secrets-store-csi-driver-provider-spring-cloud-config

The Spring Cloud Config provider for Secrets Store CSI driver allows you to get content stored in Spring Cloud Config and use the Secrets Store CSI driver interface to mount them into a Kubernetes pods.

Installation

Requirements

• A running instance of Spring Cloud Config Server
• Secrets Store CSI Driver installed

Installing the provider

To install the provider, use the YAML file in the deployment directory:

kubectl apply -f https://raw.githubusercontent.com/freenowtech/secrets-store-csi-driver-provider-spring-cloud-config/master/deployment/provider.yaml

Usage

Create a SecretProviderClass resource to provide Spring-Cloud-Config-specific parameters for the Secrets Store CSI driver.

apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
  name: spring-cloud-config-example
spec:
  provider: spring-cloud-config
  parameters:
    serverAddress: "http://configserver.example" # this url should point to config server
    application: "myapp" # the application you're retrieving the config for
    profile: "prod" # the profile for your application to pull
    fileName: "application.yaml" # the name of the file to create - supports extensions .yaml, .yml, .json and .properties

Afterward, reference your SecretProviderClass in your Pod Definition

kind: Pod
apiVersion: v1
metadata:
  name: secrets-store-example
spec:
  containers:
  - image: ubuntu:latest
    name: ubuntu
    command: ["/bin/bash"]
    args:
      - "-c"
      - "cat /secrets-store/application.yaml && sleep 300"
    volumeMounts:
    - name: secrets-store-inline
      mountPath: "/secrets-store"
      readOnly: true
  volumes:
    - name: secrets-store-inline
      csi:
        driver: secrets-store.csi.k8s.com
        readOnly: true
        volumeAttributes:
          secretProviderClass: "spring-cloud-config-example"

Development

Run the binary locally

Requirements

• Go
• gRPCurl

Steps to execute

1. Build the binary:

   go build

2. Start the binary:

   ./secrets-store-csi-driver-provider-spring-cloud-config

3. In a new terminal window, create the directory .dev:

   mkdir -p .dev

4. Download the grpc protobuf definitions:

   curl -L -o .dev/service.proto https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/main/provider/v1alpha1/service.proto

5. Create the payload .dev/mount.json:

   {
     "attributes": "{\"serverAddress\":\"<your-server-address>\",\"application\":\"<your application>\",\"profile\":\"<your profile>\",\"fileName\":\"application.yaml\"}",
     "secrets": "{}",
     "targetPath": "./.dev",
     "permission": "420"
   }

   Make sure to replace the placeholders
6. Send the payload to the provider:

   cat ./.dev/mount.json | grpcurl -unix -plaintext -proto ./.dev/service.proto -d @ ./spring-cloud-config.sock v1alpha1.CSIDriverProvider/Mount

7. Verify that the file has been created:

   cat ./.dev/application.yaml
   # Should display YAML content

Release

Follow these steps to release a new version:

1. Create a new release via the GitHub UI.

2. Set v0.x.y as the tag and the release title.

   If the release contains at least one feature, increase x by one and set y to 0.

   If the release contains bug fixes only, increase y by one.

3. Let GitHub generate the release notes by clicking the "Generate release notes" button.

4. Click the "Publish release" button.