feat(charts): Update helm chart to support password from secret

[ashotland]

Using next release added capability of setting dragonfly password with the
DFLY_PASSWORD environment variable

[ashotland]

Hi @tamcore - first helm change for me, so I hope this makes sense.
Hope you can review, appreciate any comments.

[tamcore]

Hi @ashotland,

generally, seems ok :) But, for something like that, usually the term you'd be looking for is existingSecret. And missing some values for it in the ci/ subfolder.

So I'd make the following proposal:

• rename secretName and secretKey to existingSecret.name/.key
  • for the case where the user will pre-provision the secret
• add a key password
  • which would create the Secret and mount it appropriately for the user
  • (This would target users like myself, who have credentials like that SOPS encrypted directly next to the primary values.yaml used for the deployment.)

But I'm gonna leave that up to you :)

[ashotland]

Thanks @tamcore for the comments.

I'll apply the suggested rename and followup with secret creation in a later PR.

[tamcore]

I suggest adding

extraObjects:
- apiVersion: v1
  kind: Secret
  metadata:
    name: dfly-password
  stringData:
    password: foobar

to ci/passwordsecret-values.yaml. Then you can properly reference the Secret dfly-password and the key password, and the check should no longer fail :)

[ashotland]

Thanks @tamcore :)

[tamcore]

LGTM 👍

If you'd want, you could now be lazy and just make it

    {{- with .Values.passwordFromSecret.existingSecret }}
      - name: DFLY_PASSWORD
        valueFrom:
          secretKeyRef:
            {{- toYaml . | nindent 12 }}
    {{- end }}

and default passwordFromSecret to {} while having name and key commented out. Then the enabled flag wouldn't even be needed. But there's no true right or wrong :)