external-secrets/kubernetes-external-secrets

External-secrets with IRSA

Closed this issue · 0 comments

jihed commented

I am using external-secrets with IRSA configuration. When I create the ExternalSecret CRD, the controller keeps in loop fetching

{"level":30,"time":1610015825549,"pid":17,"hostname":"external-secrets-kubernetes-external-secrets-bdf9ccd79-t28c2","msg":"No watch event for 60000 ms, restarting watcher"}
{"level":30,"time":1610015825550,"pid":17,"hostname":"external-secrets-kubernetes-external-secrets-bdf9ccd79-t28c2","msg":"Stopping watch stream due to event: END"}
{"level":30,"time":1610015825551,"pid":17,"hostname":"external-secrets-kubernetes-external-secrets-bdf9ccd79-t28c2","msg":"stopping poller for default/hello-service"}
{"level":30,"time":1610015825557,"pid":17,"hostname":"external-secrets-kubernetes-external-secrets-bdf9ccd79-t28c2","msg":"starting poller for default/hello-service"}
{"level":30,"time":1610015825568,"pid":17,"hostname":"external-secrets-kubernetes-external-secrets-bdf9ccd79-t28c2","msg":"running poll on the secret default/hello-service"}
{"level":30,"time":1610015825580,"pid":17,"hostname":"external-secrets-kubernetes-external-secrets-bdf9ccd79-t28c2","msg":"fetching secret property hello-service/password with role: arn:aws:iam::<account_id>:role/aws-secrets-sa-role in region eu-central-1"}```

apiVersion: 'kubernetes-client.io/v1'
kind: ExternalSecret
metadata:
name: hello-service
spec:
backendType: secretsManager

optional: specify role to assume when retrieving the data

roleArn: arn:aws:iam::<account_id>:role/aws-secrets-sa-role
region: eu-central-1
data:
- key: hello-service/password
name: password

optional: specify a template with any additional markup you would like added to the downstream Secret resource.

This template will be deep merged without mutating any existing fields. For example: you cannot override metadata.name.

template:
metadata:
annotations:
cat: cheese
labels:
dog: farfel