From b5c26ce1a9f26f43f43deac57dc1ef54e244d612 Mon Sep 17 00:00:00 2001 From: Shibly Meeran Date: Thu, 4 Apr 2024 19:56:50 +0530 Subject: [PATCH] updating sample secret name to k8s standard lowercase name --- k8s/README.md | 10 +++++----- k8s/deploy/job.yaml | 28 ++++++++++++++-------------- k8s/deploy/operator.yaml | 18 ++++++------------ 3 files changed, 25 insertions(+), 31 deletions(-) diff --git a/k8s/README.md b/k8s/README.md index efe2893..7743dde 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -20,7 +20,7 @@ The following example shows how it is achieved using the operator. ```sh kubectl create ns slv # Disclaimer: The below secret key is only for demonstration purposes. Please avoid using it in production. -kubectl create secret generic SLV -n slv --from-literal=SecretKey=SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ +kubectl create secret generic slv -n slv --from-literal=SecretKey=SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ ``` - Install the SLV Kubernetes Operator into your cluster (modify the values in the yaml file based on your requirement) ```sh @@ -57,7 +57,7 @@ The following example shows how SLV objects are reconciled to secrets using the ```sh kubectl create ns samplespace # Disclaimer: The below secret key is only for demonstration purposes. Please avoid using it in production. -kubectl create secret generic SLV -n samplespace --from-literal=SecretKey=SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ +kubectl create secret generic slv -n samplespace --from-literal=SecretKey=SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ ``` - Download this vault and keep it locally ```sh @@ -73,12 +73,12 @@ kubectl apply -f https://oss.amagi.com/slv/k8s/samples/deploy/job.yaml -n sample ``` - Try reading the processed secret ```sh -kubectl get secret pets -o jsonpath='{.data.mycat}' | base64 --decode +kubectl get secret pets -o jsonpath='{.data.mycat}' -n samplespace | base64 --decode ``` - Add any secret value using the following command and apply again ```sh slv vault secret put -v pets.slv.yaml -n hi --secret "Hello World" -kubectl apply -f pets.slv.yaml +kubectl apply -f pets.slv.yaml -n samplespace ``` - Run the job again ```sh @@ -86,5 +86,5 @@ kubectl apply -f https://oss.amagi.com/slv/k8s/samples/deploy/job.yaml -n sample ``` - Try again by reading the updated secret ```sh -kubectl get secret pets -o jsonpath='{.data.hi}' | base64 --decode +kubectl get secret pets -o jsonpath='{.data.hi}' -n samplespace | base64 --decode ``` diff --git a/k8s/deploy/job.yaml b/k8s/deploy/job.yaml index 2f55d9e..e51f87d 100644 --- a/k8s/deploy/job.yaml +++ b/k8s/deploy/job.yaml @@ -2,14 +2,14 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: slv-job + name: slv-k8s-job automountServiceAccountToken: true --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: slv-job-role + name: slv-k8s-job-role rules: - apiGroups: ["slv.oss.amagi.com"] resources: ["slvs"] # plural of SLV CRD @@ -29,25 +29,25 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: slv-job-rolebinding + name: slv-k8s-job-rolebinding subjects: - kind: ServiceAccount - name: slv-job + name: slv-k8s-job roleRef: kind: Role - name: slv-job-role + name: slv-k8s-job-role apiGroup: rbac.authorization.k8s.io --- apiVersion: batch/v1 kind: Job metadata: - name: slv-job + name: slv-k8s-job spec: ttlSecondsAfterFinished: 0 template: metadata: - name: slv-job + name: slv-k8s-job spec: containers: - name: slv-k8s-job @@ -57,16 +57,16 @@ spec: cpu: "1" # 1 vCPU should be sufficient memory: "500Mi" # 500Mi of memory should be a sufficient for most cases. If you large vaults or large number of them, you may need to increase this. env: - - name: SLV_ENV_SECRET_BINDING - valueFrom: # SLV Environment Secret Binding from K8s ConfigMap - configMapKeyRef: - name: SLV # Name of K8s ConfigMap - key: SecretBinding # Key within K8s ConfigMap - name: SLV_ENV_SECRET_KEY valueFrom: # SLV Environment Secret Key from K8s Secret secretKeyRef: - name: SLV # Name of K8s Secret + name: slv # Name of K8s Secret key: SecretKey # Key within K8s Secret + # - name: SLV_ENV_SECRET_BINDING + # valueFrom: # SLV Environment Secret Binding from K8s ConfigMap + # configMapKeyRef: + # name: slv # Name of K8s ConfigMap + # key: SecretBinding # Key within K8s ConfigMap restartPolicy: Never - serviceAccountName: slv-job + serviceAccountName: slv-k8s-job backoffLimit: 4 diff --git a/k8s/deploy/operator.yaml b/k8s/deploy/operator.yaml index f9b1b2b..a031e75 100644 --- a/k8s/deploy/operator.yaml +++ b/k8s/deploy/operator.yaml @@ -1,9 +1,3 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: slv - --- apiVersion: v1 kind: ServiceAccount @@ -75,13 +69,13 @@ spec: cpu: "1" # 1 vCPU should be sufficient memory: "500Mi" # 500Mi of memory should be a sufficient for most cases. If you large vaults or large number of them, you may need to increase this. env: - - name: SLV_ENV_SECRET_BINDING - valueFrom: # SLV Environment Secret Binding from K8s ConfigMap - configMapKeyRef: - name: SLV # Name of K8s ConfigMap - key: SecretBinding # Key within K8s ConfigMap - name: SLV_ENV_SECRET_KEY valueFrom: # SLV Environment Secret Key from K8s Secret secretKeyRef: - name: SLV # Name of K8s Secret + name: slv # Name of K8s Secret key: SecretKey # Key within K8s Secret + # - name: SLV_ENV_SECRET_BINDING + # valueFrom: # SLV Environment Secret Binding from K8s ConfigMap + # configMapKeyRef: + # name: slv # Name of K8s ConfigMap + # key: SecretBinding # Key within K8s ConfigMap