Turn credential from secret

[yellowmegaman]

Hi there! Thanks for an amazing project.

I'm struggling with only one thing at the moment.

This is the snippet of chart values we're using:

  podHostNetwork: false
  storeKeysInSecret:
    enabled: true
    existingSecret: livekit-access
  deploymentStrategy:
    type: "Recreate"
  livekit:
    log_level: info
    rtc:
      use_external_ip: false
      port_range_start: 50000
      port_range_end: 60000
      tcp_port: 7881
      stun_servers:
        - "redacted:3478"
      turn_servers:
        - host: "redacted"
          username: this_is_the_problem
          credential: this_is_the_problem
          protocol: "udp"
          port: "3478"
    redis:
      address: redis.redisr.svc.cluster.local:6379
      db: 2
      username: "redacted"
      password: "redacted"
    key_file: keys.yaml
    turn:
      enabled: true
      domain: turn-redacted.com
      tls_port: 5349
      external_tls: true
      serviceType: "ClusterIP"

Is there a way to reference/provide via other means the values for turn_servers credential here? And for the redis too.

Maybe I'm missing something, but I've explored pretty much all options available with ArgoCD, and none are working for this case. We had helmfile before, and we could just reference k8s secret here and input, but it's not great either.

Thanks a bunch in advance!

[indexds]

Hello, I don't know about the turn secrets but for the redis part this is still an issue as of late. The only way I found is to have these values as defaults in values.yaml and overwrite them with flux, but this still results in secrets being present in the internal gitlab which is highly insecure. See #7 for more info.