K8s Dev UX: Push to File (M1) Community

[Conjur-oss]

h2. Overall Outcome

Customer serves secrets through volume mounted files to an existing application workload deployed into K8s.  This only requires modifying the application deployment manifest and not the application itself.  This essentially matches Novartis’ primary desired use-case. 

h2. Epic/Release Outcome

With the initial Community release, users will be able to use Secrets Provider to deliver secrets to Kubernetes workloads through volume mounted YAML files. This is essentially the default path through this feature, with no added flexibility, such as other formats, file paths, etc. As it’s delivered at a “Community” level, this release will not be warranted/supported by CyberArk for production use. Customers are instead encouraged to test in lower environment and provide feedback. Lastly, we are not targeting official documentation. Instead, the getting started UX will be entirely in GitHub.

User Stories:

• US-3 (config via annotations)
• US-4 (push to file with defaults)
• US-5 (secret name aliases)
• US-10 (volume mount path)

h2. References

• Solution Design: [K8s Dev UX: Push to File|https://github.com/cyberark/secrets-provider-for-k8s/blob/main/design/m1_push_to_file_design.md]