Integration with External Secrets Operator #170
Comments
|
Solution sketch: In the template that creates the Secret resource for the admin password ( That way, the generated Secret is only created if the existing secret isn't defined. In the controller chart's values.yaml file, add an empty value like https://github.com/openziti/helm-charts/blob/main/charts/ziti-host/values.yaml#L25 with a documentation comment above it like Finally, wrap each reference to the Secret resource with an "-admin-secret" suffix in the same conditional, using the existing secret if defined, else the generate secret. The only template that contains this string is the deployment: https://github.com/openziti/helm-charts/blob/main/charts/ziti-controller/templates/deployment.yaml#L41 |
As we want to define the admin credentials for the OpenZiti controller in AWS Secret Manager and sync them to EKS using the ESO, we need an option to specify the name of the secret, which the helm chart should refer to for the admin credentials - instead of creating the secret on its own.
In general we favor the approach of generating secrets out of the cluster with cryptographically secure password generators - like using the AWS Secret Managers https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetRandomPassword.html method :)
The text was updated successfully, but these errors were encountered: