Skip to content
This repository has been archived by the owner on Jul 5, 2021. It is now read-only.

Latest commit

 

History

History
82 lines (68 loc) · 2.18 KB

File metadata and controls

82 lines (68 loc) · 2.18 KB

Gitlab CI/CD Variables

Prerequisites

  • A Gitlab project with a CI/CD variable, who's key is example_externalsecret_key

  • The project ID which you can find at the top of the main page of the project, right below the project name.

  • A Gitlab personal access token with read_api permissions

  • Install CRDs

  make install

Deployment

  • Uncomment and update credentials to be used in config/credentials/kustomization.yaml:
resources:
# - credentials-gsm.yaml
# - credentials-asm.yaml
# - credentials-dummy.yaml
- credentials-gitlab.yaml
  • Update the gitlab credentials config/credentials/credentials-gitlab.yaml with your personal access token
%cat config/credentials/credentials-gitlab.yaml
...
credentials.json: |-
    {
      "token": "abcdef12345"
    }
  • Update the SecretStore resource definition config/samples/store_v1alpha1_secretstore.yaml
% cat  `config/samples/store_v1alpha1_secretstore.yaml
apiVersion: store.externalsecret-operator.container-solutions.com/v1alpha1
kind: SecretStore
metadata:
  name: secretstore-sample
spec:
  controller: staging
  store:
    type: gitlab
    auth:
      secretRef:
        name: externalsecret-operator-credentials-gitlab
    parameters:
      baseURL: https://gitlab.com
      projectID: 12345678
  • Update the ExternalSecret resource definition config/samples/secrets_v1alpha1_externalsecret.yaml
% cat config/samples/secrets_v1alpha1_externalsecret.yaml
apiVersion: secrets.externalsecret-operator.container-solutions.com/v1alpha1
kind: ExternalSecret
metadata:
  name: externalsecret-sample
spec:
  storeRef:
    name: externalsecret-operator-secretstore-sample
  data:
    - key: example_externalsecret_key
      version: latest
  • The operator fetches the CI/CD variable from Gitlab and injects it as a secret:
% make deploy
% kubectl get secret externalsecret-operator-externalsecret-sample -n externalsecret-operator-system \
  -o jsonpath='{.data.example_externalsecret_key}' | base64 -d