One-line enhancement description (can be used as a release note): Kustomize Exec Secret Generator
Kubernetes Enhancement Proposal:
The ability to generate Secrets using `exec` was removed in kustomize v2 because of security concerns
about users kustomizing malicious `kustomization.yaml`s and thereby providing a path for `kustomization.yaml`'s
publishers to execute arbitrary commands on the machines of any user who applies the `kustomization.yaml`.
Example goal to enable:
- Alice wants to develop an Application requiring a shared Secret, and to deploy it on Kubernetes using GitOps
- Alice wants her GitOps deployment mechanism to pull the Secrets that it deploys from an
remote source without writing the Secrets as files to local disk.
- Alice's organization configures the gitops deployment container to run Kustomize in the cluster
and be capable of pulling Secrets from remote locations
- Alice writes her kustomization.yaml to use the generation options configured by her organization.
Example exploit to avoid:
- Alice wants to run a whitebox mysql instance on a test cluster
- Chuck publishes a whitebox mysql `kustomization.yaml` on GitHub, with a SecretGenerator
that will read Alice's ~/.kube/config and send it to Chuck's server by executing `sh`
will run a script to generate some Secret
- Alice runs `kubectl apply -k https://github.com/chuck/mysql` and has the credentials
of all of her Kubernetes clusters sent to Chuck when the Secret is generated.
See [kubernetes-sigs/kustomize#692](https://github.com/kubernetes-sigs/kustomize/issues/692) for more details.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.