CloudSQLProxy: Additional property secret is not allowed

[archonic]

I'm attempting to create a cloudsql proxy using kedge. I'd like to follow this as closely as possible:

https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine#6_update_your_pod_configuration_file

This is my kedgefile for the proxy:

# cloudsqlproxy.yaml
name: cloudsqlproxy

deployments:
- containers:
  - name: cloudsqlproxy
    image: gcr.io/cloudsql-docker/gce-proxy:1.09
    command: ["/cloud_sql_proxy", "--dir=/cloudsql",
              "-instances=project-name:region:db=tcp:3306",
              "-credential_file=/secrets/cloudsql/credentials.json"]
    env:
    - name: DB_USER
      valueFrom:
        secretKeyRef:
          name: cloudsql-db-credentials
          key: username
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: cloudsql-db-credentials
          key: password

    volumeMounts:
      - name: cloudsql-instance-credentials
        mountPath: /secrets/cloudsql
        readOnly: true

volumeClaims:
  - name: cloudsql-instance-credentials
    secret:
      secretName: cloudsql-instance-credentials

This is causing:

The kedgefile is not valid. see errors :
secret: Additional property secret is not allowed

I know the features around secrets are a planned enhancement, but is there a kosher way to handle cloudsql-proxies currently with kedge?

[concaf]

@archonic I'm not sure if volumeClaims takes in secret as a possible key. You'll need to specify the secret to mount in the PodSpec itslef -

  volumes:
  - name: foo
    secret:
      secretName: mysecret

Something like -

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mypod
    image: redis
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret