Skip to content

Commit

Permalink
Merge pull request #44 from cloudkite-io/add-azure-key-vault-support
Browse files Browse the repository at this point in the history 
add secrets for azure
  • Loading branch information
@kirill-cloudkite
kirill-cloudkite authored Feb 4, 2025
2 parents 180b293 + fa03527 commit 5ed30f0
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 0 deletions.
9 changes: 9 additions & 0 deletions standard-app/example.values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,9 +247,18 @@ externalSecret:
type: gcp
refreshInterval: 15s

# Azure Key Vault
# secretStoreName: example-name
# type: azure
# refreshInterval: 15s

secrets:
# Vault/GCP/AWS Example
- secretKey: AWS_ACCESS_KEY_ID # - secretKey: & property: atribute for secrets are applicable to version 0.2.0, version 0.1.0 uses the key id without artribut names e.g (- AWS_ACCESS_KEY_ID)
- secretKey: AWS_SECRET_ACCESS_KEY
# Azure Example
# Serilog__WriteTo__0__Args__connectionString: SERILOG_CONNECTION_STRING
# TokenConfig__Secret: TOKEN_CONFIG_SECRET

jobs:
jobexample-1:
Expand Down
64 changes: 64 additions & 0 deletions standard-app/templates/configs/externalsecret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ spec:
name: {{ $initContainerName }}
creationPolicy: Owner
data:
{{- if eq $.Values.externalSecret.type "azure" }}
{{- range $key, $value := $initContainerConfig.secrets }}
- secretKey: {{ $key }}
remoteRef:
key: {{ $value }}
{{- end }}
{{- else }}
{{- range $secret := $initContainerConfig.secrets }}
- secretKey: {{ $secret.secretKey }}
remoteRef:
Expand All @@ -40,6 +47,7 @@ spec:
property: {{ $secret.property | default $secret.secretKey }}
{{- end }}
{{- end }}
{{- end }}
---
{{- end }}
{{- end }}
Expand All @@ -66,6 +74,13 @@ spec:
name: {{ $containerName }}
creationPolicy: Owner
data:
{{- if eq $.Values.externalSecret.type "azure" }}
{{- range $key, $value := $containerConfig.secrets }}
- secretKey: {{ $key }}
remoteRef:
key: {{ $value }}
{{- end }}
{{- else }}
{{- range $secret := $containerConfig.secrets }}
- secretKey: {{ $secret.secretKey }}
remoteRef:
Expand All @@ -81,6 +96,7 @@ spec:
property: {{ $secret.property | default $secret.secretKey }}
{{- end }}
{{- end }}
{{- end }}
---
{{- end }}
{{- end }}
Expand All @@ -106,6 +122,13 @@ spec:
name: {{ if $.Values.pr }}{{ $.Release.Name }}-{{ $appName | trimPrefix $.Release.Name | trimPrefix "-" }}{{ else }}{{ $appName }}{{ end }}
creationPolicy: Owner
data:
{{- if eq $.Values.externalSecret.type "azure" }}
{{- range $key, $value := $appConfig.secrets }}
- secretKey: {{ $key }}
remoteRef:
key: {{ $value }}
{{- end }}
{{- else }}
{{- range $secret := $appConfig.secrets }}
- secretKey: {{ $secret.secretKey }}
remoteRef:
Expand All @@ -121,6 +144,7 @@ spec:
property: {{ $secret.property | default $secret.secretKey }}
{{- end }}
{{- end }}
{{- end }}
---
{{- end }}
{{- end }}
Expand All @@ -147,6 +171,13 @@ spec:
name: {{ $jobName }}
creationPolicy: Owner
data:
{{- if eq $.Values.externalSecret.type "azure" }}
{{- range $key, $value := $jobConfig.secrets }}
- secretKey: {{ $key }}
remoteRef:
key: {{ $value }}
{{- end }}
{{- else }}
{{- range $secret := $jobConfig.secrets }}
- secretKey: {{ $secret.secretKey }}
remoteRef:
Expand All @@ -162,6 +193,7 @@ spec:
property: {{ $secret.property | default $secret.secretKey }}
{{- end }}
{{- end }}
{{- end }}
---
{{- end }}
{{- end }}
Expand All @@ -187,6 +219,13 @@ spec:
name: {{ .Release.Name }}
creationPolicy: Owner
data:
{{- if eq $.Values.externalSecret.type "azure" }}
{{- range $key, $value := .Values.secrets }}
- secretKey: {{ $key }}
remoteRef:
key: {{ $value }}
{{- end }}
{{- else }}
{{- range $secret := .Values.secrets }}
- secretKey: {{ $secret.secretKey }}
remoteRef:
Expand All @@ -202,6 +241,7 @@ spec:
property: {{ $secret.property | default $secret.secretKey }}
{{- end }}
{{- end }}
{{- end }}
---
{{- end }}

Expand Down Expand Up @@ -229,6 +269,13 @@ spec:
name: {{ $initContainerName }}
creationPolicy: Owner
data:
{{- if eq $.Values.externalSecret.type "azure" }}
{{- range $key, $value := $initContainerConfig.secrets }}
- secretKey: {{ $key }}
remoteRef:
key: {{ $value }}
{{- end }}
{{- else }}
{{- range $secret := $initContainerConfig.secrets }}
- secretKey: {{ $secret.secretKey }}
remoteRef:
Expand All @@ -244,6 +291,7 @@ spec:
property: {{ $secret.property | default $secret.secretKey }}
{{- end }}
{{- end }}
{{- end }}
---
{{- end }}
{{- end }}
Expand All @@ -270,6 +318,13 @@ spec:
name: {{ $containerName }}
creationPolicy: Owner
data:
{{- if eq $.Values.externalSecret.type "azure" }}
{{- range $key, $value := $containerConfig.secrets }}
- secretKey: {{ $key }}
remoteRef:
key: {{ $value }}
{{- end }}
{{- else }}
{{- range $secret := $containerConfig.secrets }}
- secretKey: {{ $secret.secretKey }}
remoteRef:
Expand All @@ -285,6 +340,7 @@ spec:
property: {{ $secret.property | default $secret.secretKey }}
{{- end }}
{{- end }}
{{- end }}
---
{{- end }}
{{- end }}
Expand All @@ -310,6 +366,13 @@ spec:
name: {{ $cronjobName }}
creationPolicy: Owner
data:
{{- if eq $.Values.externalSecret.type "azure" }}
{{- range $key, $value := $cronjobConfig.secrets }}
- secretKey: {{ $key }}
remoteRef:
key: {{ $value }}
{{- end }}
{{- else }}
{{- range $secret := $cronjobConfig.secrets }}
- secretKey: {{ $secret.secretKey }}
remoteRef:
Expand All @@ -325,6 +388,7 @@ spec:
property: {{ $secret.property | default $secret.secretKey }}
{{- end }}
{{- end }}
{{- end }}
---
{{- end }}
{{- end }}
Expand Down

0 comments on commit 5ed30f0

Please sign in to comment.