Author: Nick Santos
Helper functions for creating Kubernetes secrets.
secret_yaml_generic(
name: str,
namespace: str = "",
from_file: str | list[str] = None,
secret_type: str = None,
from_env_file: str = None
) -> Blob
Returns YAML for a generic secret.
Equivalent to kubectl create secret generic -o=yaml --dry-run=client
name
( str ) - Secret name.namespace
( str ) - Secret namespace.from_file
( str | list[str] ) – Populate secret from a file path or multiple file paths.secret_type
( str ) - The type of secret to create.from_env_file
( str ) – Specify the path to a file to read lines ofkey=val
pairs to create a secret.
secret_create_generic(
name: str,
namespace: str = "",
from_file: str | list[str] = None,
secret_type: str = None,
from_env_file: str = None
) -> None
Deploys a secret to the cluster. Equivalent to:
load('ext://secret', 'secret_yaml_generic')
k8s_yaml(secret_yaml_generic(...))
Arguments are the same as secret_yaml_generic
.
secret_from_dict(
name: str,
namespace: str = "",
inputs: dict[str, Any] = {}
) -> Blob
Returns YAML for a secret from a dictionary. Equivalent to kubectl create secret generic --from-literal=key=value
name
( str ) - Secret name.namespace
( str ) - Secret namespace.inputs
( dict ) - A dictionary of keys and values to use. Nesting is not supported.
secret_yaml_registry(
name: str,
namespace: str = "",
flags_dict: dict = {}
) -> Blob
Returns YAML for a docker-registry
type secret. Equivelent to kubectl create secret docker-registry
.
name
( str ) - Secret name.namespace
( str ) - Secret namespace.flags_dict
( dict ) - A dictionary of keys and values to be passed to the command as flags (--key=value
).
secret_yaml_tls(
name: str,
cert: str,
key: str,
namespace: str = ""
) -> Blob
Returns YAML for a TLS secret. Equivalent to kubectl create secret tls
.
name
( str ) - Secret name.cert
( str ) - Path to PEM encoded public key certificate.key
( str ) - Path to private key associated with given certificate.namespace
( str ) - Secret namespace.
secret_create_tls(
name: str,
cert: str,
key: str,
namespace: str = ""
) -> None
Deploys a TLS secret to the cluster. Equivalent to
load('ext://secret', 'secret_yaml_tls')
k8s_yaml(secret_yaml_tls(...))
Arguments are the same as secret_yaml_tls
.
secret_yaml_docker_registry(
name: str,
username: str,
password: str,
server: str = "",
namespace: str = ""
) -> Blob
Returns YAML for a Docker Registry secret.
secret_create_docker_registry(
name: str,
username: str,
password: str,
server: str = "",
namespace: str = ""
) -> Blob
Deploys a Docker Registry secret to the cluster.
secret_yaml_docker_registry_ecr(
name: str,
account_id: str = "",
region: str = "",
namespace: str = ""
) -> Blob
Returns YAML for an ECR Docker Registry secret.
Auto-detects the default AWS account and region when not specified.
secret_create_docker_registry_ecr(
name: str,
account_id: str = "",
region: str = "",
namespace: str = ""
) -> Blob
Deploys an ECR Docker Registry secret to the cluster.
Auto-detects the default AWS account and region when not specified.
load('ext://secret', 'secret_create_generic')
secret_create_generic('pgpass', from_file='.pgpass=./.pgpass')
load('ext://secret', 'secret_create_generic')
secret_create_generic('gcp-key', from_file='key.json=./gcp-creds.json')
load('ext://secret', 'secret_from_dict')
k8s_yaml(secret_from_dict("secrets", inputs = {
'SOME_TOKEN' : os.getenv('SOME_TOKEN')
}))
k8s_yaml(registry_secret("artifact-registry", flags_dict = {
'docker-server': 'registry_hostname',
'docker-username': '_json_key',
'docker-email': 'test@test.com,
'docker-password': read_file(service-account.json')
}))
Check out mkcert
for generating HTTPS certs for localhost.
load('ext://secret', 'secret_create_tls')
cert_file='./.secrets/cert.pem'
key_file='./.secrets/key.pem'
secret_create_tls('subdomain-localhost', cert=cert_file, key=key_file)
- This extension doesn't do any validation to confirm that names or namespaces are valid.