Adding Kubernetes Secret mapping documentation. #178
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
Hello thank you for the contribution! I left a few comments if you're still interested in updating the PR. Sorry that it took so long to review! |
| A particular use case for this plugin is to manage and map to Kubernetes secrets. Below is an example of how to set up a `SecretsProviderClass` to do so: | ||
|
|
||
| ```yaml | ||
| apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 |
There was a problem hiding this comment.
secrets-store.csi.x-k8s.io/v1 is preferred to the v1alpha1 version
| parameters: | ||
| secrets: | | ||
| - resourceName: "projects/core-workshop/secrets/cbci-workshop-token/versions/latest" | ||
| fileName: "token" |
There was a problem hiding this comment.
path is preferred to fileName
(they both work but the reasoning is that in #136 we added the ability to have nested paths instead of just single level of files)
| fileName: "token" | ||
| ``` | ||
|
|
||
| Note that the `secretObject.data.objectName` must match the fileName of the secret. |
There was a problem hiding this comment.
maybe like[].path of the secret. to be more clear that its that field in the yaml
It took me a while to figure out how to actually do mapping to K8s secrets using this plugin. I eventually found the issue that outlines how to do so. It may be useful to add this to the docs.