Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for making secretKeyRef optional #8249

Open
skv-anders opened this issue Sep 9, 2024 · 0 comments
Open

Add support for making secretKeyRef optional #8249

skv-anders opened this issue Sep 9, 2024 · 0 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@skv-anders
Copy link

skv-anders commented Sep 9, 2024

Feature request

Currently one can set and environment variable using secretKeyRef in a task. However this means that the secret must be present and have the specified keys. In some cases one might want to support optional features that require additional secrets. Currently, if a secret is optional in a task, the one have to write code to detect and extract the contents of the secret.

Kubernets seems to have similar support for optional secretKeyRef
https://github.com/kubernetes/kubernetes/blob/e9e190c57c61a88a2ba96c4b0688b8eb3a8945a8/pkg/apis/core/types.go#L1762
https://stackoverflow.com/questions/48208705/how-to-mark-secret-as-optional-in-kubernetes

This is how I envision how it should look like in a tekton task:

env:
  - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: smtp-secret
          key: password
          optional: true

Use case

I want to write a "send mail" task, similar to the one in Tekton Hub https://hub.tekton.dev/tekton/task/sendmail
However I don't want to input the optional user and password for connecting to the smtp-server as parameters.
I still want user and password to be optional, but I want them to be stored in a secret, and also not fetched in some earlier task and passed around in the pipeline, since it will expose them more.

It seems that currently I have to add code into the script in the task to check the presense of the secret, check the presense of the keys, and then extract the values. It would be convenient (and less error prune) if the script only needed to check if the environment variables have been set or not.

@skv-anders skv-anders added the kind/feature Categorizes issue or PR as related to a new feature. label Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

No branches or pull requests

1 participant