fresh-borzoni opened a new issue, #3686: URL: https://github.com/apache/fluss/issues/3686
### Search before asking - [x] I searched in the [issues](https://github.com/apache/fluss/issues) and found nothing similar. ### Description #3658 added config providers, so a server.yaml value can be a ${directory:...} marker instead of a literal secret. But on Kubernetes, actually using that with our chart is still manual: you have to wire extraVolumes, mount the Secret, and hand-write the config.providers lines, including allowed.paths, which is easy to get wrong and is the security guard. The chart should make this declarative: say which Secrets you want mounted (or injected as env), and get the provider config generated for you, with allowed.paths and the env allowlist derived from what you declared, so the guards are correct by construction and the rendered ConfigMap never contains secret material. ### Willingness to contribute - [x] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
