Request to add helm chart secret options for Trino Gateway chart

[chcro]

When deploying the chart, I wanted to pre-create the secret for the config as an encrypted sealed-secret, as it holds credentials. I am doing this with ArgoCD. The default helm chart overwrites the existing secret with default data. I had to copy the helm chart locally and remove the secret.yaml template to stop this from happening. Can there be a config.secret flag to use existing secret, skipping the secret creation?

[nineinchnick]

What default secret are you talking about? Use .Values.secretMounts, .Values.coordinator.secretMounts, .Values.worker.secretMounts, or .Values.auth.passwordAuthSecret. See https://trinodb.github.io/charts/charts/trino/ for full documentation of available values.

[wccropper]

Sorry. This is for the gateway chart.

[nineinchnick]

Can you post your values.yaml file to explain which credentials we're talking about?

[chcro]

The helm chart takes the config section of the values and creates a secret (trino-gateway-configuration). This holds the postgres db creds and admin account password. I want to create this secret beforehand and not put it into the values. I will store the secret encrypted in the git and deploy it with argocd. If I remove the config section the helm chart will not deploy. If I put it in as empty it overwrites my secret with default values. I'm looking for an option that if set will ignore the config section and take the existing secret instead. As it stands I have to clone the repo and remove the secret template to bypass this.

note: I have made it work. I'm sure others will want to keep their secrets out of the main values file as well.

This is the section of values that will be used to create the secret, and is used if the secret template is not removed, overwriting the existing secret.

config:
  serverConfig:
    node.environment: test
    http-server.http.port: 8080
    http-server.http.enabled: true
  dataStore:
    # -- The connection details for the backend database for Trino Gateway and Trino query history
    jdbcUrl: jdbc:postgresql://localhost:5432/gateway
    user: postgres
    password: mysecretpassword
    driver: org.postgresql.Driver
  clusterStatsConfiguration:
    monitorType: INFO_API

Here is my pre-created secret:

serverConfig:
    node.environment: production
    http-server.http.port: 8080
    http-server.process-forwarded: true
dataStore:
    jdbcUrl: jdbc:postgresql://tgw-postgres.tgw.svc.cluster.local:5432/tgw
    user: tgw
    password: passwd
    driver: org.postgresql.Driver
clusterStatsConfiguration:
    monitorType: INFO_API
authentication:
    defaultType: form
    form:
        selfSignKeyPair:
            privateKeyRsa: /etc/form-auth-rsa/private.pem
            publicKeyRsa: /etc/form-auth-rsa/public.pem
authorization:
    admin: (.*)ADMIN(.*)
    api: (.*)API(.*)
    user: (.*)USER(.*)
presetUsers:
    tgwadmin:
        password: passwd
        privileges: ADMIN_USER_API
routingRules:
    rulesConfigPath: /etc/routing-rules/routing-rules.yaml
    rulesEngineEnabled: true

[mosabua]

That makes sense .. would you want to send a PR to implement a similar approach on how its done in the trino chart @chcro or @wccropper ..

Alternatively @willmostly might get around to it ..