From 5d796ead758c760a24aab8bf15445430155b7428 Mon Sep 17 00:00:00 2001 From: Jeremy Facchetti Date: Fri, 28 Jun 2024 15:36:46 +0200 Subject: [PATCH 1/3] added docs for external secret operator plugin --- .../external-secret-operator/plugin.mdx | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 vcluster/integrations/external-secret-operator/plugin.mdx diff --git a/vcluster/integrations/external-secret-operator/plugin.mdx b/vcluster/integrations/external-secret-operator/plugin.mdx new file mode 100644 index 000000000..46f49a612 --- /dev/null +++ b/vcluster/integrations/external-secret-operator/plugin.mdx @@ -0,0 +1,72 @@ +--- +title: External Secret Operator plugin +sidebar_label: External Secret Operator +sidebar_position: 3 +sidebar_class_name: pro +--- + +import ProAdmonition from '@site/vcluster/_partials/admonitions/pro-admonition.mdx' + + + +This documents the use of the External Secret Operator (ESO) plugin for vCluster. +This plugin allows you to mutualise the host cluster's external secret operator, and seamlessly use existing stores inside virtual clusters. + +## Prerequisites + +Before proceeding, ensure you have the following: +- Kubernetes CLI (kubectl) installed and configured +- Helm 3.x installed +- Access to two Kubernetes clusters (one for the control plane and one for the workloads), with ESO installed +- Basic familiarity with Kubernetes concepts like namespaces, contexts, and YAML configurations + +## Part 1: Deploy ESO on the host cluster. + +To install ESO on your kubernetes cluster, you can run + +```shell +helm repo add external-secrets https://charts.external-secrets.io + +helm install external-secrets \ + external-secrets/external-secrets \ + -n external-secrets \ + --create-namespace +``` + +or follow the steps from ESO documentation [here](https://external-secrets.io/latest/introduction/getting-started/) + +## Part 2: Create your virtual cluster using the ESO plugin +Once the operator is installed, you can create a virtual cluster using the following `vcluster.yaml` file. + +```yaml +plugins: + eso: + image: ghcr.io/loft-sh/eso-plugin + rbac: + role: + extraRules: + - apiGroups: ["external-secrets.io"] + resources: ["*"] + verbs: ["create", "delete", "patch", "update", "get", "list", "watch"] + clusterRole: + extraRules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: ["external-secrets.io"] + resources: ["clustersecretstores"] + verbs: ["get", "list", "watch"] +# Make sure the cluster role is enabled or otherwise the plugin won't be able to watch custom +# resource definitions. +rbac: + clusterRole: + enabled: true +``` + +and then run `vcluster create my-vcluster -f vcluster.yaml` + +## Part 3: Configuration + +Once your virtual cluster is up and running, the plugin should have installed the relevant CRDs, and synchronized ClusterSecretStores into your virtual cluster. + +To add namespaced SecretStores into your virtual cluster, you will have to chose whether you want them to be converted into ClusterSecretStores inside the virtual cluster, or put into specific namespaces. To add a namespaced store as a ClusterSecretStore, just add the following annotation to it `loft.sh/convert-to-cluster-store: `. To add it to multiple namespaces as namespaced stores, add the following annotation `loft.sh/to-namespaces: ,`, the value of the annotation being a comma separated list of destination namespaces. The two annotations are mutually exclusive, and the cluster store annotation will have precedence over namespaced one. From 6fdc6b1299069e46f1245e8ef0f5588de7ccf6b7 Mon Sep 17 00:00:00 2001 From: Jeremy Facchetti Date: Fri, 28 Jun 2024 15:41:58 +0200 Subject: [PATCH 2/3] renamed directory as it translated to a category --- .../{external-secret-operator => enterprise plugins}/plugin.mdx | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vcluster/integrations/{external-secret-operator => enterprise plugins}/plugin.mdx (100%) diff --git a/vcluster/integrations/external-secret-operator/plugin.mdx b/vcluster/integrations/enterprise plugins/plugin.mdx similarity index 100% rename from vcluster/integrations/external-secret-operator/plugin.mdx rename to vcluster/integrations/enterprise plugins/plugin.mdx From e300335aac17ea9156c060300a1f26e5d9c1bfb6 Mon Sep 17 00:00:00 2001 From: Jeremy Facchetti Date: Fri, 28 Jun 2024 15:46:18 +0200 Subject: [PATCH 3/3] now use config file --- vcluster/integrations/enterprise-plugins/_category_.json | 6 ++++++ .../{enterprise plugins => enterprise-plugins}/plugin.mdx | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 vcluster/integrations/enterprise-plugins/_category_.json rename vcluster/integrations/{enterprise plugins => enterprise-plugins}/plugin.mdx (97%) diff --git a/vcluster/integrations/enterprise-plugins/_category_.json b/vcluster/integrations/enterprise-plugins/_category_.json new file mode 100644 index 000000000..6210a01d7 --- /dev/null +++ b/vcluster/integrations/enterprise-plugins/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Enterprise Plugins", + "position": "3", + "collapsible": true, + "collapsed": false + } \ No newline at end of file diff --git a/vcluster/integrations/enterprise plugins/plugin.mdx b/vcluster/integrations/enterprise-plugins/plugin.mdx similarity index 97% rename from vcluster/integrations/enterprise plugins/plugin.mdx rename to vcluster/integrations/enterprise-plugins/plugin.mdx index 46f49a612..5bbecd0a6 100644 --- a/vcluster/integrations/enterprise plugins/plugin.mdx +++ b/vcluster/integrations/enterprise-plugins/plugin.mdx @@ -1,7 +1,7 @@ --- title: External Secret Operator plugin -sidebar_label: External Secret Operator -sidebar_position: 3 +sidebar_label: External Secret Operator plugin +sidebar_position: 1 sidebar_class_name: pro ---