From 7c3874bb2682004c5cdbcb252b3182356f793427 Mon Sep 17 00:00:00 2001
From: paulgrainger85 <pagrainger@gmail.com>
Date: Fri, 30 Aug 2024 08:54:54 +0100
Subject: [PATCH] docs: Add comments in values.yaml related to secrets (#50)

* add comments on how to use secrets

* fix example of config map
---
 charts/kestra/values.yaml | 41 +++++++++++++++++++++++++++++++++------
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/charts/kestra/values.yaml b/charts/kestra/values.yaml
index 99be748..4dedef8 100644
--- a/charts/kestra/values.yaml
+++ b/charts/kestra/values.yaml
@@ -5,23 +5,49 @@ image:
   pullPolicy: Always
 
 imagePullSecrets: []
+# - name: regcred
 
+### Configuration for Kestra Deployment
+## The following 4 sections can be used to set up the Kestra configuration
+## Please note the secrets defined here are purposely for configuration your Kestra server
+## To use secrets in your flows, please see below under "Application Secrets"
 
-### Configurations for deployments
+### This creates a config map of the Kestra configuration
 configuration: {}
+# Example: Setting the plugin defaults for the Docker runner
+#   kestra:
+#     plugins:
+#       configurations:
+#         - type:  io.kestra.plugin.scripts.runner.docker.Docker 
+#           values:
+#             volume-enabled: true
 
 
-### Secrets for deployments
+### This will create a Kubernetes Secret for the values provided
+## This will be appended to kestra-secret with the key application-secrets.yml
 secrets: {}
-
-### Load configuration from existing secret
+# Example: Store your postgres backend credentials in a secret
+#   secrets:
+#     kestra:
+#       datasources:
+#         postgres:
+#           username: pguser
+#           password: mypass123
+#           url: jdbc:postgresql://pghost:5432/db
+
+### Load Kestra configuration from existing secret
+## Here this assumes the secret is already deployed and the following apply:
+## 1. The secret type is "Opaque"
+## 2. The secret has a single key
+## 3. The value of the secret is the base64 encoded Kestra configuration.
 externalSecret: {}
   #secretName: secret-name
-  #key: key-inside-the-secret.yml
+  #key: application-kestra.yml
 
 ### configuration files
+## This option allows you to reference existing local files to configure Kestra, e.g. 
 configurationPath:
-
+# configurationPath: /app/application.yml,/app/application-secrets.yml
 
 ### Kestra executable
 executable: /app/kestra
@@ -253,6 +279,9 @@ extraSecretEnvFrom:
   # - name: my-existing-with-prefix
   #   prefix: SECRET_
 
+### Application Secrets
+## To pass in secrets of your applications, services etc to Kestra please see the following:
+## https://kestra.io/docs/how-to-guides/kubernetes-secrets
 
 podSecurityContext: {}
 # fsGroup: 2000