Kustomize plugin to load secrets from Secret Manager
Install the plugin where kustomize can find it, see the documentation.
Add a the generator to your kustomization.yaml:
resources:
- ...
generators:
- my-secret.yamlCreate my-secret.yaml:
apiVersion: github.com/julienp
kind: SecretManager
metadata:
name: the-secret
secrets:
- name: some_database_password # The name as specified in Google Secrets manager
- name: another_secret
key: ANOTHER_SECRET # optional, the key to use in the k8s SecretProvide PROJECT_ID as env variable when running kustomize:
make build
PROJECT_ID=<my project id> KUSTOMIZE_PLUGIN_HOME=`pwd`/bin kustomize build --enable_alpha_plugins ./exampleDRY_RUN as env variable to mock the creation of secrets, useful if we don't want this plugin to hit secrets manager.
make build
DRY_RUN=1 PROJECT_ID=<my project id> KUSTOMIZE_PLUGIN_HOME=`pwd`/bin kustomize build --enable_alpha_plugins ./exampleThis will generate the following secret:
apiVersion: v1
kind: Secret
metadata:
name: the-secret
type: Opaque
data:
some_database_password: <value>
ANOTHER_SECRET: <value>