autosecret is a tool running in docker/k8s(recommend).
It will helps Kubernetes operator to create Secrets via config.json when someone creates Namespaces, and support multiple secrets in one Namespace
Required
Kubernetes Cluster
config.json
RBAC and serviceAccount
kubeconfig
K8s
kubectl apply -f https://raw.githubusercontent.com/winewei/autosecret/master/all-in-one.yaml
Local
docker-compose up
Full config config.json
{
"matchRole": "project-.*-staging",
"secrets": [
{
"name": "mysqluser",
"type": "Opaque",
"data": {
"username": "root",
"password": "mypassword"
}
},
{
"name": "ali-docker-user",
"type": "kubernetes.io/dockerconfigjson",
"overwrite": true,
"data": {
".dockerconfigjson": {
"auths": {
"registry.cn-hongkong.aliyuncs.com": {
"Username": "alidockeruser",
"Password": "123456",
"Email": "test@test.com"
},
"registry.cn-shenzhen.aliyuncs.com": {
"Username": "alidockeruser2",
"Password": "7890123",
"Email": "test@test.com"
}
}
}
}
}
]
}
-
support
Opaque{ "name": "mysqluser", "type": "Opaque", "data": { "username": "root", "password": "mypassword" } } -
support
docker-registry{ "name": "ali-docker-user", "type": "kubernetes.io/dockerconfigjson", "overwrite": true, "data": { ".dockerconfigjson": { "auths": { "registry.cn-hongkong.aliyuncs.com": { "Username": "alidockeruser", "Password": "123456", "Email": "test@test.com" }, "registry.cn-shenzhen.aliyuncs.com": { "Username": "alidockeruser2", "Password": "7890123", "Email": "test@test.com" } } } } } -
params
-
matchRolesetting namespaces match role syntax
"matchRole": "project-.*-staging" -
namesecret name -
overwrite- if
true, autosecret will delete old secret and create a new in namespace - if
false, autosecret will skip old secret - usual uses in clusters has been created many projects(or namespace)
- if
-
typesupportOpaqueandkubernetes.io/dockerconfigjson
-
-
docker
- pristtlt/autosecret:v1.0
- aliyun hk public repo: registry.cn-hongkong.aliyuncs.com/sync-dockerimage/autosecret:v1.0