Reference a secret for external DB

[doteater]

Hey folks,

Looks like when I want to deploy ERPNext with this chart using an external DB I need to hard code the root password in values.yaml.
It seems like in order to switch to a secret ref I'd need to use kustomize or otherwise make changes to the chart. Unless I'm missing something.

I'd like to be able to store my values.yaml in source control without hardcoded secrets and it seems like that currently requires an extra step.

Thanks!

[revant]

The secret part you can override through env var during cli execution.

Or use helm template to generate yamls and use it with kubectl.

The secret is only used for create-site job, if that job is executed separate as it should (to add multiple sites to bench) you can take the secret and job creation external to helm release.

Create site and drop site are the commands that need root password.

[doteater]

Thanks for your assistance @revant

I ended up running this initially for deployment:

dbHost=external-mariadb.mariadb dbPost=3306 dbRootUser=root dbRootPassword=MySecretPw dbRds=false helm upgrade --install frappe-bench --namespace erpnext frappe/erpnext -f erpnext-values.yaml

then I can disable the create site job and drop the env variables when making changes going forward:

helm upgrade --install frappe-bench --namespace erpnext frappe/erpnext -f erpnext-values.yaml

For anyone else who runs into this, don't forget to purge any old values.yaml commits that include creds or start a new repo from scratch.

In my mind being able to specify a secret for external db creds would be ideal, but this works!