Skip to content
This repository has been archived by the owner on Oct 3, 2019. It is now read-only.

use secrets instead of env variables for, ehm, secrets #19

Open
durandom opened this issue Oct 12, 2018 · 2 comments
Open

use secrets instead of env variables for, ehm, secrets #19

durandom opened this issue Oct 12, 2018 · 2 comments

Comments

@durandom
Copy link
Member

let's add support for using oc create secret for storing the access keys.
supplying one via env variable should still be possible and take precedence over a mounted secret

@tumido
Copy link
Member

tumido commented Oct 12, 2018

I'm already using secrets for our pipeline... I think in future you might not care about this at all, since the data would be streamed directly to the service, but for now, you can try to incorporate this:

We have a secret defined as:

kind: Template
apiVersion: v1
metadata:
  name: aiops-pipeline
parameters:
- name: AWS_KEY
  required: true
- name: AWS_SECRET
  required: true
objects:

# GLOBAL OBJECTS
- kind: Secret
  apiVersion: v1
  metadata:
    name: aiops-secrets
    type: Opaque
  stringData:
    aws_key: "${AWS_KEY}"
    aws_secret: "${AWS_SECRET}"

# SERVICE SPECIFIC STUFF
...
- kind: DeploymentConfig
  apiVersion: v1
   ...
  spec:
    ...
    template:
      ...
      spec:
        containers:
        - env:
          - name: AWS_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: aiops-secrets
                key: aws_key
          - name: AWS_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: aiops-secrets
                key: aws_secre
...

@tumido
Copy link
Member

tumido commented Oct 12, 2018

I've uploaded the deployment configs to a new repository https://github.com/tumido/aiops-deploy

You should be able to use the globals template and use the same secrets as we do :)
https://github.com/tumido/aiops-deploy/blob/master/globals-template.yaml

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants