README
¶
Kubernetes Generated Secret
Kubernetes controller to easily generate random secrets inside your cluster. The project makes use of crypto/rand to generate random values.
Install
Easiest way is to add a git reference in your kustomization.yaml file.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/phillebaba/kubernetes-generated-secret//config/default
Or you can add the CRD and Deploy the controller in your cluster manually.
kustomize build config/default | kubectl apply -f -
How to use
A Secret is generated from a GeneratedSecret that configures the length, character content, and additional metadata of the secret. The GeneratedSecret is the parent of the Secret it creates, meaning that the Secret will be deleted when the GeneratedSecret is deleted.
Simple random secret
Below is all you need to generate a Secret with a random value. The name and namespace will be inherited by the created Secret. The data field in the GeneratedSecret maps to the data field in the Secret, meaning that the specified key will be created.
apiVersion: core.phillebaba.io/v1alpha1
kind: GeneratedSecret
metadata:
name: generatedsecret-sample
namespace: default
spec:
data:
- key: test
The resulting Secret will look like the one below.
apiVersion: v1
kind: Secret
metadata:
name: generatedsecret-sample
namespace: default
spec:
data:
test: <RANDOM_VALUE>
Configuration
There is an optional secretMetadata that can be set. The metadata specified will propogate to the generated Secret with the exception of the name and namespace which is inherited by the parent GeneratedSecret. Additionally the length and characters used in the secret can also be set.
apiVersion: core.phillebaba.io/v1alpha1
kind: GeneratedSecret
metadata:
name: generatedsecret-sample
spec:
secretMetadata:
labels:
app: foobar
data:
- key: test
length: 100
exclude:
- Uppercase
- Lowercase
- Numbers
- Symbols
The metadata will be propogated to the Secret.
apiVersion: v1
kind: Secret
metadata:
name: generatedsecret-sample
namespace: default
labels:
app: foobar
spec:
data:
test: <RANDOM_VALUE>
Multiple secrets
It is also possible to generate a Secret with multiple keys in it.
apiVersion: core.phillebaba.io/v1alpha1
kind: GeneratedSecret
metadata:
name: generatedsecret-sample
spec:
data:
- key: foo
length: 100
exclude:
- Uppercase
- Lowercase
- key: bar
length: 50
exclude:
- Numbers
- Symbols
Each key will receive a different random value.
apiVersion: v1
kind: Secret
metadata:
name: generatedsecret-sample
labels:
app: foobar
spec:
data:
foo: <RANDOM_VALUE_1>
bar: <RANDOM_VALUE_2>
Development
The project is setup with Kubebuilder so it is good to install it as the integration tests depend on it, follow the installation instructions.
To simplify development it helps to use a local cluster, Kind is a good example of such a tool. Given that a cluster is configured in a kubeconfig file run the following command to install the CRD.
make install
Then run the controller, the following command will run the controller binary.
make run
Or you can run the controller inside of the cluster, like you would when actually deploying it.
make deploy
Run the test rule to run the integration tests.
make test
License
This project is licensed under the MIT License - see the LICENSE file for details.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
v1alpha1
Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group +kubebuilder:object:generate=true +groupName=core.phillebaba.io
|
Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group +kubebuilder:object:generate=true +groupName=core.phillebaba.io |