-
Notifications
You must be signed in to change notification settings - Fork 738
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for secrets #296
Comments
Docker does not yet have a concept of secrets, does it ? I think they are working on it , but it is not there yet and not in compose AFAIK. |
So one instance that would be supported now would be in use of environmental variables. the docker compose for my project i just converted sets stuff like the username and pass for a database as env variables. ill convert them over to using secrets |
@jamstar yeah that needs to be done manually! |
Secrets are able to be defined in Docker Compose Version 3: https://docs.docker.com/compose/compose-file/#secrets-configuration-reference and thus we can map this to Kubernetes much easier than expected. |
Since Docker Compose now has secrets, the best way (from my research) would be to use secrets as well as the See: https://stackoverflow.com/questions/42139605/how-do-you-manage-secret-values-with-docker-compose-v3-1 for some context. |
FYI, |
I just had a look at things and it appears as though the mapping is doable, with the exception of uid and gid when projecting the secret into The rest of this post is really just a summary of the documentation and links to things that I think are relevant for whoever takes this on, which I found from a quick poke around (I'm not familiar with the codebases). Creating secretscompose documentation secrets:
my_first_secret:
file: "./secret_data"
my_second_secret:
external: true
my_third_secret:
external:
name: "name_externally" I'm not sure we can use the values of external secrets (I think what @cdrage was saying), even if we could I think maintaining the separation in environments that comes with the externals is beneficial. In Kubernetes I think this would revolve around Secret objects. Using secretscompose documentation
In Kubernetes I think this would revolve around SecretProjections to project the secrets into |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
I see this has been marked as stale now. It would be really nice to get this into kompose (along with support for docker 'configs'!), as these are perhaps the trickiest bits to understand and get right for a k8s noob. Not sure what the etiquette is with the bot and |
This is a big feature, i can start working on it ! |
The |
+1 |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
How is this going? What's the status? Is there an ETA? |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
Really need secret support to make Kompose usage seamless 🚀 |
@pgordon9 Good news, the PR has been merged, you can try this feature in the master branch |
Right now there is no way I can specify secrets from docker-compose which then maps to kubernetes. This would be great thing to have.
For using this feature I had to manually create secret object and then add it to container spec in deployment.
The text was updated successfully, but these errors were encountered: