

I've forked the chart and completely refactored the secret handling. It might solve your reported issue.

[MinerYang]

Hi @morganbasset ,

What is your in-place secret key and is it within the same namespace of harbor instance?

[morganbasset]

Hi @MinerYang
The secret is in the same namespace of harbor instance with the secret key "password"

[cest-pas-faux]

Are you looking into this ? #1783

[github-actions]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

[github-actions]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.