Can we insert kubernetes secrets into spinnaker gitops halyard? :

Can we insert kubernetes secrets into spinnaker gitops halyard? Print

Created by: Srinivas Kambhampati

Modified on: Wed, 15 Sep, 2021 at 1:02 AM

Question: In gitops style spinnaker, .hal/config and other files are in a repo. These files contain secrets such as passwords, can we avoid this and get them from k8s secrets?

Answer: Yes, Opsmx Gitops Spinnaker allows for inserting k8s secrets into the halyard pod direcrly. For using this:

a) Create a secret with key=value pairs as one would normally do. Do take care to escape/quote any special charecters such as '$'

example: kubectl create secret generic mysecret --from-literal password=mysecretpassword

b) Place the following string in the place of the secret: encrytped:<secret-name>:<secret-key>

example: in any file in the gitops repo, e.g. .hal/config

password: encrypted:mysecret:password #Do not put quotes/double quotes around the "encrypted..." string.

Once halyard is restarted, it will show up as:

password: mysecretpassword

Srinivas is the author of this solution article.

Did you find it helpful? Yes No

How can we help you today?

Can we insert kubernetes secrets into spinnaker gitops halyard? Print

Related Articles