Why many official helm charts include Passwords/Credentials in Values.yaml?

8/19/2019

I noticed that many official charts hosted on Google or Bitnami repositories are including Username/Password/Credentials in the Values file, without giving you the ability to use an existing secret.

Can you helm me understand what would be the reason behind such approach?

As far as I know, including clear credentials in helm charts is not a best-practice.

-- Sobiaholic
kubernetes
kubernetes-helm

3 Answers

8/20/2019

I think it's not a good practice, however as mentioned by @Crou, it's quick. In general, I think each Helm Chart should give an option to define your credentials as secrets.

We do it in the Hazelcast Helm Charts by giving this option. I think that's the best-practice for Helm Charts.

-- RafaƂ Leszko
Source: StackOverflow

8/19/2019

I think the maintainers expect you to override those default values when you create a release for something that's worth protecting. You can do this with your own values file or with the --set runtime flag.

-- switchboard.op
Source: StackOverflow

8/19/2019

Because it's quicker and it will work out of the box.

If you try to use the already existing secret, it has to be in the same namespace as the deployment. If it's not then it has to be copied and validated if it was moved correctly.

You should not really on unchanged charts on prod environment as @switchboard.op mentioned.

I think most app that are being rewritten for GoogleCloudPlatform/click-to-deploy are using secrets.

-- Crou
Source: StackOverflow