fluxcd
/
kustomize-controller
mirror of https://github.com/fluxcd/kustomize-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SOPS: Document env secret generator 

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan 2021-10-19 09:56:07 +03:00
parent 5ab853d822
commit 95dca0feb6
No known key found for this signature in database
GPG Key ID: 3299AEB0E4085BAF
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
docs/spec/v1beta2/kustomization.md
View File

@ -994,6 +994,35 @@ The kustomize-controller scans the values of Kubernetes Secrets, and when it
detects that the values are SOPS encrypted, it decrypts them before applying
them on the cluster.
For secrets in `.json`, `.yaml` and `.env` format, make sure you specify the input type when encrypting them with sops:
```sh
cat config.json | sops -e --input-type=json > config.json.encrypted
cat config.yaml | sops -e --input-type=yaml > config.yaml.encrypted
cat config.env | sops -e --input-type=env > config.env.encrypted
```
For kustomize-controller to be able to decrypt a JSON config, you need to set the file extension to `.json`:
```yaml
kind: Kustomization
secretGenerator:
- name: config
files:
- config.json=config.json.encrypted
```
For dotenv files, use the `envs` directive and set the file extension to `.env`:
```yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
- name: config
envs:
- config.env=config.env.encrypted
```
## Status
When the controller completes a Kustomization apply, reports the result in the `status` sub-resource.