Work has started on GimletD, the server-side release manager component. Read the proposal

Secrets

Secrets demand special handling, and often they are stored, managed and configured in a workflow that is adjacent to application deployment.

OneChart will not generate a Kubernetes Secret object, but can reference one.

You must place your application secrets in Kubernetes in a Secret object, named the same way as your application deployment. OneChart can reference this secret, and includes all of its entries in the deployment.

The secret name must match the release name. my-release in this example.

image:
repository: nginx
tag: 1.19.3

secret:
enabled: true

Check the Kubernetes manifest:

cat << EOF > values.yaml
image:
repository: nginx
tag: 1.19.3

secret:
enabled: true
EOF


helm template my-release onechart/onechart -f values.yaml

Using encrypted secret values

OneChart can be used with Bitnami's Sealed Secrets, as it generates a SealedSecret resource that can be stored even in git.

image:
repository: nginx
tag: 1.19.3

sealedSecrets:
secret1: secret-value-to-be-sealed
secret2: another-secret-to-be-sealed

We recommend that you seal your values.yaml file with Gimlet CLI:

gimlet seal -f values.yaml \
  -o values.yaml \
  -p sealedSecrets \
  -k sealingKey.crt
# values.yaml
image:
repository: nginx
tag: 1.19.3

sealedSecrets:
secret1: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEq...
secret2: ewogICJjcmVk...