Values such as DRONE_DATABASE_SECRET, DRONE_RPC_SECRET, DRONE_GITEA_CLIENT_SECRET (and similar such secrets from other providers) are stored in a ConfigMap rather than a K8s Secret.
I understand I can use extraSecretNamesForEnvFrom and pass my own pre-created secret, but of course the value proposition of the Helm chart is that it creates K8s resources for me. I use the Helm Secrets plugin that allows security passing secret values into Helm charts, and I'd prefer to use this mechanism for Drone secrets as well, rather than manually create a secret outside the chart.
Perhaps a separate envSecrets in the Helm chart, to facilitate this? Something like:
env:
DRONE_SERVER_HOST: drone.example.com
DRONE_SERVER_PROTO: https
DRONE_GITEA_SERVER: https://git.examle.com
DRONE_GITEA_CLIENT_ID: 9e145da5-692b-42a1-999b-3f09b103906c
envSecrets:
DRONE_DATABASE_SECRET: d6a7835fd429a27e3f96fc64962f7b0c
DRONE_RPC_SECRET: c9da1cd55e4f57c6026a0cf47d94f5b7
DRONE_GITEA_CLIENT_SECRET: +1dV0BB024M/qkIrwPqO5J27tG7WhOCX3d3tXmqPMes=
Or, maybe the chart could be clever enough to automagically place everything matching *_SECRET into a k8s secret.
Happy to submit a PR if you'd accept it.
Values such as
DRONE_DATABASE_SECRET,DRONE_RPC_SECRET,DRONE_GITEA_CLIENT_SECRET(and similar such secrets from other providers) are stored in a ConfigMap rather than a K8s Secret.I understand I can use
extraSecretNamesForEnvFromand pass my own pre-created secret, but of course the value proposition of the Helm chart is that it creates K8s resources for me. I use the Helm Secrets plugin that allows security passing secret values into Helm charts, and I'd prefer to use this mechanism for Drone secrets as well, rather than manually create a secret outside the chart.Perhaps a separate
envSecretsin the Helm chart, to facilitate this? Something like:Or, maybe the chart could be clever enough to automagically place everything matching
*_SECRETinto a k8s secret.Happy to submit a PR if you'd accept it.