Skip to content

feat: existingSecrets support, separate-of-concerns enhancements, custom secret field names support #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: existingSecrets support, separate-of-concerns enhancements, custom secret field names support #186

wants to merge 3 commits into from

Conversation

Gridness
Copy link

@Gridness Gridness commented Sep 17, 2025
edited
Loading

This pull request is similar to #185 but it takes things a bit further: it adds the existing secret support and also allows to specify field names in secrets if those are not default. Updates also include separate-of-concerns features, allowing to specify additional secrets containing only credentials for external services. This makes secret management more precise and customizable if the user prefers to work with external secrets. Documentation, templates and values have all been updated to reflect changes. Also fixed a bug found in #185 where if an existing secret was defined, its data wasn't mounted to the deployment and env vars referencing to the auth credentials location inside containers were not created. Also some missing fields in documentation were added

Azure and Swift values were named secretRef instead of exisingSecret to make naming consistent with already present secretRef value for S3 and proxy. At the same time existingSecret value for secrets with authentication credentials was named this way because it was already requested to be named that way (see #58) and because many other helm charts use this name to allow users reference their own secrets instead of using generated ones, so this is a UX reason

Implements #58

Key Changes

  • Added secrets.existingSecret value in values.yaml and documented it in README, allowing users to use an external Kubernetes Secret resource with authentication data for docker registry
  • Added secrets.haSharedSecretKey and secrets.htpasswdKey values to values.yaml and documented them in README, allowing users to specify field names defined in secrets.existingSecret. If none is set, they default to haSharedSecret and htpasswd respectively
  • Added secrets.azure.secretRef value in values.yaml and documented it in README, allowing users to use an external Kubernetes Secret resource with authentication data for azure
  • Added secrets.azure.accountNameKey, secrets.azure.accountKeyKey and secrets.azure.containerKey values to values.yaml and documented them in README, allowing users to specify field names defined in secrets.azure.secretRef. If none is set, they default to accountName, accountKey and container respectively
  • Added secrets.swift.secretRef value in values.yaml and documented it in README, allowing users to use an external Kubernetes Secret resource with authentication data for swift
  • Added secrets.swift.usernameKey and secrets.swift.passwordKey values to values.yaml and documented them in README, allowing users to specify field names defined in secrets.swift.secretRef. If none is set, they default to swiftUsername and swiftPassword respectively
  • Added proxy.usernameKey and proxy.passwordKey values to values.yaml and documented them in README, allowing users to specify field names defined in secrets.existingSecret. If none is set, they default to proxyUsername and proxyPassword respectively

Template and Resource adjustments

  • Modified secret.yaml to only create a new Secret if secrets.existingSecret is not set, preventing duplicate or unnecessary secrets
  • Updated deployment.yaml and cronjob.yaml to only annotate with the secret checksum when a new secret is created, ensuring correct rolling updates

Documentation updates

  • Updated README with new values entries added with this pull request. See Key Changes
  • Added missing entries in README for secrets.haSharedSecret and secrets.azure.*

Version Bump

  • Bumped chart version to 3.1.0 to reflect new features

@Gridness
Added existingSecret functionality to the chart
2dc3fca 
- Added new pre-defined names to helpers to introduce new secrets to deployment to separate concerns
- Implemented the ability to specify existing secret field keys if not default
- Added conditions to checksum annotations in deployment and cronjob if existing secret is used instead of default one
- Bumped chart version to 3.1.0
- Updated README to reflect values structure changes
@Gridness
Fixed chart bugs
3e5d77d 
- Fixed a bug found in pull request twuni#185 where if an existing secret was defined, its data wasn't mounted to the deployment and env vars referencing to the auth credentials location inside containers were not created
- Fixed multiple whitespace and indenation issues during templating when specifying custom fields for existing secrets
@Gridness
Fixed a typo in readme
e42db73
@Gridness Gridness mentioned this pull request Sep 17, 2025
Open
@Gridness Gridness changed the title feat: existingSecrets support, separate-of-concerns enchancements, custom secret field names support feat: existingSecrets support, separate-of-concerns enhancements, custom secret field names support Oct 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Gridness