Skip creating core/jobservice secrets when using external secrets#2289
Skip creating core/jobservice secrets when using external secrets#2289eidmantas wants to merge 1 commit intogoharbor:mainfrom
Conversation
When all secret fields are sourced from external secrets (e.g., via ExternalSecrets operator), the chart was still creating empty Secret objects with only metadata. This caused conflicts and confusion. Added helper functions to determine if secrets should be created: - harbor.core.createSecret - harbor.jobservice.createSecret The secrets are now only created when at least one data field would be populated. If all fields use existingSecret references, the Secret object is skipped entirely.
|
Also now I am thinking, we probably need to deal with annotations as well? Or is cksum of 0 fine? At least local templating worked fine. |
|
Hi @eidmantas , I would take the
Could you elaborate more in your scenario what is |
|
Hey @MinerYang , for example storing secrets in an external engine for all, and then using ExternalSecrets in k8s, or some other mechanism to create k8s secrets and use those instead of the helm generated ones. |
|
This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days. |
|
This is still relevant |
3 participants
Hello, I noticed that when you move all secrets to an external (non-helm generated) source - the secrets still remain and cause confusion for peers.
I thought about adding a helper function and if everything is moved, then we do not create a secret at all.