From c2a16fde22c0361e3a15e578714cffc900188bdd Mon Sep 17 00:00:00 2001 From: Marco Donadoni Date: Thu, 27 Jun 2024 17:36:39 +0200 Subject: [PATCH] docs(helm): clarify secrets-related warning in README (#847) --- helm/reana/README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/helm/reana/README.md b/helm/reana/README.md index 0697a532..2518f711 100644 --- a/helm/reana/README.md +++ b/helm/reana/README.md @@ -98,18 +98,18 @@ This Helm automatically prefixes all names using the release name to avoid colli | `reana_hostname` | REANA hostname (e.g. reana.example.org) | None | | `namespace_runtime` | Namespace in which the REANA runtime pods (workflow engines, jobs etc...) will run | `.Release.Namespace` | | `naming_scheme` | REANA component naming scheme | None | -| `secrets.cache.password` | **[Do not use in production, use secrets instead]** Cache (Redis) password | None | +| `secrets.cache.password` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** Cache (Redis) password | None | | `secrets.cern.sso.CERN_CONSUMER_KEY` | CERN SSO consumer key | None | -| `secrets.cern.sso.CERN_CONSUMER_SECRET` | **[Do not use in production, use secrets instead]** CERN SSO consumer secret | None | -| `secrets.database.password` | **[Do not use in production, use secrets instead]** PostgreSQL database password | None | +| `secrets.cern.sso.CERN_CONSUMER_SECRET` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** CERN SSO consumer secret | None | +| `secrets.database.password` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** PostgreSQL database password | None | | `secrets.database.user` | PostgreSQL database username | None | | `secrets.gitlab.REANA_GITLAB_HOST` | Hostname of the GitLab instance | None | | `secrets.gitlab.REANA_GITLAB_OAUTH_APP_ID` | GitLab OAuth application id | None | -| `secrets.gitlab.REANA_GITLAB_OAUTH_APP_SECRET` | **[Do not use in production, use secrets instead]** GitLab OAuth application secret | None | -| `secrets.login` | **[Do not use in production, use secrets instead]** Third-party Keycloak identity provider consumer key and secret ([configuration details](https://docs.reana.io/administration/configuration/configuring-access/#keycloak-single-sign-on-configuration)) | `{}` | +| `secrets.gitlab.REANA_GITLAB_OAUTH_APP_SECRET` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** GitLab OAuth application secret | None | +| `secrets.login` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** Third-party Keycloak identity provider consumer key and secret ([configuration details](https://docs.reana.io/administration/configuration/configuring-access/#keycloak-single-sign-on-configuration)) | `{}` | | `secrets.message_broker.user` | Message broker (RabbitMQ) username. | test | -| `secrets.message_broker.password` | **[Do not use in production, use secrets instead]** Message broker (RabbitMQ) password | 1234 | -| `secrets.reana.REANA_SECRET_KEY` | **[Do not use in production, use secrets instead]** REANA encryption secret key | None | +| `secrets.message_broker.password` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** Message broker (RabbitMQ) password | 1234 | +| `secrets.reana.REANA_SECRET_KEY` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** REANA encryption secret key | None | | `serviceAccount.create` | Create a service account for the REANA system user | true | | `serviceAccount.name` | Service account name | reana | | `shared_storage.access_modes` | Shared volume access mode | ReadWriteMany | @@ -121,7 +121,7 @@ This Helm automatically prefixes all names using the release name to avoid colli | `shared_storage.cephfs.os_secret_namespace` | **[CERN only]** Namespace of the OpenStack credentials Secret object | kube-system | | `shared_storage.cephfs.provisioner` | **[CERN only]** CephFS provisioner | manila-provisioner | | `shared_storage.cephfs.type` | **[CERN only]** CephFS availability zone | "Geneva CephFS Testing" | -| `shared_storage.volume_size`               | Shared volume size | 200 | +| `shared_storage.volume_size` | Shared volume size | 200 | | `shared_storage.shared_volume_mount_path` | Path inside the REANA components where the shared volume will be mounted | /var/reana | | `shared_storage.hostpath.root_path` | Path to the REANA directory inside the underlying storage volume | /var/reana | | `traefik.*` | Pass any value from [Traefik Helm chart values](https://github.com/helm/charts/tree/master/stable/traefik#configuration) here, e.g. `traefik.rbac.enabled=true` | - |