A job to read parameters from AWS SSM Parameter Store and store them in Kubernetes as Secrets, designed to run as a Kubernetes Job, for one off execution, as oppsed to an ongoing controller.
Parameter values must be stored in json format. The json object is expected to represent a single level string map, where the map values are Base64 encoded strings:
e.g {"file1":"...Base64...", "file2":"...Base64..."}
The generated secret will be named according to the last token of the standard slash
delimted Parameter Name. e.g. /dev/secrets/mysecret results in a secret names mysecret
For running as a kubernetes job, see example template in param-secret-sync-job.yaml
The build system has been adopted from the awsome Tim Hockin and the Kubernetes community https://github.com/thockin/go-build-template
-kubeconfig(or KUBECONFIG env var) kubeconfig file (needed for out of cluster execution)-namespacetarget secret namespace (default "default")-parama full path of a ParameterStore secret, optionally followed by a colon and a kuberentes secret type e.g. -param /vault/mydockerlogin:kubernetes.io/dockercfg if secret type is omitted type is set to Opaque
Multiple secrets can be processed in a single execution. Specify multiple -param flags and values.
see https://github.com/thockin/go-build-template#building