CODEWITHSUNDEEP
kuberneteskubernetes-secrets
simohe
simohe

Reputation: 651

use kubernetes secret in another one

How can I use secret X key my-key in an other secret Y as some-other-key? Both secrets have other keys as well.

Rational: The mysql instance generates a secret containing the passwords for the users with keys mysql-password and mysql-root-password. A custom resource DbInstance expects the name of a secret, which contains the keys user and password. (I use https://github.com/kloeckner-i/db-operator) How can I put the value from one into the other?

Of course I can do it manually, by copying the encoded value from kubectl get secret mysql-generated-secret and paste it in kubectl edit secret dbinstance-secret. Is there a better way? A reference in k8s if possible, or a nice automation. (I will find a way like pwd=$(kubectl get secret -o yaml ... | yq .data.mysql-password | base64 -d) && helm update --set password=$pwd ...; unset pwd, but is this the best way?)

similar: Using kubernetes secrets in a configmap

Upvotes: 3

Views: 6548

Answers (2)

Frank Wiles
Frank Wiles

Reputation: 1608

I recently had to do this as well and found a fairly easy solution using yq.

kubectl -n app-dev get secret database -o yaml | yq 'del(.metadata.creationTimestamp, .metadata.uid, .metadata.resourceVersion, .metadata.namespace)' | kubectl apply --namespace app-production -f -

We wrote it up as a blog post and a handy just command as well Copying Kubernetes Secrets Between Namespaces

Upvotes: 0

NicoKowe
NicoKowe

Reputation: 3427

Best way to automate this is by using an operator. listen on secret mysql-generated-secret, on creation or modification trigger -> create dbinstance-secret

Here is an operator who sync secrets between namespaces, you can use the same base code and modify it to your needs.

https://github.com/zakkg3/ClusterSecret

Upvotes: 1

Related Questions