π Prerequisites
π Feature Summary
Create a feature flag for helm secrets
β Problem Statement / Motivation
- provider secrets are created by default
- helm/kagent/templates/secret.yaml comments state that the app container will fail if the secret is NULL.
- if a user wants to deploy via helm and has a secret manager (external-secrets) there will be conflicts/duplication.
- if a user wants to deploy via helm delcaratively (argocd) & with a secret manager, there will be ownership warnings.
π‘ Proposed Solution
would be good to have a feature-flag for the secret creation, per provider.
providers.openAI.secretCreation.enabled
providers:
default: openAI
openAI:
secretCreation: false
provider: OpenAI
model: "gpt-4.1-mini"
apiKeySecretRef: kagent-openai
apiKeySecretKey: OPENAI_API_KEY{{- $dot := . }}
{{- $model := index $dot.Values.providers $dot.Values.providers.default }}
{{- if $model.secretCreation.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $model.apiKeySecretRef | quote }}
labels:
{{- include "kagent.labels" $dot | nindent 4 }}
type: Opaque
data:
{{/* to prevent app container to fail with empty key use default - */}}
{{ $model.apiKeySecretKey | default (printf "%s_API_KEY" $model.provider | upper) }}: {{ $model.apiKey | default "-" | b64enc }}
{{- end }}π Alternatives Considered
No response
π― Affected Service(s)
App Service
π Additional Context
No response
π Are you willing to contribute?
π Prerequisites
π Feature Summary
Create a feature flag for helm secrets
β Problem Statement / Motivation
π‘ Proposed Solution
would be good to have a feature-flag for the secret creation, per provider.
providers.openAI.secretCreation.enabledπ Alternatives Considered
No response
π― Affected Service(s)
App Service
π Additional Context
No response
π Are you willing to contribute?