refactor(helm): Allow chart operators to exclude the creation of the secret manifest (#28308)

Author: asaf400

helm/superset/Chart.yaml

@@ -29,7 +29,7 @@ maintainers:
   - name: craig-rueda
     email: [email protected]
     url: https://github.com/craig-rueda
-version: 0.12.9
+version: 0.12.10
 dependencies:
   - name: postgresql
     version: 12.1.6

helm/superset/README.md

@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs
 
 # superset
 
-![Version: 0.12.9](https://img.shields.io/badge/Version-0.12.9-informational?style=flat-square)
+![Version: 0.12.10](https://img.shields.io/badge/Version-0.12.10-informational?style=flat-square)
 
 Apache Superset is a modern, enterprise-ready business intelligence web application
 
@@ -117,6 +117,8 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
 | redis | object | see `values.yaml` | Configuration values for the Redis dependency. ref: https://github.com/bitnami/charts/blob/master/bitnami/redis More documentation can be found here: https://artifacthub.io/packages/helm/bitnami/redis |
 | resources | object | `{}` |  |
 | runAsUser | int | `0` | User ID directive. This user must have enough permissions to run the bootstrap script Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure |
+| secretEnv | object | `{"create":true}` | Specify rather or not helm should create the secret described in `secret-env.yaml` template |
+| secretEnv.create | bool | `true` | Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator) note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"` |
 | service.annotations | object | `{}` |  |
 | service.loadBalancerIP | string | `nil` |  |
 | service.nodePort.http | int | `"nil"` |  |

helm/superset/templates/secret-env.yaml

@@ -16,7 +16,7 @@
  limitations under the License.
 
 */}}
-
+{{- if .Values.secretEnv.create -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -51,3 +51,4 @@ stringData:
     {{ $key }}: {{ $value | quote }}
     {{- end }}
     {{- end }}
+{{- end }}

helm/superset/values.yaml

@@ -31,6 +31,12 @@ fullnameOverride: ~
 # Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure
 runAsUser: 0
 
+# -- Specify rather or not helm should create the secret described in `secret-env.yaml` template
+secretEnv:
+  # -- Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator)
+  # note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"`
+  create: true
+
 # -- Specify service account name to be used
 serviceAccountName: ~
 serviceAccount: