/khcheck-external-secrets

A Kuberhealthy check for the External Secrets Operator

Primary LanguageGoMIT LicenseMIT

khcheck-external-secrets

The code in this repository implements a Kuberhealthy check that checks whether the external secrets operator functions as expected.

Functionality

The diagram below visualizes this check's general functioning. For brevity, cleanup of ExternalSecret and Secret resources was omitted in the diagram. Before and after every check, ExternalSecrets and Secrets from previous runs are cleaned up if they exist.

Install

Install with helm:

# Add helm repository
helm repo add khcheck-external-secrets https://Nick-Triller.github.io/khcheck-external-secrets
# Create helm values file
cat <<EOF > myvalues.yml
externalSecretTemplate: |
  apiVersion: kubernetes-client.io/v1
  kind: ExternalSecret
  metadata:
    name: my-test-secret
  spec:
    backendType: vault
    data:
      - name: user
        key: secrets/data/khcheck-external-secrets
        property: user
      - name: pass
        key: secrets/data/khcheck-external-secrets
        property: password
EOF
# Create helm release
helm upgrade --install -n kuberhealthy -f myvalues.yml my-release khcheck-external-secrets/khcheck-external-secrets

Configuration

See chart README for configuration options.

Release process

Docker image

Pushing a tag on master will trigger a pipeline that builds the Docker container and pushes it to docker hub. The image will be tagged with the git tag.

Helm chart

Pushing a tag on master in the format helm-1.2.3 will trigger a pipeline that publishes the chart in /charts. The chart version corresponds to the git tag without the helm- prefix. The chart app version in Chart.yaml is not overwritten.

License

This project is MIT licensed, see LICENSE.md.