external-secrets/docs/snippets/chef-external-secret.yaml

{% raw %}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: vivid-external-secrets # name of ExternalSecret
  namespace: vivid # namespace inside which the ExternalSecret will be created
  annotations:
    company/contacts: user.a@company.com, user.b@company.com
    company/team: vivid-dev
  labels:
    app.kubernetes.io/name: external-secrets
spec:
  refreshInterval: 15m
  secretStoreRef:
    name: vivid-clustersecretstore # name of ClusterSecretStore
    kind: ClusterSecretStore
  data:
  - secretKey: USERNAME
    remoteRef:
      key: vivid_prod/global_user # databagName/dataItemName
      property: username # a json key in dataItem
  - secretKey: PASSWORD
    remoteRef:
      key: vivid_prod/global_user
      property: password
  - secretKey: APIKEY
    remoteRef:
      key: vivid_global/apikey
      property: api_key
  - secretKey: APP_PROPERTIES
    remoteRef:
      key: vivid_global/app_properties # databagName/dataItemName , it will fetch all key-vlaues present in the dataItem
  target:
    name: vivid-credentials # name of kubernetes Secret resource that will be created and will contain the obtained secrets
    creationPolicy: Owner
    template:
      mergePolicy: Replace    
      engineVersion: v2
      data:
        secrets.json: |
          {
            "username": "{{ .USERNAME }}",
            "password": "{{ .PASSWORD }}",
            "app_apikey": "{{ .APIKEY }}",
            "app_properties": "{{ .APP_PROPERTIES }}"
          }

{% endraw %}
Implementation of Chef External Secrets Provider (#3127) * Adding the details for chef provider secret store. Issue: https://github.com/external-secrets/external-secrets/issues/2905 This commit intends to add the chef provider structure to the existing list of external-secrets providers. It defines the structure of the SecretStore and ClusterSecretStore for chef Provider. The yaml resource will contain 3 important parts to identify and connect to chef server to reconcile secrets. They are: 1. serverurl: This is the URL to the chef server. 2. username: The username to connect to the chef server. 3. auth: The password to connect to the chef server. It is a reference to an already existing kubernetes secret containing the password. This commit also contains the auto generated CRDs using the `make generate` command. Signed-off-by: Subroto Roy <subrotoroy007@gmail.com> * Implementation for Chef ESO provided Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com> * - implemented Chef eso, added required methods - added unit test cases - added sample documentation Issue: https://github.com/external-secrets/external-secrets/issues/2905 Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com> * Added Documentation for Authentication Signed-off-by: Subroto Roy <subrotoroy007@gmail.com> * added documentation for Chef eso Issue: https://github.com/external-secrets/external-secrets/issues/2905 Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com> * Updated chef ESO documentation Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com> * updated ValidateStore method signature Issue: https://github.com/external-secrets/external-secrets/issues/2905 Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com> * made changes in chef provider to satisfy 'make docs' Issue: https://github.com/external-secrets/external-secrets/issues/2905 Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com> * - updated code as per review comment, make reviewable suggestions Issue: https://github.com/external-secrets/external-secrets/issues/2905 Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com> * modified chef provider code as per review comment Issue: https://github.com/external-secrets/external-secrets/issues/2905 Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com> --------- Signed-off-by: Subroto Roy <subrotoroy007@gmail.com> Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com> Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com> Co-authored-by: Subroto Roy <subrotoroy007@gmail.com> Co-authored-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com> 2024-02-14 08:54:08 +00:00			`{% raw %}`
			`apiVersion: external-secrets.io/v1beta1`
			`kind: ExternalSecret`
			`metadata:`
			`name: vivid-external-secrets # name of ExternalSecret`
			`namespace: vivid # namespace inside which the ExternalSecret will be created`
			`annotations:`
			`company/contacts: user.a@company.com, user.b@company.com`
			`company/team: vivid-dev`
			`labels:`
			`app.kubernetes.io/name: external-secrets`
			`spec:`
			`refreshInterval: 15m`
			`secretStoreRef:`
			`name: vivid-clustersecretstore # name of ClusterSecretStore`
			`kind: ClusterSecretStore`
			`data:`
			`- secretKey: USERNAME`
			`remoteRef:`
			`key: vivid_prod/global_user # databagName/dataItemName`
			`property: username # a json key in dataItem`
			`- secretKey: PASSWORD`
			`remoteRef:`
			`key: vivid_prod/global_user`
			`property: password`
			`- secretKey: APIKEY`
			`remoteRef:`
			`key: vivid_global/apikey`
			`property: api_key`
			`- secretKey: APP_PROPERTIES`
			`remoteRef:`
			`key: vivid_global/app_properties # databagName/dataItemName , it will fetch all key-vlaues present in the dataItem`
			`target:`
			`name: vivid-credentials # name of kubernetes Secret resource that will be created and will contain the obtained secrets`
			`creationPolicy: Owner`
			`template:`
			`mergePolicy: Replace`
			`engineVersion: v2`
			`data:`
			`secrets.json: \|`
			`{`
			`"username": "{{ .USERNAME }}",`
			`"password": "{{ .PASSWORD }}",`
			`"app_apikey": "{{ .APIKEY }}",`
			`"app_properties": "{{ .APP_PROPERTIES }}"`
			`}`

			`{% endraw %}`