Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
V
vault-secret-syncer
Manage
Activity
Members
Labels
Plan
Issues
1
Issue boards
Milestones
Wiki
Jira
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
IT Common Platform
tenant-support
helm-charts
vault-secret-syncer
Commits
232a8c15
Commit
232a8c15
authored
2 years ago
by
Joshua David Akers
Browse files
Options
Downloads
Plain Diff
Merge branch 'generic-secret' into 'main'
Generic secret See merge request
!4
parents
c46042d0
69b8e212
Branches
Branches containing commit
Tags
Tags containing commit
1 merge request
!4
Generic secret
Pipeline
#559401
passed with stages
Stage:
Stage:
in 15 seconds
Changes
5
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
.gitlab-ci.yml
+15
-8
15 additions, 8 deletions
.gitlab-ci.yml
Chart.yaml
+1
-1
1 addition, 1 deletion
Chart.yaml
files/script.sh
+23
-0
23 additions, 0 deletions
files/script.sh
templates/_helpers.tpl
+2
-0
2 additions, 0 deletions
templates/_helpers.tpl
values.yaml
+8
-1
8 additions, 1 deletion
values.yaml
with
49 additions
and
10 deletions
.gitlab-ci.yml
+
15
−
8
View file @
232a8c15
...
...
@@ -4,7 +4,7 @@ stages:
Lint chart
:
stage
:
validate
image
:
image
:
name
:
alpine/helm
entrypoint
:
[
"
"
]
script
:
...
...
@@ -15,13 +15,20 @@ Deploy chart:
image
:
name
:
alpine/helm
entrypoint
:
[
"
"
]
rules
:
-
if
:
'
$CI_COMMIT_BRANCH
&&
$CI_COMMIT_BRANCH
==
$CI_DEFAULT_BRANCH'
changes
:
-
Chart.yaml
before_script
:
-
apk add curl
variables
:
# Path in the repo that the helm chart is located
HELM_CHART_LOCATION
:
"
."
script
:
-
helm package .
-
FILENAME=$(find . -type f -name "vault-secret*.tgz")
-
'
curl
--request
POST
--user
gitlab-ci-token:$CI_JOB_TOKEN
--form
"chart=@${FILENAME}"
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/stable/charts"'
-
|
set -ex
helm package $HELM_CHART_LOCATION
FILENAME=$(find . -type f -name "*.tgz")
ls -l $FILENAME
if [ $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH ]; then \
CHANNEL=stable
else
CHANNEL=${CI_COMMIT_BRANCH}
fi
curl --request POST --user gitlab-ci-token:$CI_JOB_TOKEN --form "chart=@${FILENAME}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/${CHANNEL}/charts"
This diff is collapsed.
Click to expand it.
Chart.yaml
+
1
−
1
View file @
232a8c15
...
...
@@ -3,5 +3,5 @@ name: vault-secret-syncer
description
:
A Helm chart that syncs secrets from Vault into Kubernetes
type
:
application
version
:
0.4.1
version
:
0.4.1
8
appVersion
:
"
1.16.0"
This diff is collapsed.
Click to expand it.
files/script.sh
+
23
−
0
View file @
232a8c15
...
...
@@ -65,6 +65,29 @@ if [ $SECRET_TYPE == "kubernetes.io/dockercfg" ]; then
--docker-username
=
$USERNAME
\
--docker-password
=
$PASSWORD
\
--docker-email
=
""
elif
[
$SECRET_TYPE
==
"generic"
]
;
then
set
-x
if
[
"
$SECRET_KEY
"
==
""
]
;
then
echo
"Error: No SECRET_KEY specified"
exit
1
fi
# Static secrets have a different path from other secrets
if
[
$(
echo
$VAULT_SECRET
|
grep
-c
'/static-creds/'
)
-ne
0
]
;
then
SECRET_VALUE
=
$(
echo
$SECRET
| jq
-r
".data.
${
SECRET_KEY
}
"
)
else
SECRET_VALUE
=
$(
echo
$SECRET
| jq
-r
".data.data.
${
SECRET_KEY
}
"
)
fi
echo
"- Deleting any existing secret (since upgrading isn't possible via kubectl)"
kubectl delete secret
$K8S_SECRET_NAME
||
true
echo
"- Defining new secret"
kubectl create secret generic
$K8S_SECRET_NAME
\
--from-literal
=
${
SECRET_KEY
}
=
${
SECRET_VALUE
}
\
else
echo
"Secret type (
${
SECRET_TYPE
}
) is currently unsupported"
exit
1
...
...
This diff is collapsed.
Click to expand it.
templates/_helpers.tpl
+
2
−
0
View file @
232a8c15
...
...
@@ -84,6 +84,8 @@ spec:
value: {{ .Values.vault.secret.path }}
- name: USERNAME_KEY
value: {{ .Values.vault.secret.usernameKey }}
- name: SECRET_KEY
value: {{ .Values.vault.secret.secretKey }}
- name: PASSWORD_KEY
value: {{ .Values.vault.secret.passwordKey }}
- name: REGISTRY_URL
...
...
This diff is collapsed.
Click to expand it.
values.yaml
+
8
−
1
View file @
232a8c15
...
...
@@ -22,16 +22,23 @@ vault:
# The Vault role the Job should assume/authenticate as
role
:
"
"
secret
:
secret
:
# The secret path to load data from (eg, path/to/secret)
path
:
"
"
## When secret.type == 'kubernetes.io/dockercfg' (Default)
#
# The key within the Vault secret that contains the username for registry auth
usernameKey
:
username
# The key within the Vault secret that contains the password for registry auth
passwordKey
:
password
## When secret.type == 'generic'
#
# The key within the Vault secret that contains the generic secret.
secretKey
:
"
password"
secret
:
# The type of Kubernetes secret to create. Defaults to a Docker registry secret
type
:
kubernetes.io/dockercfg
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment