davidfrickert/onechart
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SealedSecrets support

Browse Source
This commit is contained in:
Laszlo Fogas
2020-10-14 14:05:43 +02:00
parent 1f10a80af0
commit 9befa35ccb
5 changed files with 74 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
website/docs/examples/secrets.md
+27 -5
View File
@@ -1,4 +1,8 @@
OneChart can reference an existing secret:
Since secrets demand a distinct workflow, OneChart will not generate a Kubernetes `Secret` object, but can reference one.
OneChart can reference an existing Kubernetes `Secret` and it includes all entries in the deployment with the `EnvFrom` field.
The secret name must match the release name. `my-release` in this example.
```yaml
image:
@@ -24,8 +28,26 @@ EOF
helm template my-release onechart/onechart -f values.yaml
```
!!! note
### Using encrypted secret values
OneChart references an existing Kubernetes `Secret` and includes all entries in the deployment with the `EnvFrom` field.
The secret name must match the release name. `my-release` in the above example.
OneChart can be used with [Bitnami's Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets), and it generates a `SealedSecret` resource that can be stored even in git.
```yaml
image:
repository: nginx
tag: 1.19.3
sealedSecrets:
secret1: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEq...
secret2: ewogICJjcmVk...
```
Where you have to generate the encrypted values with [Sealed Secrets "raw" workflow](https://github.com/bitnami-labs/sealed-secrets#raw-mode-experimental):
```bash
echo -n my-secret-value | kubeseal \
--raw \
--from-file=/dev/stdin \
--namespace bar \
--name my-release
```