Skip to content

Commit

Permalink
chore: revert secret management doc
Browse files Browse the repository at this point in the history
  • Loading branch information
adityathebe committed Oct 9, 2024
1 parent 9a4d5ed commit 6c796b9
Show file tree
Hide file tree
Showing 3 changed files with 101 additions and 20 deletions.
99 changes: 90 additions & 9 deletions canary-checker/docs/concepts/secret-management.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,20 @@ Avoid inlining secrets, use `valueFrom` and <CommonLink to="authentication">EnvV

Using a HTTP health check as an example for static values:

```yaml title="http-basic-auth.yaml" file=../../../modules/canary-checker/fixtures/minimal/http_auth_static_pass.yaml

```yaml title="http-basic-auth-static.yaml"
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: http-basic-auth
spec:
http:
- url: https://httpbin.org/basic-auth/hello/world
responseCodes: [200]
authentication:
username:
value: hello
password:
value: world
```
## Configmaps
Expand All @@ -33,8 +45,26 @@ To use a configmap, we first need to create the configmap:
kubectl create configmap basic-auth --from-literal=user=hello --from-literal=pass=world -n default
```

```yaml title="http-basic-auth.yaml" file=../../../modules/canary-checker/fixtures/minimal/http_auth_from_config_map.yaml

```yaml title="http-basic-auth-configmap.yaml"
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: http-basic-auth-configmap
spec:
http:
- url: https://httpbin.org/basic-auth/hello/world
responseCodes: [200]
authentication:
username:
valueFrom:
configMapKeyRef:
name: basic-auth
key: user
password:
valueFrom:
configMapKeyRef:
name: basic-auth
key: pass
```
## Secrets
Expand All @@ -45,8 +75,24 @@ To use a secret, first we create the secret:
kubectl create secret generic basic-auth --from-literal=user=hello --from-literal=pass=world -n default
```

```yaml title="http-basic-auth.yaml" file=../../../modules/canary-checker/fixtures/minimal/http_auth_from_secret.yaml

```yaml title="http-basic-auth-secret.yaml"
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: http-basic-auth-configmap
spec:
http:
- url: https://httpbin.demo.aws.flanksource.com/basic-auth/hello/world
username:
valueFrom:
secretKeyRef:
name: basic-auth
key: user
password:
valueFrom:
secretKeyRef:
name: basic-auth
key: pass
```
## Helm Values
Expand All @@ -57,15 +103,50 @@ To use a secret, first we deploy a helm chart
helm install podinfo podinfo/podinfo -n podinfo --set ingress.enabled=true
```

```yaml title="http-from-helm.yaml" file=../../../modules/canary-checker/fixtures/minimal/http_auth_from_helm_ref.yaml

```yaml title="http-from-helm.yaml"
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: http-from-helm
spec:
http:
- env:
- name: url
valueFrom:
helmRef:
name: podinfo
key: .ingress.hosts[0].host

url: $(url)
```
## Service Accounts
Checks can use service accounts for authentication with external services that have existing trust established
```yaml title="http-service-accounts.yaml" file=../../../modules/canary-checker/fixtures/minimal/http_auth_from_service_account.yaml
```yaml title="http-service-accounts.yaml"
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: http-basic-auth-configmap
spec:
http:

interval: 30
http:
- name: vault-example-sre
description: "HashiCorp Vault functionality check."
url: https://vault.example/v1/auth/kubernetes/login
env:
- name: TOKEN
valueFrom:
serviceAccount: default-account
templateBody: true
body: |
{
"jwt": "$(TOKEN)",
"role": "example-role"
}
```
Expand Down
1 change: 0 additions & 1 deletion mission-control/docs/config-db/concepts/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ sidebar_position: 3
title: Concepts
---


import DocCardList from '@theme/DocCardList';

<DocCardList />
21 changes: 11 additions & 10 deletions mission-control/docs/config-db/scrapers/azure-devops.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -25,16 +25,17 @@ Each time the pipeline is run it will create a change for that configuration ite

### AzureDevops

| Field | Description | Scheme | Required |
| --------------------- | --------------------------------------------------------------------- | ------------------------------------------------ | -------- |
| `connection` | Connection to use for azure devops credential | `string` | |
| `organization` | Specifies the name of the Azure DevOps organization to scrape | `string` | |
| `personalAccessToken` | Specifies the personal access token to authenticate with Azure DevOps | <CommonLink to="secrets">[]_EnvVar_</CommonLink> | |
| `projects` | Specifies the Azure DevOps projects to scrape | `[]string` | `true` |
| `pipelines` | Specifies the Azure DevOps pipelines to scrape | `[]string` | `true` |
| `properties` | Custom templatable properties for the scraped config items. | [`[]ConfigProperty`](/reference/config-db/properties) | |
| `transform` | Field to transform result | [`Transform`](/config-db/concepts/transform) | |
| `tags` | Set custom tags on the scraped config items | `map[string]string` | |
| Field | Description | Scheme | Required |
| --------------------- | --------------------------------------------------------------------- | ----------------------------------------------------- | -------- |
| `connection` | Connection to use for azure devops credential | `string` | |

Check failure on line 30 in mission-control/docs/config-db/scrapers/azure-devops.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] mission-control/docs/config-db/scrapers/azure-devops.mdx#L30

[Flanksource.Spelling] Is 'devops' spelled correctly? Is it missing code formatting?
Raw output
{"message": "[Flanksource.Spelling] Is 'devops' spelled correctly? Is it missing code formatting?", "location": {"path": "mission-control/docs/config-db/scrapers/azure-devops.mdx", "range": {"start": {"line": 30, "column": 55}}}, "severity": "ERROR"}
| `organization` | Specifies the name of the Azure DevOps organization to scrape | `string` | |
| `personalAccessToken` | Specifies the personal access token to authenticate with Azure DevOps | <CommonLink to="secrets">[]_EnvVar_</CommonLink> | |
| `projects` | Specifies the Azure DevOps projects to scrape | `[]string` | `true` |
| `pipelines` | Specifies the Azure DevOps pipelines to scrape | `[]string` | `true` |
| `properties` | Custom templatable properties for the scraped config items. | [`[]ConfigProperty`](/reference/config-db/properties) | |
| `transform` | Field to transform result | [`Transform`](/config-db/concepts/transform) | |
| `tags` | Set custom tags on the scraped config items | `map[string]string` | |


:::note
Either the connection name or the credentials (organization & personalAccessToken) are required
Expand Down

0 comments on commit 6c796b9

Please sign in to comment.