[Helm Chart] Allow external secret for secretFiles

[loicalbertin]

Hi 👋

Context: I want to deploy Zot using a GitOps tool (I'm using Rancher Fleet).

Issue: The Helm config will be stored into Git. With the current Zot Helm chart I should store the secretFiles unencrypted into my git repo. This is problematic to me.

Having secrets into Git repo is a well-known issue when dealing with GitOps.
Personally I use Sops + a Kubernetes Operator to deal with it and store my secrets encrypted in the Git repo.

So I will be able to pre-generate a secret similar to the one generated by the Helm chart using the value of secretFiles prior to the chart deployment.

What is missing for me in the Zot Helm is either:

• a way to specify the name of a secret to be mounted in the container in place of the secret generated by the chart
• or just not generating the secret for secretFiles if a secret of the same name already exits (I will manage to create a secret with the correct name)

What do you think about this?

[rchincha]

@loicalbertin,
zot helm charts are here: https://github.com/project-zot/helm-charts
We will take a stab at this.
Of course, PRs always welcome and encouraged - in fact, that is how the original chart has evolved.

cc: @Andreea-Lupu

[loicalbertin]

Hi,

In fact I already opened a PR on Zot chart for a simpler use case.

For this one, as there are different ways to implement it, I preferred to discuss it prior to open a PR...

[rchincha]

Agreed, pls. file an issue here: https://github.com/project-zot/helm-charts/issues and we can discuss?

[rchincha]

project-zot/helm-charts#10
fyi ^