docs(helm): clarify secrets-related warning in README (#847)

reanahub · Nov 22, 2024 · c2a16fd · c2a16fd
1 parent cb9e17a
commit c2a16fd
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/helm/reana/README.md b/helm/reana/README.md
@@ -98,18 +98,18 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `reana_hostname`                                         | REANA hostname (e.g. reana.example.org)                                              | None                                            |
 | `namespace_runtime`                                      | Namespace in which the REANA runtime pods (workflow engines, jobs etc...) will run   | `.Release.Namespace`                            |
 | `naming_scheme`                                          | REANA component naming scheme                                                        | None                                            |
-| `secrets.cache.password`                                 | **[Do not use in production, use secrets instead]** Cache (Redis) password           | None                                            |
+| `secrets.cache.password`                                 | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** Cache (Redis) password | None                                      |
 | `secrets.cern.sso.CERN_CONSUMER_KEY`                     | CERN SSO consumer key                                                                | None                                            |
-| `secrets.cern.sso.CERN_CONSUMER_SECRET`                  | **[Do not use in production, use secrets instead]** CERN SSO consumer secret         | None                                            |
-| `secrets.database.password`                              | **[Do not use in production, use secrets instead]** PostgreSQL database password     | None                                            |
+| `secrets.cern.sso.CERN_CONSUMER_SECRET`                  | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** CERN SSO consumer secret | None                                    |
+| `secrets.database.password`                              | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** PostgreSQL database password | None                                |
 | `secrets.database.user`                                  | PostgreSQL database username                                                         | None                                            |
 | `secrets.gitlab.REANA_GITLAB_HOST`                       | Hostname of the GitLab instance                                                      | None                                            |
 | `secrets.gitlab.REANA_GITLAB_OAUTH_APP_ID`               | GitLab OAuth application id                                                          | None                                            |
-| `secrets.gitlab.REANA_GITLAB_OAUTH_APP_SECRET`           | **[Do not use in production, use secrets instead]** GitLab OAuth application secret  | None                                            |
-| `secrets.login`                                          | **[Do not use in production, use secrets instead]** Third-party Keycloak identity provider consumer key and secret ([configuration details](https://docs.reana.io/administration/configuration/configuring-access/#keycloak-single-sign-on-configuration)) | `{}` |
+| `secrets.gitlab.REANA_GITLAB_OAUTH_APP_SECRET`           | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** GitLab OAuth application secret | None                             |
+| `secrets.login`                                          | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** Third-party Keycloak identity provider consumer key and secret ([configuration details](https://docs.reana.io/administration/configuration/configuring-access/#keycloak-single-sign-on-configuration)) | `{}` |
 | `secrets.message_broker.user`                            | Message broker (RabbitMQ) username.                                                  | test                                            |
-| `secrets.message_broker.password`                        | **[Do not use in production, use secrets instead]** Message broker (RabbitMQ) password | 1234                                          |
-| `secrets.reana.REANA_SECRET_KEY`                         | **[Do not use in production, use secrets instead]** REANA encryption secret key      | None                                            |
+| `secrets.message_broker.password`                        | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** Message broker (RabbitMQ) password | 1234                          |
+| `secrets.reana.REANA_SECRET_KEY`                         | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** REANA encryption secret key | None                                 |
 | `serviceAccount.create`                                  | Create a service account for the REANA system user                                   | true                                            |
 | `serviceAccount.name`                                    | Service account name                                                                 | reana                                           |
 | `shared_storage.access_modes`                            | Shared volume access mode                                                            | ReadWriteMany                                   |
@@ -121,7 +121,7 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `shared_storage.cephfs.os_secret_namespace`              | **[CERN only]** Namespace of the OpenStack credentials Secret object                 | kube-system                                     |
 | `shared_storage.cephfs.provisioner`                      | **[CERN only]** CephFS provisioner                                                   | manila-provisioner                              |
 | `shared_storage.cephfs.type`                             | **[CERN only]** CephFS availability zone                                             | "Geneva CephFS Testing"                         |
-| `shared_storage.volume_size`                             | Shared volume size                                                                   | 200                                             |
+| `shared_storage.volume_size`                             | Shared volume size                                                                   | 200                                             |
 | `shared_storage.shared_volume_mount_path`                | Path inside the REANA components where the shared volume will be mounted             | /var/reana                                      |
 | `shared_storage.hostpath.root_path`                      | Path to the REANA directory inside the underlying storage volume                     | /var/reana                                      |
 | `traefik.*`                                              | Pass any value from [Traefik Helm chart values](https://github.com/helm/charts/tree/master/stable/traefik#configuration) here, e.g. `traefik.rbac.enabled=true` | - |