Skip to content

Files

Latest commit

 

History

History
29 lines (20 loc) · 1.67 KB

README.md

File metadata and controls

29 lines (20 loc) · 1.67 KB

parameter-secret-sync

A job to read parameters from AWS SSM Parameter Store and store them in Kubernetes as Secrets, designed to run as a Kubernetes Job, for one off execution, as oppsed to an ongoing controller.

Parameter values must be stored in json format. The json object is expected to represent a single level string map, where the map values are Base64 encoded strings: e.g {"file1":"...Base64...", "file2":"...Base64..."}

The generated secret will be named according to the last token of the standard slash delimted Parameter Name. e.g. /dev/secrets/mysecret results in a secret names mysecret

For running as a kubernetes job, see example template in param-secret-sync-job.yaml

The build system has been adopted from the awsome Tim Hockin and the Kubernetes community https://github.com/thockin/go-build-template

Arguments

  • -kubeconfig (or KUBECONFIG env var) kubeconfig file (needed for out of cluster execution)
  • -namespace target secret namespace (default "default")
  • -param a full path of a ParameterStore secret, optionally followed by a colon and a kuberentes secret type e.g. -param /vault/mydockerlogin:kubernetes.io/dockercfg if secret type is omitted type is set to Opaque

Multiple secrets can be processed in a single execution. Specify multiple -param flags and values.

Building

see https://github.com/thockin/go-build-template#building