Skip to content

Commit 4d23724

Browse files
ayuskauskasayuskauskas
authored
docs: add guide for providing secrets to packages (#50)
* docs: add guide for providing secrets to packages * fix: spacing in doc
1 parent 997282f commit 4d23724

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

docs/providing_secrets_to_packages.md

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
# How-To: Provide secrets to packages
2+
3+
Some packages require the use of secret information to accomplish their work. This is often passwords or api keys with examples such as connecting to a private repository or mounting an authenticate nfs share. Currently, the is no mechanism for the Operator to fetch secrets and inject them into your package's container. Instead we recommend using the native Kubernetes tooling to do so. At a high level you will need to do the following:
4+
5+
1. Setup a Kubernetes secret with the information you need.
6+
2. Set a package's environment definition to source from the secret
7+
3. Use the environment variables in the step scripts to do work.
8+
9+
## [Setup a Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/)
10+
11+
There are many ways to do this the details of which are outside the scope of this document. Some examples are:
12+
* [Use vault to manage secrets](https://developer.hashicorp.com/vault/tutorials/kubernetes/vault-secrets-operator)
13+
* Manually create a secret
14+
15+
## Set a package's environment definition to source from the secret
16+
17+
The `env` section of a package is passed directly to the pod definition when running the package. [Therefore anything you would set in kubernetes yaml you can set here.](https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/) Which means it can be:
18+
19+
A direct key/value:
20+
```yaml
21+
env:
22+
- name: FOO
23+
value: bar
24+
```
25+
26+
Set the value for an enviroment variable from a secret
27+
```yaml
28+
env:
29+
- name: DB_PASSWORD
30+
valueFrom:
31+
secretKeyRef:
32+
name: postgres-db-password
33+
key: db-password
34+
```
35+
36+
## Use the environment variables in the step scripts to do work.
37+
38+
Using the example above a script to query the database would be:
39+
```bash
40+
#!/bin/bash
41+
42+
echo "select count(*) from app.users;" | PGPASSWORD=${DB_PASSWORD} psql -h ${DB_HOST} -U ${DB_USER} -d ${DB_NAME}
43+
```
44+

0 commit comments

Comments
 (0)