Support external secrets for service tokens and xsrf #1373
Conversation
darend
force-pushed
the
support-external-secrets
branch
from
710a030 to
4c5f9d3
Compare
|
Thanks for contributing to harbor-helm! |
This is related to previous requests including #189 and #1179. A growing practice is to use gitops to automate deployment of charts (ie: argocd). Without external secret supports the sensitive values will need to be defined in the values file, or rely on the autogenerated helm values. Exposing in the values file is not secure. Relying on autogenerated values can lead to challenges where every run will produce new values for the secrets. This PR will address this limitation for all of the the remaining sensitive values. |
|
Hi @zyyw , do you have any concerns with this change? |
darend
force-pushed
the
support-external-secrets
branch
from
4c5f9d3 to
8e24019
Compare
|
@zyyw I have rebased after chart museum was removed |
|
Hi! Any progress on that PR? As was said before, It would help users of ArgoCD. Especially as ArgoCD provides a valuable information regarding synchronisation status between what's deployed and what's would be deployed based on git. Having the xsrf regenerated every time we render the Helm template to check if there is drift makes it so that it's either always out of sync, or always synchronizing, which is usually not practical. |
|
Hi @zyyw , any news about this? |
|
@darend sorry for troubling you. Would you mind rebasing the main branch and resolving the conflicts? I'll create a separate PR based on this one if we haven't heard from you in one week. But credits go to you. |
|
Hi @zyyw , I will work on rebasing over the next few days |
|
Sounds great! |
Signed-off-by: Daren Desjardins <[email protected]>
darend
force-pushed
the
support-external-secrets
branch
from
8e24019 to
cd6ab34
Compare
|
zyyw it has been rebased |
|
Awesome! |
Add support for using external/existing secrets for the following keys: