updating sample secret name to k8s standard lowercase name

amagioss · Apr 4, 2024 · b5c26ce · b5c26ce
1 parent 54dee5e
commit b5c26ce
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 31 deletions.
diff --git a/k8s/README.md b/k8s/README.md
@@ -20,7 +20,7 @@ The following example shows how it is achieved using the operator.
 ```sh
 kubectl create ns slv
 # Disclaimer: The below secret key is only for demonstration purposes. Please avoid using it in production.
-kubectl create secret generic SLV -n slv --from-literal=SecretKey=SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ
+kubectl create secret generic slv -n slv --from-literal=SecretKey=SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ
 ```
 - Install the SLV Kubernetes Operator into your cluster (modify the values in the yaml file based on your requirement)
 ```sh
@@ -57,7 +57,7 @@ The following example shows how SLV objects are reconciled to secrets using the
 ```sh
 kubectl create ns samplespace
 # Disclaimer: The below secret key is only for demonstration purposes. Please avoid using it in production.
-kubectl create secret generic SLV -n samplespace --from-literal=SecretKey=SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ
+kubectl create secret generic slv -n samplespace --from-literal=SecretKey=SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ
 ```
 - Download this vault and keep it locally
 ```sh
@@ -73,18 +73,18 @@ kubectl apply -f https://oss.amagi.com/slv/k8s/samples/deploy/job.yaml -n sample
 ```
 - Try reading the processed secret
 ```sh
-kubectl get secret pets -o jsonpath='{.data.mycat}' | base64 --decode
+kubectl get secret pets -o jsonpath='{.data.mycat}' -n samplespace | base64 --decode
 ```
 - Add any secret value using the following command and apply again
 ```sh
 slv vault secret put -v pets.slv.yaml -n hi --secret "Hello World"
-kubectl apply -f pets.slv.yaml
+kubectl apply -f pets.slv.yaml -n samplespace
 ```
 - Run the job again
 ```sh
 kubectl apply -f https://oss.amagi.com/slv/k8s/samples/deploy/job.yaml -n samplespace
 ```
 - Try again by reading the updated secret
 ```sh
-kubectl get secret pets -o jsonpath='{.data.hi}' | base64 --decode
+kubectl get secret pets -o jsonpath='{.data.hi}' -n samplespace | base64 --decode
 ```
diff --git a/k8s/deploy/job.yaml b/k8s/deploy/job.yaml
@@ -2,14 +2,14 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: slv-job
+  name: slv-k8s-job
 automountServiceAccountToken: true
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: slv-job-role
+  name: slv-k8s-job-role
 rules:
   - apiGroups: ["slv.oss.amagi.com"]
     resources: ["slvs"]  # plural of SLV CRD
@@ -29,25 +29,25 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: slv-job-rolebinding
+  name: slv-k8s-job-rolebinding
 subjects:
 - kind: ServiceAccount
-  name: slv-job
+  name: slv-k8s-job
 roleRef:
   kind: Role
-  name: slv-job-role
+  name: slv-k8s-job-role
   apiGroup: rbac.authorization.k8s.io
 
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name:  slv-job
+  name:  slv-k8s-job
 spec:
   ttlSecondsAfterFinished: 0
   template:
     metadata:
-      name: slv-job
+      name: slv-k8s-job
     spec:
       containers:
         - name: slv-k8s-job
@@ -57,16 +57,16 @@ spec:
               cpu: "1" # 1 vCPU should be sufficient
               memory: "500Mi" # 500Mi of memory should be a sufficient for most cases. If you large vaults or large number of them, you may need to increase this.
           env:
-            - name: SLV_ENV_SECRET_BINDING
-              valueFrom: # SLV Environment Secret Binding from K8s ConfigMap
-                configMapKeyRef:
-                  name: SLV # Name of K8s ConfigMap
-                  key: SecretBinding  # Key within K8s ConfigMap
             - name: SLV_ENV_SECRET_KEY
               valueFrom: # SLV Environment Secret Key from K8s Secret
                 secretKeyRef:
-                  name: SLV # Name of K8s Secret
+                  name: slv # Name of K8s Secret
                   key: SecretKey  # Key within K8s Secret
+            # - name: SLV_ENV_SECRET_BINDING
+            #   valueFrom: # SLV Environment Secret Binding from K8s ConfigMap
+            #     configMapKeyRef:
+            #       name: slv # Name of K8s ConfigMap
+            #       key: SecretBinding  # Key within K8s ConfigMap
       restartPolicy: Never
-      serviceAccountName: slv-job
+      serviceAccountName: slv-k8s-job
   backoffLimit: 4
diff --git a/k8s/deploy/operator.yaml b/k8s/deploy/operator.yaml
@@ -1,9 +1,3 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: slv
-
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -75,13 +69,13 @@ spec:
             cpu: "1" # 1 vCPU should be sufficient
             memory: "500Mi" # 500Mi of memory should be a sufficient for most cases. If you large vaults or large number of them, you may need to increase this.
         env:
-          - name: SLV_ENV_SECRET_BINDING
-            valueFrom: # SLV Environment Secret Binding from K8s ConfigMap
-              configMapKeyRef:
-                name: SLV # Name of K8s ConfigMap
-                key: SecretBinding  # Key within K8s ConfigMap
           - name: SLV_ENV_SECRET_KEY
             valueFrom: # SLV Environment Secret Key from K8s Secret
               secretKeyRef:
-                name: SLV # Name of K8s Secret
+                name: slv # Name of K8s Secret
                 key: SecretKey  # Key within K8s Secret
+          # - name: SLV_ENV_SECRET_BINDING
+          #   valueFrom: # SLV Environment Secret Binding from K8s ConfigMap
+          #     configMapKeyRef:
+          #       name: slv # Name of K8s ConfigMap
+          #       key: SecretBinding  # Key within K8s ConfigMap