-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm plugin #4
Comments
Does this mean you are wanting helm to be able to run kubesec and decrypt the data before using it in the chart? |
Yep. |
Cool! I am also looking for a tool to integrate with helm. One such tool is helm-secrets, I haven't used it though. Would you be aiming for some different functionality? |
futuresimple/helm-secrets looks interesting but not quite what I have in mind.
|
OK I just tested out helm-secrets. TBH I think it's too complicated. It encrypts all the values in the secret file:
I find the documentation difficult to understand. I still don't understand the file layout. Please update this issue with any progress! |
I might also have a use-case for kubesec + Helm soon. Have you guys been doing any work towards a plugin yet that I might check out or contribute to ? |
I persisted with helm-secrets, now I get the kinda rigid file naming and layout. It works pretty well once you understand this and we are now using it extensively. I'm still keen to see a kubesec helm plugin though. |
@philicious no plugin yet I'm afraid (we're not using Helm and so it's hard to justify making it a priority (at least not until Helm 3 is out)). BUT. There is nothing stopping you from using kubesec with Helm: ~/chart$ ls
templates/ .helmignore Chart.yaml values.yaml secret.enc.yaml ...
~/chart$ cat secret.enc.yaml
apiVersion: v1
kind: Secret
metadata:
name: helloworld
labels:
app: helloworld
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
KEY: TUFkWD1iuKs=.O....D...=
ANOTHER_KEY: iOy1nf90+M6FrrEIoymN6cOSUYM=.E...=.q...=
# kubesec:v:3
# ...
# kubesec:mac:G5phaA8VV84refpV.idjQQUHj3LS0NJXFZFaCeQ==
~/chart$ grep secret .helmignore
templates/secret.yaml
~/chart$ kubesec decrypt secret.enc.yaml -o templates/secret.yaml
~/chart$ helm install . |
I'm actually using this with kustomize. |
@shyiko while I've been using kubesec alot in the past and think its great and feels more lightweight than https://github.com/futuresimple/helm-secrets , I encountered a scenario where its just not an option and I wanted to share my thoughts and findings: https://github.com/roboll/helmfile is a popular and great way to orchestrate/manage multiple Helm charts and their values. It can also handle secrets and for decryption uses helm-secrets by calling
|
I agree. The workflow with secrets and multiple charts when using helmfile, helmdiff and helm-secrets is really nice. Kinda like Terraform. |
No description provided.
The text was updated successfully, but these errors were encountered: