Provide a Helm chart for SecretsManager deployment

[fllaca]

Include (inside a deployment/ folder, according to the recommendations in golang-standards/project-layout) a Helm Chart that installs SecretsManager in K8s.

[TommyLike]

how does this go on? Almost one year has passed

[smark88]

I made my own here.

• https://github.com/broadinstitute/datarepo-helm/tree/master/charts/install-secrets-manager

You will still need to provide your own image. Which can be over written here.

  repository: gcr.io/broad-jade-dev/secrets-manager
  version: v1.0.2

I also created a secret creation chart here.

• https://github.com/broadinstitute/datarepo-helm/tree/master/charts/create-secret-manager-secret.

These are all first passes and may not include all args and env vars.

[jkirkham-ratehub]

I created a Helm chart for Secrets-Manager and we have been using it in production for several months without issues.
https://github.com/jkirkham-ratehub/secrets-manager/tree/add_helm_chart

I can create a PR to merge this into this repo if you want. Let me know.

[a-thorat]

@jkirkham-ratehub @eduardogr

I created a Helm chart for Secrets-Manager and we have been using it in production for several months without issues. https://github.com/jkirkham-ratehub/secrets-manager/tree/add_helm_chart

I can create a PR to merge this into this repo if you want. Let me know.

---

I tried to use same steps what you used here to prepare latest chart version from tag v2.1.0. But i am facing issue after deployment,
Error: Failed to render chart: exit status 1: Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(SecretDefinition): unknown field "type" in io.tuenti.secrets-manager.v1alpha1.SecretDefinition

i am preparing chart using kustomize build config/default -o /temp/
Here is generated crd file

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: secretdefinitions.secrets-manager.tuenti.io
spec:
group: secrets-manager.tuenti.io
names:
kind: SecretDefinition
listKind: SecretDefinitionList
plural: secretdefinitions
singular: secretdefinition
scope: Namespaced
versions:

• name: v1alpha1
  schema:
  openAPIV3Schema:
  description: SecretDefinition is the Schema for the secretdefinitions API
  properties:
  apiVersion:
  description: 'APIVersion defines the versioned schema of this representation
  of an object. Servers should convert recognized schemas to the latest
  internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  type: string
  kind:
  description: 'Kind is a string value representing the REST resource this
  object represents. Servers may infer this from the endpoint the client
  submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  type: string
  metadata:
  type: object
  spec:
  description: SecretDefinitionSpec defines the desired state of SecretDefinition
  properties:
  keysMap:
  additionalProperties:
  description: DataSource represents the actual source of truth path
  for a secret
  properties:
  encoding:
  description: Encoding type for the secret. Only base64 supported.
  Optional
  type: string
  key:
  description: Key where the actual secret is stored
  type: string
  path:
  description: Path to the actual secret
  type: string
  required:
  - key
  - path
  type: object
  type: object
  name:
  description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
  Important: Run "make" to regenerate code after modifying this file'
  type: string
  type:
  type: string
  required:
  - keysMap
  - name
  type: object
  status:
  description: SecretDefinitionStatus defines the observed state of SecretDefinition
  type: object
  type: object
  served: true
  storage: true
  status:
  acceptedNames:
  kind: ""
  plural: ""
  conditions: []
  storedVersions: []

---

Could you provide me any direction on it?

[a-thorat]

@jkirkham-ratehub @eduardogr

I created a Helm chart for Secrets-Manager and we have been using it in production for several months without issues. https://github.com/jkirkham-ratehub/secrets-manager/tree/add_helm_chart
I can create a PR to merge this into this repo if you want. Let me know.

I tried to use same steps what you used here to prepare latest chart version from tag v2.1.0. But i am facing issue after deployment, Error: Failed to render chart: exit status 1: Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(SecretDefinition): unknown field "type" in io.tuenti.secrets-manager.v1alpha1.SecretDefinition

i am preparing chart using kustomize build config/default -o /temp/

Here is generated crd file
apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: secretdefinitions.secrets-manager.tuenti.io spec: group: secrets-manager.tuenti.io names: kind: SecretDefinition listKind: SecretDefinitionList plural: secretdefinitions singular: secretdefinition scope: Namespaced versions:

• name: v1alpha1
  schema:
  openAPIV3Schema:
  description: SecretDefinition is the Schema for the secretdefinitions API
  properties:
  apiVersion:
  description: 'APIVersion defines the versioned schema of this representation
  of an object. Servers should convert recognized schemas to the latest
  internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  type: string
  kind:
  description: 'Kind is a string value representing the REST resource this
  object represents. Servers may infer this from the endpoint the client
  submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  type: string
  metadata:
  type: object
  spec:
  description: SecretDefinitionSpec defines the desired state of SecretDefinition
  properties:
  keysMap:
  additionalProperties:
  description: DataSource represents the actual source of truth path
  for a secret
  properties:
  encoding:
  description: Encoding type for the secret. Only base64 supported.
  Optional
  type: string
  key:
  description: Key where the actual secret is stored
  type: string
  path:
  description: Path to the actual secret
  type: string
  required:
  • key
  • path
    type: object
    type: object
    name:
    description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
    Important: Run "make" to regenerate code after modifying this file'
    type: string
    type:
    type: string
    required:
  • keysMap
  • name
    type: object
    status:
    description: SecretDefinitionStatus defines the observed state of SecretDefinition
    type: object
    type: object
    served: true
    storage: true
    status:
    acceptedNames:
    kind: ""
    plural: ""
    conditions: []
    storedVersions: []

Could you provide me any direction on it?

---

Was able to resolve issue after removing type from SecretsDefinition file

[TommyLike]

@a-thorat is it related to the version of your kubernetes cluster?

[a-thorat]

@TommyLike

@a-thorat is it related to the version of your kubernetes cluster?

Thanks for your response. No it was not related to kubernetes cluster version. Found issue in one of SecretDefiniation file where Secret type was mentioned explicitly as Opaque. After removing it everything seems to be working.