Use existing secrets about helm3-charts HOT 3 OPEN

To use the chart at the moment it's necessary to pass the encoded licence as a value and the chart creates the secret for you. But this means that whatever deploys the chart has to have access to the licence.

I would like to provision the secret separately, without this chart, and then just specify which existing secret should be used for the licence. This makes it easier to handle secrets like licences securely.

from helm3-charts.

the config.yml is already in the config map and the secret is available for what you want to use it for unless I'M MISSING SOMETHING

from helm3-charts.

I have a use-case as well. We want to store the license in something external, and use the CSI Secrets-Store driver to map that secret into Kubernetes. The Nexus application charts would just need to cater for user-defined volume mounts and volumes.

An example of how this is implemented is on the SonarQube helm chart:
Values file: https://github.com/SonarSource/helm-chart-sonarqube/blob/master/charts/sonarqube/values.yaml#L345
Deployment template: https://github.com/SonarSource/helm-chart-sonarqube/blob/master/charts/sonarqube/templates/deployment.yaml#L281

The way this works (using the CSI secrets store driver as an example) from a user's perspective is to define a SecretProviderClass, and then define volume a mount like so:

volumes:
      - name: sonarqube-sonarqube
        csi:
          driver: secrets-store.csi.k8s.io
          readOnly: true
          volumeAttributes:
            secretProviderClass: "sonarqube-deployment"
mounts:
      - name: sonarqube-sonarqube
        mountPath: "/mnt/secrets-store"
        readOnly: true

from helm3-charts.