simplify values + secret templating #4328
Description
we need to make it easier to populate the Secrets from a smaller set of actual values stored in vault (or locally on the file system if need be).
see an early iteration here: #4323
but after various discussions we're thinking of a simpler approach.
- when using
jx step helm applyallowvalues.yamlfiles to use go/helm templates liketemplates/foo.yamldoes inside helm charts so that we can generate value/secret strings which can use templating to compose things from smaller secret values. e.g. creating a mavensettings.xmlfile or dockerconfig.jsonwhich includes many user/passwords for different registries - we can then check in the
values.yamlfile which does all of this composition and reference the actual secret values via URLs (or template functions) to access vault or local vault files
Parameters
- have a way to define common parameters used to inject into multiple charts
values.yamlfiles. e.g. we use thepipelineUser.usernameandpipelineUser.tokenin many apps (prow, tekton, secret templates for jenkins x platform et al) - have a way to define the JSON schema of the parameters (like we do with values.yaml editing in Apps) and map the parameters to a URL for vault / local storage
Use go templating in values.yaml
So that we can easily reuse value or secret parameters (from vault / local files) in any values.yaml value expression we enable go templating in values.yaml files. This lets us refer to a named parameter anywhere in any value in any values.yaml file in any chart.
e.g. we can inject the login/pwd of a particular registry inside the maven settings.xml file in a values.yaml value - ditto for each user/pwd for each docker registry in the docker config.json secret.
To do this we use {{ .Parameter.pipelineUser.token }} syntax somewhere in the values.yaml file.
In addition we can use {{ secret "vault:/foo/bar" }} syntax to inject URLs from physical locations or disk etc