mirror of
https://github.com/kubernetes-sigs/kustomize.git
synced 2026-06-12 01:14:22 +00:00
Add Generator Tasks to Documentation (#5368)
* Update tasks index description * Create generators folder * Update tasks/generators titles * Add rollouts placeholder * Add generate configmap from file example * Add literals and env file example * Add propogation example * Consistent punctuation * Update grammar * Clean up configmaps page * Remove examples from configMapGenerator ref page * Move secret examples to Tasks * Clean up spacing * Consolidate cm and secret * Consistent grammar * Cleanup * Address feedback * Bump date * Fix propagate spelling * Remove roll out updates section * Separate configmap and secret generator tasks * Add secret from file example * Add secret from literals example * Update tls secret example * Update task page weights * Link cm generator reference * Add link to secret reference * Remove secretGenerator example from reference section * Add configmap options task, clean up reference * Add file with key example * Secrets are base64 encoded
This commit is contained in:
Nick
158
site/content/en/docs/Tasks/secret_generator.md
Normal file
158
site/content/en/docs/Tasks/secret_generator.md
Normal file
@@ -0,0 +1,158 @@
|
||||
---
|
||||
title: "Generating Secrets"
|
||||
linkTitle: "Generating Secrets"
|
||||
weight: 2
|
||||
date: 2023-10-20
|
||||
description: >
|
||||
Working with the Secret Generator
|
||||
---
|
||||
|
||||
Secret objects can be generated by adding a [`secretGenerator`] entry to the `kustomization.yaml` file. This is similar to the [`configMapGenerator`]. Secret Resources may be generated from files and literals. It is important to note that the secrets are base64 encoded.
|
||||
|
||||
## Create Secret from a file
|
||||
|
||||
To generate a Secret Resource from a file, add an entry to [`secretGenerator`] with the filename.
|
||||
|
||||
The Secret will have data values populated from the file contents. The contents of each file will appear as a single data item in the Secret keyed by the filename.
|
||||
|
||||
The following example generates a Secret with a data item containing the contents of a file.
|
||||
|
||||
1. Create a Kustomization file.
|
||||
```yaml
|
||||
# kustomization.yaml
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
secretGenerator:
|
||||
- name: db-user-pass
|
||||
files:
|
||||
- credentials.txt
|
||||
```
|
||||
|
||||
2. Create a `credentials.txt` file.
|
||||
```yaml
|
||||
# credentials.txt
|
||||
username=admin
|
||||
password=S!B\*d$zDsb=
|
||||
```
|
||||
|
||||
3. Create the Secret using `kustomize build`.
|
||||
```bash
|
||||
kustomize build .
|
||||
```
|
||||
|
||||
The Secret manifest is generated.
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: db-user-pass-gf9bgh225c
|
||||
data:
|
||||
credentials.txt: dXNlcm5hbWU9YWRtaW4KcGFzc3dvcmQ9UyFCXCpkJHpEc2I9Cg==
|
||||
```
|
||||
|
||||
The credentials key value is base64 encoded.
|
||||
```bash
|
||||
echo "dXNlcm5hbWU9YWRtaW4KcGFzc3dvcmQ9UyFCXCpkJHpEc2I9Cg==" | base64 -d
|
||||
username=admin
|
||||
password=S!B\*d$zDsb=
|
||||
```
|
||||
|
||||
## Create Secret from literals
|
||||
|
||||
To generate a Secret Resource from literal key-value pairs, add an entry to [`secretGenerator`] with a
|
||||
list of `literals`.
|
||||
|
||||
{{< alert color="success" title="Literal Syntax" >}}
|
||||
- The key/value are separated by a `=` sign (left side is the key).
|
||||
- The value of each literal will appear as a data item in the Secret keyed by its key.
|
||||
{{< /alert >}}
|
||||
|
||||
The following example generates a Secret with two data items generated from literals.
|
||||
|
||||
1. Create a Kustomization file.
|
||||
```yaml
|
||||
# kustomization.yaml
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
secretGenerator:
|
||||
- name: db-user-pass
|
||||
literals:
|
||||
- username=admin
|
||||
- password=S!B\*d$zDsb=
|
||||
```
|
||||
|
||||
2. Create the Secret using `kustomize build`.
|
||||
```bash
|
||||
kustomize build .
|
||||
```
|
||||
|
||||
The Secret manifest is generated.
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: db-user-pass-t8d2d65755
|
||||
data:
|
||||
password: UyFCXCpkJHpEc2I9
|
||||
username: YWRtaW4=
|
||||
```
|
||||
|
||||
The credential key values are base64 encoded.
|
||||
```bash
|
||||
echo "UyFCXCpkJHpEc2I9" | base64 -d
|
||||
S!B\*d$zDsb=
|
||||
|
||||
echo "YWRtaW4=" | base64 -d
|
||||
admin
|
||||
```
|
||||
|
||||
## Create a TLS Secret
|
||||
|
||||
The following example generates a TLS Secret with certificate and private key data files.
|
||||
|
||||
1. Create a Kustomization file.
|
||||
```yaml
|
||||
# kustomization.yaml
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
secretGenerator:
|
||||
- name: app-tls
|
||||
files:
|
||||
- "tls.crt"
|
||||
- "tls.key"
|
||||
type: "kubernetes.io/tls"
|
||||
```
|
||||
|
||||
2. Create a certificate file.
|
||||
```yaml
|
||||
# tls.crt
|
||||
LS0tLS1CRUd...tCg==
|
||||
```
|
||||
|
||||
3. Create a private key file.
|
||||
```yaml
|
||||
# tls.key
|
||||
LS0tLS1CRUd...0tLQo=
|
||||
```
|
||||
|
||||
4. Create the Secret using `kustomize build`.
|
||||
```bash
|
||||
kustomize build .
|
||||
```
|
||||
|
||||
The Secret manifest is generated. The data key values are base64 encoded.
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: kubernetes.io/tls
|
||||
metadata:
|
||||
name: app-tls-c888dfbhf8
|
||||
data:
|
||||
tls.crt: TFMwdExTMUNSVWQuLi50Q2c9PQ==
|
||||
tls.key: TFMwdExTMUNSVWQuLi4wdExRbz0=
|
||||
```
|
||||
|
||||
[`secretGenerator`]: /docs/reference/api/kustomization-file/secretgenerator/
|
||||
[`configMapGenerator`]: /docs/reference/api/kustomization-file/configmapgenerator/
|
||||
Reference in New Issue
Block a user