search

tuenti / secrets-manager

A daemon to sync Vault secrets to Kubernetes secrets
Apache License 2.0
171 stars 26 forks source link

Provide a Helm chart for SecretsManager deployment #6

Open fllaca opened 5 years ago

fllaca commented 5 years ago

Include (inside a deployment/ folder, according to the recommendations in golang-standards/project-layout) a Helm Chart that installs SecretsManager in K8s.

TommyLike commented 4 years ago

how does this go on? Almost one year has passed

smark88 commented 4 years ago

I made my own here.

You will still need to provide your own image. Which can be over written here. 

  repository: gcr.io/broad-jade-dev/secrets-manager
  version: v1.0.2

I also created a secret creation chart here.

These are all first passes and may not include all args and env vars.

jkirkham-ratehub commented 3 years ago

I created a Helm chart for Secrets-Manager and we have been using it in production for several months without issues. https://github.com/jkirkham-ratehub/secrets-manager/tree/add_helm_chart

I can create a PR to merge this into this repo if you want. Let me know.

a-thorat commented 1 year ago

@jkirkham-ratehub @eduardogr

I created a Helm chart for Secrets-Manager and we have been using it in production for several months without issues. https://github.com/jkirkham-ratehub/secrets-manager/tree/add_helm_chart

I can create a PR to merge this into this repo if you want. Let me know.

I tried to use same steps what you used here to prepare latest chart version from tag v2.1.0. But i am facing issue after deployment, Error: Failed to render chart: exit status 1: Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(SecretDefinition): unknown field "type" in io.tuenti.secrets-manager.v1alpha1.SecretDefinition

i am preparing chart using kustomize build config/default -o /temp/ Here is generated crd file

apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: secretdefinitions.secrets-manager.tuenti.io spec: group: secrets-manager.tuenti.io names: kind: SecretDefinition listKind: SecretDefinitionList plural: secretdefinitions singular: secretdefinition scope: Namespaced versions:

Could you provide me any direction on it?

a-thorat commented 1 year ago

@jkirkham-ratehub @eduardogr

I created a Helm chart for Secrets-Manager and we have been using it in production for several months without issues. https://github.com/jkirkham-ratehub/secrets-manager/tree/add_helm_chart I can create a PR to merge this into this repo if you want. Let me know.

I tried to use same steps what you used here to prepare latest chart version from tag v2.1.0. But i am facing issue after deployment, Error: Failed to render chart: exit status 1: Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(SecretDefinition): unknown field "type" in io.tuenti.secrets-manager.v1alpha1.SecretDefinition

i am preparing chart using kustomize build config/default -o /temp/

Here is generated crd file apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: secretdefinitions.secrets-manager.tuenti.io spec: group: secrets-manager.tuenti.io names: kind: SecretDefinition listKind: SecretDefinitionList plural: secretdefinitions singular: secretdefinition scope: Namespaced versions:

  • name: v1alpha1 schema: openAPIV3Schema: description: SecretDefinition is the Schema for the secretdefinitions API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: SecretDefinitionSpec defines the desired state of SecretDefinition properties: keysMap: additionalProperties: description: DataSource represents the actual source of truth path for a secret properties: encoding: description: Encoding type for the secret. Only base64 supported. Optional type: string key: description: Key where the actual secret is stored type: string path: description: Path to the actual secret type: string required:
    • key
    • path type: object type: object name: description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file' type: string type: type: string required:
    • keysMap
    • name type: object status: description: SecretDefinitionStatus defines the observed state of SecretDefinition type: object type: object served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []

Could you provide me any direction on it?

Was able to resolve issue after removing type from SecretsDefinition file

TommyLike commented 1 year ago

@a-thorat is it related to the version of your kubernetes cluster?

a-thorat commented 1 year ago

@TommyLike

@a-thorat is it related to the version of your kubernetes cluster?

Thanks for your response. No it was not related to kubernetes cluster version. Found issue in one of SecretDefiniation file where Secret type was mentioned explicitly as Opaque. After removing it everything seems to be working.