Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote targets #228

Open
zadjadr opened this issue Feb 1, 2024 · 1 comment
Open

Remote targets #228

zadjadr opened this issue Feb 1, 2024 · 1 comment
Labels
kind:bug Something isn't working

Comments

@zadjadr
Copy link

zadjadr commented Feb 1, 2024
edited
Loading

I want to be able to use remote targets with ksops.

Something like this should work, but it seems that it does not:

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: my-secret-generator
  annotations:
    config.kubernetes.io/function: |
      exec:
        path: ksops
files:
  - https://gitlab.com/a/b/defaults//resources/secrets/secret.asc.yaml?ref=feat/abc

I would expect ksops to just use the kustomize feature: https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md
@dosubot DosuBot
Copy link

dosubot bot commented Feb 1, 2024
edited
Loading

🤖

Based on the current implementation of KSOPS, it does not support the use of remote targets directly. The plugin operates on local files, as evidenced by the decryptFile function in the ksops.go file, which reads files from the local file system using ioutil.ReadFile(file). This function is used to decrypt both the main manifest files and any additional files specified in the secretFrom field.

However, you can still use remote targets by manually cloning the repository and keeping it up-to-date. Here's an example of how you might modify your YAML to use a remote target:

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: ksops-secret-from-generator
  annotations:
    config.kubernetes.io/function: |
        exec:
          path: ksops
secretFrom:
- metadata:
    name: mysecret
  type: Opaque
  binaryFiles:
  - ./path/to/cloned/repo/secret.enc.yaml

In this example, ./path/to/cloned/repo/secret.enc.yaml would be the path to the encrypted file in the cloned repository. You would need to replace this with the actual path to your encrypted file. You can refer to the test/krm/binaryfile/generate-resources.yaml file for more examples.

If you need to automate the process of cloning and keeping the repository up-to-date, you might consider using a GitOps tool like ArgoCD or Flux.

Sources

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

@dosubot dosubot bot added the kind:bug Something isn't working label Feb 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind:bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zadjadr