Secrets demand special handling, and often they are stored, managed and configured in a workflow that is adjacent to application deployment.
OneChart will not generate a Kubernetes
Secret object, but can reference one.
You must place your application secrets in Kubernetes in a
Secret object, named the same way as your application deployment.
OneChart can reference this secret, and includes all of its entries in the deployment.
The secret name must match the release name.
my-release in this example.
Check the Kubernetes manifest:
cat << EOF > values.yaml
helm template my-release onechart/onechart -f values.yaml
Using encrypted secret values
OneChart can be used with Bitnami's Sealed Secrets, as it generates a
SealedSecret resource that can be stored even in git.
We recommend that you seal your
values.yaml file with Gimlet CLI:
gimlet seal -f values.yaml \ -o values.yaml \ -p sealedSecrets \ -k sealingKey.crt