Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/azure/k8s-create-secret

GitHub Action to create Kubernetes cluster secrets
https://github.com/azure/k8s-create-secret

action actions aks azure github-action github-actions kubernetes secrets

Last synced: about 1 month ago
JSON representation

GitHub Action to create Kubernetes cluster secrets

Host: GitHub
URL: https://github.com/azure/k8s-create-secret
Owner: Azure
License: mit
Created: 2019-09-04T10:25:10.000Z (about 5 years ago)
Default Branch: main
Last Pushed: 2024-09-30T22:45:50.000Z (about 2 months ago)
Last Synced: 2024-10-05T18:32:20.690Z (about 1 month ago)
Topics: action, actions, aks, azure, github-action, github-actions, kubernetes, secrets
Language: TypeScript
Homepage:
Size: 24.3 MB
Stars: 35
Watchers: 17
Forks: 31
Open Issues: 8
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md

Awesome Lists containing this project

README

# Kubernetes create secret

Create a [generic secret or docker-registry secret](https://kubernetes.io/docs/concepts/configuration/secret/) in Kubernetes cluster, replacing the secret if it already exists.

The secret will be created in the cluster context which was set earlier in the workflow by using either [`azure/aks-set-context`](https://github.com/Azure/aks-set-context/tree/master) or [`azure/k8s-set-context`](https://github.com/Azure/k8s-set-context/tree/master)

Refer to the action metadata file for details about all the inputs https://github.com/Azure/k8s-create-secret/blob/master/action.yml

For `docker-registry` type secrets, the fields `.dockercfg` or `.dockerconfigjson` can be supplied in plaintext on the `string-data` JSON object, or base64 encoded on the `data` JSON object as included in the [docker-config-secrets](https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets) section.

## Sample workflow for docker-registry secret (imagepullsecret, stringData)

```yaml
# File: .github/workflows/workflow.yml

on: push

jobs:
example-job:
runs-on: ubuntu-latest
steps:
- name: Set imagePullSecret
uses: azure/k8s-create-secret@v4
with:
namespace: 'myapp'
secret-name: 'contoso-cr'
container-registry-url: 'containerregistry.contoso.com'
container-registry-username: ${{ secrets.REGISTRY_USERNAME }}
container-registry-password: ${{ secrets.REGISTRY_PASSWORD }}
id: create-secret
```

## Sample workflow for generic secret (base64 data)

```yaml
# File: .github/workflows/workflow.yml

on: push

jobs:
example-job:
runs-on: ubuntu-latest
steps:
- uses: azure/k8s-create-secret@v2
with:
namespace: 'default'
secret-type: 'generic'
secret-name: azure-storage
data: ${{ secrets.AZURE_STORAGE_ACCOUNT_DATA }}
```

### Alternative for Container Registry Secrets

Get the username and password of your container registry and create secrets for them. For Azure Container registry refer to **admin [account document](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication#admin-account)** for username and password.

For creating docker-registery secrets, [kubectl can generate the JSON](https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets)

```
kubectl create secret docker-registry secret-tiger-docker \
--docker-username=tiger \
--docker-password=pass113 \
[email protected] \
--docker-server=my-registry.example:5000
```

Example output:

```
{
"apiVersion": "v1",
"data": {
".dockerconfigjson": "eyJhdXRocyI6eyJteS1yZWdpc3RyeTo1MDAwIjp7InVzZXJuYW1lIjoidGlnZXIiLCJwYXNzd29yZCI6InBhc3MxMTMiLCJlbWFpbCI6InRpZ2VyQGFjbWUuY29tIiwiYXV0aCI6ImRHbG5aWEk2Y0dGemN6RXhNdz09In19fQ=="
},
"kind": "Secret",
"metadata": {
"creationTimestamp": "2021-07-01T07:30:59Z",
"name": "secret-tiger-docker",
"namespace": "default",
"resourceVersion": "566718",
"uid": "e15c1d7b-9071-4100-8681-f3a7a2ce89ca"
},
"type": "kubernetes.io/dockerconfigjson"
}
```

# Testing

Unit tests are run with [jest](https://jestjs.io/) with [ts-jest](https://www.npmjs.com/package/ts-jest) and can be found in the `./test` directory

Integration tests use [Minikube](https://minikube.sigs.k8s.io/docs/) and are executed within workflows in `./github/workflows`

# Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [[email protected]](mailto:[email protected]) with any additional questions or comments.

## Support

k8s-create-secret is an open source project that is [**not** covered by the Microsoft Azure support policy](https://support.microsoft.com/en-us/help/2941892/support-for-linux-and-open-source-technology-in-azure). [Please search open issues here](https://github.com/Azure/k8s-create-secret/issues), and if your issue isn't already represented please [open a new one](https://github.com/Azure/k8s-create-secret/issues/new/choose). The project maintainers will respond to the best of their abilities.