Hi everyone, I have a question regarding enabling the Google OIDC auth in a Kubernetes cluster. The deployment template for datahub-frontend assumes you will put the plain text value of the client secret in our custom values.yaml file. However, we want to commit our custom values.yaml file into our git repo and therefore cannot put the client secret there. If we want to store the the client secret in Kubernetes's secret store, then it seems that we need to modify the deployment template to something like below. And we probably want to do it in a backward compatible way so that it doesn't break existing setup that has the client secret in the values.yaml file.

valueFrom:
  secretKeyRef:
    name: {{ .Values.oidcAuthentication.clientSecret.secretRef }}
    key: {{ .Values.oidcAuthentication.clientSecret.secretKey }}

I am new to Helm, could someone experienced confirm that this is the right direction or there is some alternative that doesn't require changing the deployment template?

you can use below configuration in values.yaml to set client secret https://github.com/acryldata/datahub-helm-fork/blob/acryl-main/charts/datahub/subcharts/datahub-frontend/values.yaml#:~:text=%23%20[…]lient%2Dsecret README.md - https://github.com/acryldata/datahub-helm/blob/master/charts/datahub/subcharts/datahub-frontend/README.md#:~:text=oidcAuthent[…]0identity%20provider It will set environment variable in deploymet.yaml using those values

Thank you @bumpy-needle-3184! I got a 404 when clicking on the first link. Could you please check?

yes it would require modification like you mentioned earlier to pass k8s secret name instead of its value

valueFrom:
  secretKeyRef:
    name: {{ .Values.oidcAuthentication.clientSecret.secretRef }}
    key: {{ .Values.oidcAuthentication.clientSecret.secretKey }}

Ok, thank you!