Labels not getting included in the generated secret
aupadh12 opened this issue · 2 comments
Hello Team,
I am using AWS Secret Manager for storing my secrets and password and then using external secrets to pull them.
I am also using argocd for which we have implemented AzureAD authentication method for seamless integration. However, at the moment it is not possible to fetch client secret directly into Argocd secret. Thus, we have to add
app.kubernetes.io/part-of: argocd label to any secret in same namespace where Argo CD is deployed. But the secret which is generated using the external secret does not have this label added into it although I added in the kind: external secrets and also deployment yaml files for external secrets.
Please see the yaml files below:
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: azure-secrets
namespace: argocd
labels:
app.kubernetes.io/part-of: argocd
spec:
backendType: secretsManager
roleArn: arn:aws:iam::123456789:role/eks_external_secrets
region: us-east-1
dataFrom:
- azure_secrets
and
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubernetes-external-secrets
namespace: external-secrets
labels:
app.kubernetes.io/name: kubernetes-external-secrets
helm.sh/chart: kubernetes-external-secrets-8.3.0
app.kubernetes.io/instance: kubernetes-external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: kubernetes-external-secrets
app.kubernetes.io/instance: kubernetes-external-secrets
template:
metadata:
labels:
app.kubernetes.io/name: kubernetes-external-secrets
app.kubernetes.io/instance: kubernetes-external-secrets
app.kubernetes.io/part-of: argocd
spec:
serviceAccountName: kubernetes-external-secrets
containers:
- name: kubernetes-external-secrets
image: external-secrets/kubernetes-external-secrets:8.3.0
ports:
- name: prometheus
containerPort: 3001
imagePullPolicy: IfNotPresent
resources:
{}
Am I missing something here?
I need that label to be present in the generated secret.
Should be able to provide a template in the external secret.
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: azure-secrets
namespace: argocd
labels:
app.kubernetes.io/part-of: argocd
spec:
template:
metadata:
labels:
app.kubernetes.io/part-of: argocd
backendType: secretsManager
roleArn: arn:aws:iam::123456789:role/eks_external_secrets
region: us-east-1
dataFrom:
- azure_secrets
Hi @Flydiverny ,
This worked!!
Thank you very much for the help here.