-
Notifications
You must be signed in to change notification settings - Fork 818
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
infra/gcp: manage more secrets via bash #2078
infra/gcp: manage more secrets via bash #2078
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: spiffxp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold |
Specfically ensure_secret_with_admins, ensure_secret_labels
ensure_e2e_project could use some work but this is enough to break up the structure and address shellcheck nits
c037ab8
to
e8fea9f
Compare
/hold cancel Changes in here have already been applied, the only thing that doesn't show up in the latest audit PR is the new group since that was too recent. |
/lgtm |
# Eventually we would like to use kubernetes-external-secrets to manage | ||
# all secrets in aaa; not sure how far we are on that. So for now, at least | ||
# ensure that the existing kubernetes-public secrets created for humans | ||
# to manually sync into the aaa cluster are managed by this script. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@spiffxp kubernetes-external-secrets is up and running. Before we switch to ExternalSecret
, for each secret created in kubernetes-public we need to add a new version containing only the value of the data
field instead of the whole Kubernetes Secret.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I opened #2091, I couldn't find an umbrella issue for this at a glance but may have missed it
Related to : #516 |
This addresses a lot of #1731
And is motivated by kubernetes/test-infra#22293 and kubernetes/test-infra#22298. I'd like to get kubernetes-external-secrets up and running on k8s-infra-prow-build trusted, we're behind the way things are now done for prow.k8s.io