Support overriding existing secrets (minio#14690)

helm/minio/templates/_helpers.tpl

@@ -186,3 +186,33 @@ Formats volume for MinIO TLS keys and trusted certs
     {{- end }}
 {{- end }}
 {{- end -}}
+
+{{/*
+Returns the available value for certain key in an existing secret (if it exists),
+otherwise it generates a random value.
+*/}}
+{{- define "minio.getValueFromSecret" }}
+  {{- $len := (default 16 .Length) | int -}}
+  {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
+  {{- if $obj }}
+      {{- index $obj .Key | b64dec -}}
+  {{- else -}}
+      {{- randAlphaNum $len -}}
+  {{- end -}}
+{{- end }}
+
+{{- define "minio.root.username" -}}
+  {{- if .Values.rootUser }}
+    {{- .Values.rootUser | toString }}
+  {{- else }}
+    {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 20 "Key" "rootUser") }}
+  {{- end }}
+{{- end -}}
+
+{{- define "minio.root.password" -}}
+  {{- if .Values.rootPassword }}
+    {{- .Values.rootPassword | toString }}
+  {{- else }}
+    {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 40 "Key" "rootPassword") }}
+  {{- end }}
+{{- end -}}

helm/minio/templates/secrets.yaml

@@ -11,8 +11,8 @@ metadata:
     heritage: {{ .Release.Service }}
 type: Opaque
 data:
-  rootUser: {{ if .Values.rootUser }}{{ .Values.rootUser | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }}
-  rootPassword: {{ if .Values.rootPassword }}{{ .Values.rootPassword | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }}
+  rootUser: {{ include "minio.root.username" . | b64enc | quote }}
+  rootPassword: {{ include "minio.root.password" . | b64enc | quote }}
   {{- if eq .Values.gateway.type "gcs" }}
   {{- if .Values.gateway.gcs.serviceAccountFile }}
   service-account-file.json: {{ .Values.gateway.gcs.serviceAccountFile | b64enc }}