CODEWITHSUNDEEP
kubernetesansible
David C
David C

Reputation: 531

How can I create a Kubernetes Secret with Ansible?

I'm using an Ansible JMeter Operator to do distributed load testing and am having trouble with creating a Kubernetes secret. The operator I'm modifying is the JMeter one and the additional YAML I'm adding is as below:

- name: InfluxDB Storage Secret
  k8s:
    apiVersion: v1
    kind: Secret
    type: Opaque
    metadata:
      name: azure-storage-account-infxluxdb-secret
      namespace: '{{ meta.namespace }}'
    stringData:
      azurestorageaccountname: 'xxxxxxx'
      azurestorageaccountkey: 'xxxxxxxxxxx'

Is there anything wrong with the YAML definition? I'm modifying the roles/jmeter/tasks/main.yaml of the role to add it into my specific namespace.

Upvotes: 11

Views: 17286

Answers (2)

Bvoid
Bvoid

Reputation: 55

Yes, using a template lookup to load a file into a secret is the way to go. The example above is good, but there are 2 things I do differently :

  • no need to concatenate the path to the templates. If your template file is in the templates directory of the role, you're good.

  • no need for the tojson filter in your data. Just using plain base64 is enough to load an arbitrary text file as a secret, with the key of your choice (here config)

This is a sample from our role configuring Dell CSI drivers for example.

- name: Create config secret
  redhat.openshift.k8s:
    state: present
    definition: 
      apiVersion: v1
      kind: Secret
      type: Opaque             
      metadata:
        name: isilon-creds
        namespace: "{{ dell_namespace }}"     
      data:
        config: "{{ lookup('template', 'config.txt.j2' ) | b64encode }}"
  register: config_secret

Upvotes: 2

Samush
Samush

Reputation: 171

Here is my example, that works for me, hope it help.

  - name: CREATE MONGOSECRETS SECRET
    kubernetes.core.k8s:
      state: present
      definition: 
        apiVersion: v1
        kind: Secret
        type: Opaque             
        metadata:
          name: "{{ secret_name }}"
          namespace: "{{ project_name | lower }}"     
        data:
          config_data.json: "{{ lookup('template', mongo_conn_templates_path + '/config_data.json' ) | tojson | b64encode }}"

Upvotes: 17

Related Questions