Motivation
I had to code a SecretProviderClass in order to use the AWS Parameter Store. So It would be nice to have a render that simplifies that task.
Content
SecretProviderClass
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
name: {{ .Release.Name }}-spc-ssm
spec:
provider: aws
secretObjects:
- secretName: {{ .Release.Name }}-scm
type: Opaque
data:
{{ range $key,$value := .Values.secretsData }}
- objectName: {{ $value | replace "." "_" }}
key: {{ $key }}
{{ end }}
parameters:
objects: |
{{ range $value := .Values.secretsData }}
- objectName: {{ $value | quote }}
objectType: "ssmparameter"
region: "eu-west-1"
objectAlias: {{ $value | quote | replace "." "_" }}
{{ end }}
Values
secretsData:
mongo_uri: consumidoriot.pro.mongo_uri
rabbit_password: consumidoriot.pro.rabbit_password
mail_password: consumidoriot.pro.mail_password
Output
# Source: consumidor/templates/secretprovider.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
name: RELEASE-NAME-spc-ssm
spec:
provider: aws
secretObjects:
- secretName: RELEASE-NAME-scm
type: Opaque
data:
- objectName: consumidoriot_pro_mail_password
key: mail_password
- objectName: consumidoriot_pro_mongo_uri
key: mongo_uri
- objectName: consumidoriot_pro_rabbit_password
key: rabbit_password
parameters:
objects: |
- objectName: "consumidoriot.pro.mail_password"
objectType: "ssmparameter"
region: "eu-west-1"
objectAlias: "consumidoriot_pro_mail_password"
- objectName: "consumidoriot.pro.mongo_uri"
objectType: "ssmparameter"
region: "eu-west-1"
objectAlias: "consumidoriot_pro_mongo_uri"
- objectName: "consumidoriot.pro.rabbit_password"
objectType: "ssmparameter"
region: "eu-west-1"
objectAlias: "consumidoriot_pro_rabbit_password"
Motivation
I had to code a SecretProviderClass in order to use the AWS Parameter Store. So It would be nice to have a render that simplifies that task.
Content
SecretProviderClass
Values
Output