Name and Version

bitnami/harbor 21.1.1

What is the problem this feature will solve?

Presently, some Secrets in the harbor chart are "baked into", that is, they require providing sensitive values in the values.yaml, which is not secure when using GitOps.

What is the feature you are proposing to solve the problem?

The following changes should allow for zero secrets to be created by the chart, if desired:

1. Add a trivy.existingEnvVarsSecret field that will point to a secret currently created by trivy/trivy-secret-envvars.yaml, do not create the secret if it is provided
2. Move the redis URL from jobservice/jobservice-config-secret.yaml at config.yaml's worker_pool.redis_url to jobservice/jobservice-secret-envvars.yaml at a separate key JOB_SERVICE_POOL_REDIS_URL which the jobservice respects (see https://github.com/goharbor/harbor/blob/main/src/jobservice/config/config.go#L40C42-L40C68)
3. Change jobservice/jobservice-config-secret.yaml from a Secret to a ConfigMap, now that the only sensitive value has been removed
4. Add a jobservice.existingEnvVarsSecret field that will point to a secret currently created by jobservice/jobservice-secret-envvars.yaml, do not create if provided
5. Do not create core/core-secret.yaml if the data section would be empty (i.e. if both core.existingSecret and core.secretName are both provided).

With these changes made, all Secrets are within an if-block, meaning it is possible to configure the chart to emit no Secrets.

I have these changes working in a local copy. I am happy to update the docs and submit a PR if these would be accepted as-is or with minor modifications.

What alternatives have you considered?

Using a different chart.