Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add cluster secrets and update secretStore examples

Docs 4 years ago
parent
a1ea34d3b3
commit
44f898e28f
1 changed files with 46 additions and 9 deletions
Split View Show Diff Stats
  1. 46 9
      docs/provider-kubernetes.md

+ 46 - 9
docs/provider-kubernetes.md
View File 

@@ -6,39 +6,76 @@ It's possible to authenticate against the Kubernetes API using client certificat
 
 
 ## Example
 
 
-### SecretStore
 
+### K8s Cluster Secret
 
 
-The `Server` section specifies the url of the Kubernetes API and the location to fetch the CA. The `auth` section indicates the type of authentication to use, `cert`, `token` or `serviceAccount` and includes the path to fetch the certificates or the token.
 
 
+```
 
+apiVersion: v1
 
+kind: Secret
 
+metadata:
 
+  name: cluster-secrets
 
+data:
 
+  # Fill with your encoded base64 CA
 
+  ca: Cg==
 
+  # Fill with your encoded base64 Certificate
 
+  certificate: Cg==
 
+  # Fill with your encoded base64 Key
 
+  key: Cg==
 
+stringData:
 
+  # Fill with your a string Token
 
+  bearerToken: "my-token"
 
+```
 
+
 
+## SecretStore
 
+
 
+The `Server` section specifies the url of the Kubernetes API and the location to fetch the CA. The `auth` section indicates the type of authentication to use, `cert`, `token` or `serviceAccount` and includes the path to fetch the certificates or the token.
 
 
 ```
 
-apiVersion: external-secrets.io/v1alpha1
 
+apiVersion: external-secrets.io/v1beta1
 
 kind: SecretStore
 
 metadata:
 
   name: example
 
 spec:
 
   provider:
 
-      kubernetes:  
+      kubernetes:
 
+        # If not remoteNamesapce is provided, default namespace is used
 
+        remoteNamespace: default  
         server: 
           url:  https://127.0.0.1:36473
 
+          # Add your encoded base64 to caBundle or a referenced caProvider
 
+          # if both are provided caProvider will be ignored
 
+          caBundle: Cg==
 
           caProvider: 
             type: Secret
 
-            name : kind-cluster-secrets
 
+            name : cluster-secrets
 
             key: ca
 
         auth:
 
+          # Add a referenced bearerToken or client certificates, 
+          # if both are provided client certificates will be ignored
 
+          token:
 
+            bearerToken:
 
+              name: cluster-secrets
 
+              key: bearerToken
 
           cert:
 
             clientCert: 
-                name: kind-cluster-secrets
 
+                name: cluster-secrets
 
                 key: certificate
 
             clientKey: 
-                name: kind-cluster-secrets
 
+                name: cluster-secrets
 
                 key: key
 
+---
 
+apiVersion: v1
 
+kind: Secret
 
+metadata:
 
+  name: secret-example
 
+data:
 
+  extra: YmFyCg==
 
 ```
 
         
 ### ExternalSecret
 
 
 ```
 
-apiVersion: external-secrets.io/v1alpha1
 
+apiVersion: external-secrets.io/v1beta1
 
 kind: ExternalSecret
 
 metadata:
 
   name: example
 
@@ -51,7 +88,7 @@ spec:
 
     name: secret-to-be-created  # name of the k8s Secret to be created
 
     creationPolicy: Owner
 
   data:
 
-  - secretKey: extra #
 
+  - secretKey: extra
 
     remoteRef:
 
       key: secret-example
 
       property: extra