Skip to content
This repository has been archived by the owner on Jul 5, 2021. It is now read-only.

Support different formats/templates for secret targets #127

Open
knelasevero opened this issue Nov 4, 2020 · 0 comments
Open

Support different formats/templates for secret targets #127

knelasevero opened this issue Nov 4, 2020 · 0 comments
Labels
controllers CRD enhancement New feature or request

Comments

@knelasevero
Copy link
Contributor

knelasevero commented Nov 4, 2020
edited
Loading

Describe the solution you'd like
Having the ability to define a template to be used to produce a specific type of secret. Like:

Builtin Type Usage
Opaque arbitrary user-defined data
kubernetes.io/service-account-token service account token
kubernetes.io/dockercfg serialized ~/.dockercfg file
kubernetes.io/dockerconfigjson serialized ~/.docker/config.json file
kubernetes.io/basic-auth credentials for basic authentication
kubernetes.io/ssh-auth credentials for SSH authentication
kubernetes.io/tls data for a TLS client or server
bootstrap.kubernetes.io/token bootstrap token data

What is the added value?
More flexibility with the generated secrets. Users can just use what aligns with their use case.

Give us examples of the outcome

This comes from the common CRD proposal as well so it would be defined like this in the ExternalSecret:

  target:
    name: my-secret
    template:
      type: kubernetes.io/TLS
  data:
    tls.crt:
      key: /corp.org/dev/certs/ingress
      property: pubcert
      version: latest
    tls.key:
      key: /corp.org/dev/certs/ingress
      property: privkey
      version: latest

This would generate:

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: kubernetes.io/tls
data:
  # the data is abbreviated in this example
  tls.crt: |
    MIIC2DCCAcCgAwIBAgIBATANBgkqh ...
  tls.key: |
    MIIEpgIBAAKCAQEA7yn3bRHQ5FHMQ ...

Observations (Constraints, Context, etc):
@knelasevero knelasevero added CRD enhancement New feature or request controllers labels Nov 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
controllers CRD enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@knelasevero