Update Helm Chart to Use External Secrets

[jinzishuai]

This is one way to address #1722 and it works on my EKS environment and RDS and Google SSO.

• It supports adding service annotations so that we could use AWS NLB
• All Postgres secrets can be stored in AWS secrets manager and we can use External Secrets Operator to create an k8s secrets that it used by the helm chart, not limited to username/password, but also the hostname, port and db name
• Additional secrets can be mounted via the externalSecret value which allows setting up SSO
• Additional value of none for cache_type

This way, we don't need to store any sensitive data in plain text and becomes production ready.

[crivetimihai]

Thank you, would this also close: [Feature Request]: Support for External Secrets via customEnvFrom #1917?

[mekedron]

Hey @jinzishuai @crivetimihai

I checked your PR and I can confirm it would close #1917

I would recommend you renaming this parameter from externalSecret to extraEnvVarsSecret, similar to Bitnami helm charts, as it's naming become a standard, and add 2 more extraEnvVars and extraEnvVarsCM

As you can see these parameters were used there for years https://github.com/bitnami/charts/tree/main/bitnami and became a standard in almost every helm chart