Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing availableSecrets and secretEnv to kaniko in GCB #6199

Open
dimovnike opened this issue Jul 13, 2021 · 3 comments
Open

Passing availableSecrets and secretEnv to kaniko in GCB #6199

dimovnike opened this issue Jul 13, 2021 · 3 comments
Labels
area/build build/gcb build/kaniko kind/feature-request priority/p2 May take a couple of releases

Comments

@dimovnike
Copy link

When building with GCB directly we can instrruct GCB to mount a secret in the kaniko pod. This is achieved by using availableSecrets and secretEnv keys in yaml. Is there a way to pass these directly from skaffold?

below is an example of an buildconfig.yaml:

steps:
- name: 'gcr.io/kaniko/kaniko-executor:latest'
  args:
  - --destination=...
  secretEnv: ['SSH_PRIVATE_KEY']
availableSecrets:
  secretManager:
  - versionName: projects/$PROJECT_ID/secrets/private-key-secret-name/versions/latest
    env: 'SSH_PRIVATE_KEY'
@nkubala nkubala added priority/p2 May take a couple of releases kind/feature-request labels Aug 4, 2021
@nkubala
Copy link
Contributor

nkubala commented Aug 4, 2021

@dimovnike this isn't currently possible in skaffold as we don't expose that field from the cloudbuild.yaml into the skaffold.yaml GCB schema, but it could be added.

@gsquared94 gsquared94 added priority/p3 agreed that this would be good to have, but no one is available at the moment. and removed kind/question User question priority/p2 May take a couple of releases labels Oct 18, 2021
@lukepon
Copy link

lukepon commented Oct 19, 2022

is there any progress on this?

@ericzzzzzzz ericzzzzzzz added priority/p2 May take a couple of releases and removed priority/p3 agreed that this would be good to have, but no one is available at the moment. labels Dec 12, 2022
@aaron-prindle aaron-prindle modified the milestone: v2.2.0 Jan 9, 2023
@aaron-prindle aaron-prindle mentioned this issue Jan 9, 2023
Closed
@aaron-prindle
Copy link
Contributor

I have attempted to fix this by adding an availableSecrets field to Skaffold that is passed through to the gcb builder in this in the PR here:
#8307

I will update the thread here with the PR's status

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/build build/gcb build/kaniko kind/feature-request priority/p2 May take a couple of releases
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add availableSecrets field to skaffold.yaml which is passed to gcb aaron-prindle/skaffold
6 participants
@aaron-prindle @dimovnike @nkubala @gsquared94 @lukepon @ericzzzzzzz