Add optional password secret

[derfabianpeter]

Reworked the solution as suggested in PR71.

Still WIP. With the current implementation (using HELM's built-in htpasswd function), login with configured credentials is not possible. I suspend this to be a result of HELM's htpasswd not using bycrypt.

[funkypenguin]

I got auto-tagged as a codeowner reviewer, but the latest comment says this is still a WIP. Let me know if / when you'd like me to review ;)

[derfabianpeter]

Hi, I’ve added a bit of context to the PR in the p3r Slack as there’s room for discussion

…

Am 17.08.2021 um 07:13 schrieb David Young ***@***.***>: I got auto-tagged as a codeowner reviewer, but the latest comment says this is still a WIP. Let me know if / when you'd like me to review ;) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#72 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABVPBPNYFVDWHBMM4TT5M5TT5HVV7ANCNFSM5CH3563A>.

[Amphaal]

Sorry to dig back this PR, but I also tried to configure default password with Helm / Ansible.

I went with something like this right after invoking the helm initial installation in my Ansible playbook:

Right before, creating my own secret using kubernetes.core.k8s:

apiVersion: v1
kind: Secret
metadata:
  name: portainer-admin
  namespace: portainer
stringData:
  portainer-pass: |
    {{ portainer_admin_password | indent(4) }}

Then, in my playbook

- name: Load facts
  ansible.builtin.set_fact:
    portainer_pod_args_replace:
      - op: replace
        path: /spec/template/spec/volumes
        value:
          - name: admin-pwd
            secret:
              secretName: portainer-admin
      - op: replace
        path: /spec/template/spec/containers/0/volumeMounts
        value:
          - name: admin-pwd
            mountPath: /run/secrets
      - op: replace
        path: /spec/template/spec/containers/0/args
        value:
          - --admin-password-file='/run/secrets/portainer-pass'

#
- name: Patch with admin password
  ansible.builtin.command: "kubectl patch deployment portainer -n portainer --type='json' -p='{{ portainer_pod_args_replace | to_json }}'"

I think that we should not create the secret manifest automatically w/ Helm. Rather, document that the user has to do it with the tools at his disposal, and just add to helm definition something like:

auth:
   admin:
      secretName: "" # defaults to portainer-admin
      secretDataKey: "" # defaults to portainer-pass