Kubernetes Generated Secret

Kubernetes controller to easily generate random secrets inside your cluster. The project makes use of crypto/rand to generate random values.

Install

Easiest way is to add a git reference in your kustomization.yaml file.

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/phillebaba/kubernetes-generated-secret//config/default

Or you can add the CRD and Deploy the controller in your cluster manually.

kustomize build config/default | kubectl apply -f -

How to use

A Secret is generated from a GeneratedSecret that configures the length, character content, and additional metadata of the secret. The GeneratedSecret is the parent of the Secret it creates, meaning that the Secret will be deleted when the GeneratedSecret is deleted.

Simple random secret

Below is all you need to generate a Secret with a random value. The name and namespace will be inherited by the created Secret. The data field in the GeneratedSecret maps to the data field in the Secret, meaning that the specified key will be created.

apiVersion: core.phillebaba.io/v1alpha1
kind: GeneratedSecret
metadata:
  name: generatedsecret-sample
  namespace: default
spec:
  data:
  - key: test

The resulting Secret will look like the one below.

apiVersion: v1
kind: Secret
metadata:
  name: generatedsecret-sample
  namespace: default
spec:
  data:
    test: <RANDOM_VALUE>

Configuration

There is an optional secretMetadata that can be set. The metadata specified will propogate to the generated Secret with the exception of the name and namespace which is inherited by the parent GeneratedSecret. Additionally the length and characters used in the secret can also be set.

apiVersion: core.phillebaba.io/v1alpha1
kind: GeneratedSecret
metadata:
  name: generatedsecret-sample
spec:
  secretMetadata:
    labels:
      app: foobar
  data:
  - key: test
    length: 100
    exclude:
    - Uppercase

The metadata will be propogated to the Secret.

apiVersion: v1
kind: Secret
metadata:
  name: generatedsecret-sample
  namespace: default
  labels:
    app: foobar
spec:
  data:
    test: <RANDOM_VALUE>

Multiple secrets

It is also possible to generate a Secret with multiple keys in it.

apiVersion: core.phillebaba.io/v1alpha1
kind: GeneratedSecret
metadata:
  name: generatedsecret-sample
spec:
  data:
  - key: foo
    length: 100
    exclude:
    - Uppercase
    - Lowercase
  - key: bar
    length: 50
    exclude:
    - Numbers
    - Symbols

Each key will receive a different random value.

apiVersion: v1
kind: Secret
metadata:
  name: generatedsecret-sample
  labels:
    app: foobar
spec:
  data:
    foo: <RANDOM_VALUE_1>
    bar: <RANDOM_VALUE_2>

Development

The project is setup with Kubebuilder so it is good to install it as the integration tests depend on it, follow the installation instructions.

To simplify development it helps to use a local cluster, Kind is a good example of such a tool. Given that a cluster is configured in a kubeconfig file run the following command to install the CRD.

make install

Then run the controller, the following command will run the controller binary.

make run

Or you can run the controller inside of the cluster, like you would when actually deploying it.

make deploy

Run the test rule to run the integration tests.

make test

License

This project is licensed under the MIT License - see the LICENSE file for details.