cmattoon / aws-ssm

Populates Kubernetes Secrets from AWS Parameter Store
https://hub.docker.com/r/cmattoon/aws-ssm/
Apache License 2.0
168 stars 32 forks source link

Option to sync to ConfigMaps as well as Secrets #32

Open tdmalone opened 5 years ago

tdmalone commented 5 years ago

Hi there,

Thank you for putting this tool together - it's incredibly helpful and works great!

I'm syncing multiple parameters from SSM, some are 'secret' and some are just plain configuration data. To keep things semantically correct, I'd ideally like to sync the plain config data to a ConfigMap instead of a secret.

I'm fairly new to Kubernetes but my understanding at the moment is that ConfigMaps and Secrets are almost the same (Secrets are just base64 encoded for now and may have encryption features added in future). I'm wondering therefore whether it might be possible for this tool to also sync ConfigMap resources, using pretty much the same annotations?

cmattoon commented 5 years ago

I've actually been considering this, perhaps as part of a separate tool, maybe in conjunction with some code from dir2cm to load files from S3 into ConfigMaps.

You're right - they're roughly the same in the ways they're defined and used, with Secrets having . In theory, it could easily sync to ConfigMaps too; it just explicitly interacts with Secrets right now.

I'm currently refactoring this in Lambda (and starting a new job) so I might not get to this for a while, but feel free to send a PR.

tdmalone commented 5 years ago

No worries - I haven’t written Go before, but this is probably a good place to start; I’ll try to get around to doing a PR (if no-one else does in the meantime).

Congrats on the new job!

tdmalone commented 5 years ago

Ok - I got this working on my fork:

https://github.com/cmattoon/aws-ssm/compare/master...tdmalone:master

Fair warning - I'm not a Go programmer. I almost literally copied and pasted the Secret configuration and did a find/replace.

It's working on my test cluster though!

I suspect for a PR you will want a much better job done with much less repetition; I wouldn't know how to go about that in Go but hopefully this helps anyone else who might want to use ConfigMaps in the meantime.

(Docker build also available at tdmalone/aws-ssm:latest, tracking my fork's master)

wallentx commented 4 years ago

If this could be included, this would be amazing.