stackoom
  简体   繁体   中英

How to use kubernetes sealed secrets with helm templates

 原文  2021-10-14 03:56:52       kubernetes/ kubernetes-helm/ kubernetes-secrets

Question

I just came across the sealed secrets tool https://github.com/bitnami-labs/sealed-secrets for encrypting secrets in kubernetes with added benefits of being able to commit those to git

I am a bit disappointed that such a great tool did not address helm templates by default or as part of the official documentation. I mean for a tool like that, i am not sure if the developers thought of the different ways people use secrets in which helm charts is a great way where we use values template files for different environment.

Anyways here is my setup

secrets.yaml

---
apiVersion: v1
kind: Secret
metadata:
  name: demo-app
type: Opaque
data:
  ENV1: "{{ .Values.ENV1 | b64enc }}"
  ENV2: "{{ .Values.ENV2 | b64enc }}"
  ENV3: "{{ .Values.ENV3 | b64enc }}"

here are the values template files for DEV and PROD for example

values-dev.yaml

demo-app:
  name: demo-app
  replicaCount: 1
  image:
    repository: example/demo-app
    tag: latest
    pullPolicy: Always


# secrets
ENV1: 'dev_4rlmerl4om3o'
ENV2: 'dev_eom4om4odl4o'
ENV3: 'dev_38hdineoij4oj3onod4ncen3eiixnknnkejnslrmnomntrcoenkc'

values-prod.yaml

demo-app:
  name: demo-app
  replicaCount: 1
  image:
    repository: example/demo-app
    tag: 1.0.0
    pullPolicy: Always


# secrets
ENV1: 'prod_4rlmerl4om3o'
ENV2: 'prod_eom4om4odl4o'
ENV3: 'prod_38hdineoij4oj3onod4ncen3eiixnknnkejnslrmnomntrcoenkc'

Here is how i deploy the application

DEV

helm upgrade --install demo-app-dev --namespace team1 -f values-dev.yaml .

PROD

helm upgrade --install demo-app-prod --namespace team1 -f values-prod.yaml .

I am trying to use sealed secrets with this scenario but not able to figure out how to without changing my whole structure completely.

2 answers

solution1
 0  2022-01-19 03:28:05

you can generate the values_{ENV}.yaml dynamically rather you maintain it and you can delete after the deployments. So next CICD/build will generate for different apps the same

solution2
 0  2022-01-19 04:27:07

If you want to use sealed secret with helm, you need to update the helm chart and create one new YAML template

apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  name: mysecret
  namespace: mynamespace
spec:
  encryptedData:
    foo: "{{ .Values.ENV1 }}"

so the template will create the sealed secret from values.yaml and K8s secret will get auto-created as mentioned in the documentation of the sealed secrets.

For a different environment, you can generate the values_{ENV}.yaml file. use it as you are doing now with values-dev.yaml and values-prod.yaml

https://github.com/bitnami-labs/sealed-secrets#overview

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How not to overwrite randomly generated secrets in Helm templates How to reference kubernetes secrets in helm chart? How to loop different templates in Helm for Kubernetes? mount secrets for jupyterhub on kubernetes with Helm helm values from kubernetes secrets? Unable to deploy Kubernetes secrets using Helm Mounting AWS Secrets Manager on Kubernetes/Helm chart How to Make Use of Kubernetes Secrets in Bash Script How to make existing configmaps use kubernetes secrets How to use kubernetes secrets in nodejs application?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM