Support for using Vault to externalise secrets required for a helm deployment of GitLab

Summary

Guidance on how to externalise secrets to Vault (such as Postgres, LDAP) was requested by a customer. (internal link)

Customers using vault-k8s with their Vault implementation would generally use "serviceAccount", but that's not implemented in the GitLab helm chart.

As an example, the official Postgres chart does this: values.yaml, in deployment

Discussion on slack with @WarheadsSE confirmed that implementation of serviceAccount property in the GitLab official help chart would be the way to go.

Current behavior

No specified way to integrate vault, for secrets such as LDAP, Postgres, Redis.

Expected behavior

There's a documented and supported way to achieve this.

Versions

• Chart: 3.3.0, master