Use Secret for st2.docker.conf instead of ConfigMap

[pshanoop]

Here all these credentials are stored in ConfigMap

Doesn't it make more sense to use Secret since this contains credentials.

[cognifloyd]

This is supported via st2.existingConfigSecret. You create a secret with your st2.conf contents, and then pass that secret name to the chart. It then gets mounted like this:

stackstorm-k8s/templates/_helpers.tpl

Lines 167 to 171 in fabbea9

	{{- if $.Values.st2.existingConfigSecret }}
	- name: st2-config-secrets-vol
	mountPath: /etc/st2/st2.secrets.conf
	subPath: st2.secrets.conf
	{{- end }}

stackstorm-k8s/templates/_helpers.tpl

Lines 177 to 181 in fabbea9

	{{- if $.Values.st2.existingConfigSecret }}
	- name: st2-config-secrets-vol
	secret:
	secretName: {{ $.Values.st2.existingConfigSecret }}
	{{- end }}

The value is described here:

stackstorm-k8s/values.yaml

Lines 112 to 116 in fabbea9

	# Custom StackStorm config (st2.secrets.conf) which will be created from the key 'st2.secrets.conf' within this secret.
	# If this is defined, '--config-file=/etc/st2/st2.secrets.conf' will be added to the end of the command line arguments
	# for all pods, superseding all other configuration values.
	# This secret must be populated outside of this chart.
	# existingConfigSecret: stackstorm-config-secret

Does that resolve your concerns?