Storing in values.yaml in GitHub

[mergwyn]

Hi, sorry if this is a basic question - I am hoping to use this chart with argocd but I cannot work out whether it is safe to commit my clusterid to GitHub in plain text in my values file. If not, I’ll try and work up a PR to allow it to be stored in a secret.

[jongarner]

Hi, cluster_id is used to map the cluster to your CloudCasa account so its best to keep it private. At the moment the chart doesn't support reading the value from a secret.

One option is to provide the helm value cluster_id in ArgoCD helm parameters, this way it can be read from environment vars/vault at runtime.

[mergwyn]

I'll give this a go when I get chance. My thinking is that I will add values.secretName and then in the template will conditionally set AMDS_CLUSTER_ID using valueFrom and secretKeyRef if secretName is defined, otherwise will set from cluster_id as currently. Should be a non-breaking change if I do it correctly!

[mergwyn]

This is what I had in mind:

         - name: AMDS_CLUSTER_ID
            {{ if .Values.secretName }}
            valueFrom:
              secretKeyRef:
               key: cluster_id
               name: {{ .Values.secretName }}
            {{ else }}
            value: {{ .Values.cluster_id }}
            {{ end }}