search

FairwindsOps / rok8s-scripts

Opinionated scripts for managing application deployment lifecycle in Kubernetes
https://fairwinds.com
Apache License 2.0
299 stars 76 forks source link

External secrets create multiple secrets in k8s #388

Open mariusv opened 3 years ago

mariusv commented 3 years ago

Heya,

If one needs to create multiple Kubernetes secrets from AWS Secrets Manager (for example) can't do it as for now the rok8s-scripts will just pull all secrets in AWS_SECRETS and merge them in the EXTERNAL_SECRETS_K8S_NAME which will create the Kubernetes secret.

Would be nice to have this option to create multiple k8s secrets from specific AWS/GCP secrets manager.

For now the workaround is to create one secret in k8s and then selectively mount or use the keys as needed.

For example:

  volumes:
  - name: foo
    secret:
      secretName: mysecret
      items:
      - key: username
        path: my-group/my-username
stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

gaspo53 commented 2 years ago

Hey! Do you have an example on how to use AWS_SECRETS with get-secrets? I just need to inject a value from a secret for the template rendering (I don't need to create kubernetes secrets, just read AWS ones).

Thanks!

sudermanjr commented 2 years ago

I don't believe we support that particular use-case with rok8s scripts. You would likely need to retrieve that from AWS before running rok8s.