-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add charts to dockhand-secrets-operator repo
Signed-off-by: Matthew DeVenny <[email protected]>
- Loading branch information
1 parent
150da07
commit 3e3ae2a
Showing
17 changed files
with
746 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,6 +2,9 @@ name: docker | |
|
|
||
| on: | ||
| push: | ||
| paths: | ||
| - '**' | ||
| - '!charts/**' | ||
| branches: | ||
| - master | ||
| tags: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| # based on: https://github.com/helm/charts-repo-actions-demo/blob/main/.github/workflows/release.yaml | ||
| name: helm | ||
|
|
||
| on: | ||
| push: | ||
| paths: | ||
| - 'charts/**' | ||
| branches: | ||
| - master | ||
|
|
||
| jobs: | ||
| helm: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Configure Git | ||
| run: | | ||
| git config user.name "$GITHUB_ACTOR" | ||
| git config user.email "[email protected]" | ||
| - name: Set up Helm | ||
| uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 | ||
| with: | ||
| version: v3.11.2 | ||
|
|
||
| - name: Run chart-releaser | ||
| uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 | ||
| with: | ||
| charts_dir: charts | ||
| config: charts/cr.yaml | ||
| env: | ||
| CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| # https://github.com/helm/chart-releaser#config-file | ||
| pages-branch: gh-pages | ||
| pages-index-path: charts/index.yaml | ||
| skip-existing: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| apiVersion: v2 | ||
| name: dockhand-secrets-operator-crd | ||
| description: A Helm chart to install the dockhand-secrets-operator CRDs | ||
| version: 1.1.6 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| # dockhand-secrets-operator-crd | ||
| Installs the CRDs required for the [dockhand-secrets-operator](https://github.com/boxboat/dockhand-secrets-operator) | ||
|
|
||
| Read the [docs](https://secrets-operator.dockhand.dev) | ||
|
|
||
| ## Install Instructions | ||
| ``` | ||
| helm repo add dockhand https://boxboat.github.io/dockhand-charts | ||
| helm repo update | ||
| helm install --namespace dockhand-secrets-operator dockhand/dockhand-secrets-operator-crd | ||
| ``` |
176 changes: 176 additions & 0 deletions
176
charts/dockhand-secrets-operator-crd/templates/crd/profile-crd.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,176 @@ | ||
| --- | ||
| apiVersion: apiextensions.k8s.io/v1 | ||
| kind: CustomResourceDefinition | ||
| metadata: | ||
| name: profiles.dhs.dockhand.dev | ||
| labels: | ||
| app.kubernetes.io/name: profiles.dhs.dockhand.dev | ||
| spec: | ||
| group: dhs.dockhand.dev | ||
| scope: Namespaced | ||
| names: | ||
| plural: profiles | ||
| singular: profile | ||
| kind: Profile | ||
| shortNames: | ||
| - dhp | ||
| versions: | ||
| - name: v1alpha2 | ||
| served: true | ||
| storage: true | ||
| schema: | ||
| openAPIV3Schema: | ||
| type: object | ||
| properties: | ||
| awsSecretsManager: | ||
| type: object | ||
| description: |- | ||
| AWS Secrets Manager configuration to allow the Dockhand Secrets Operator | ||
| to retrieve Secrets from AWS. If no accessKeyId and secretAccessKey are provided | ||
| then chain credentials will be used. | ||
| allOf: | ||
| - required: | ||
| - region | ||
| properties: | ||
| cacheTTL: | ||
| type: string | ||
| default: 60s | ||
| description: |- | ||
| Duration to cache secret responses | ||
| region: | ||
| type: string | ||
| description: |- | ||
| AWS Region to retrieve secrets from | ||
| accessKeyId: | ||
| type: string | ||
| description: |- | ||
| AWS IAM Access Key | ||
| secretAccessKeyRef: | ||
| type: object | ||
| description: |- | ||
| Name of secret containing AWS IAM Secret Access Key in a key named AWS_SECRET_ACCES_KEY | ||
| properties: | ||
| name: | ||
| type: string | ||
| description: |- | ||
| Name of secret containing AWS IAM Secret Access Key | ||
| key: | ||
| type: string | ||
| description: |- | ||
| Key in the secret containing the AWS IAM Secret Access Key | ||
| azureKeyVault: | ||
| type: object | ||
| description: |- | ||
| Azure Key Vault configuration to allow the Dockhand Secrets Operator to retrieve Secrets from Azure | ||
| allOf: | ||
| - required: | ||
| - tenant | ||
| - keyVault | ||
| properties: | ||
| cacheTTL: | ||
| type: string | ||
| default: 60s | ||
| format: duration | ||
| description: |- | ||
| Duration to cache secret responses | ||
| tenant: | ||
| type: string | ||
| description: |- | ||
| Azure Tenant ID where the Key Vault resides | ||
| clientId: | ||
| type: string | ||
| description: |- | ||
| Azure Client ID to access the Key Vault | ||
| clientSecretRef: | ||
| type: object | ||
| description: |- | ||
| Reference to Azure Client Secret | ||
| properties: | ||
| name: | ||
| type: string | ||
| description: |- | ||
| Name of secret containing Azure Client Secret | ||
| key: | ||
| type: string | ||
| description: |- | ||
| Key in the secret containing the Azure Client Secret | ||
| keyVault: | ||
| type: string | ||
| description: |- | ||
| Name of Azure Key Vault to retrieve secrets from | ||
| gcpSecretsManager: | ||
| type: object | ||
| description: |- | ||
| Google Cloud Platform Secrets Manager Configuration to allow Dockhand Secrets Operator to retrieve secrets | ||
| from GCP. Authentication can be Application Default Credentials or by providing a key.json | ||
| properties: | ||
| cacheTTL: | ||
| type: string | ||
| default: 60s | ||
| description: |- | ||
| Duration to cache secret responses | ||
| project: | ||
| type: string | ||
| description: |- | ||
| The GCP Project to reference for this profile | ||
| credentialsFileSecretRef: | ||
| type: object | ||
| description: |- | ||
| Secret Reference containing JSON credentials file stored in a key named gcp-credentials.json | ||
| properties: | ||
| name: | ||
| type: string | ||
| description: |- | ||
| Name of secret containing GCP JSON Credentials | ||
| key: | ||
| type: string | ||
| description: |- | ||
| Key in the secret containing GCP JSON Credentials | ||
| vault: | ||
| type: object | ||
| description: |- | ||
| HashiCorp Vault Configuration to allow Dockhand Secrets Operator to retrieve secrets from Vault. Secrets | ||
| can be retrieved with either a roleId/secretId or with a Vault Token. | ||
| allOf: | ||
| - required: | ||
| - addr | ||
| properties: | ||
| cacheTTL: | ||
| type: string | ||
| default: 60s | ||
| description: |- | ||
| Duration to cache secret responses | ||
| addr: | ||
| type: string | ||
| description: |- | ||
| Vault Address e.g. http://vault:8200 | ||
| roleId: | ||
| type: string | ||
| description: |- | ||
| Vault Role ID | ||
| secretIdRef: | ||
| type: object | ||
| description: |- | ||
| Reference to secret containing the Vault secretId | ||
| properties: | ||
| name: | ||
| type: string | ||
| description: |- | ||
| Name of secret containing Vault secretId | ||
| key: | ||
| type: string | ||
| description: |- | ||
| Key in the secret containing Vault secretId | ||
| tokenRef: | ||
| type: object | ||
| description: |- | ||
| Reference to secret containing the Vault Token | ||
| properties: | ||
| name: | ||
| type: string | ||
| description: |- | ||
| Name of secret containing Vault Token | ||
| key: | ||
| type: string | ||
| description: |- | ||
| Key in the secret containing Vault Token |
125 changes: 125 additions & 0 deletions
125
charts/dockhand-secrets-operator-crd/templates/crd/secret-crd.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,125 @@ | ||
| --- | ||
| apiVersion: apiextensions.k8s.io/v1 | ||
| kind: CustomResourceDefinition | ||
| metadata: | ||
| name: secrets.dhs.dockhand.dev | ||
| labels: | ||
| app.kubernetes.io/name: secrets.dhs.dockhand.dev | ||
| spec: | ||
| group: dhs.dockhand.dev | ||
| scope: Namespaced | ||
| names: | ||
| plural: secrets | ||
| singular: secret | ||
| kind: Secret | ||
| shortNames: | ||
| - dhs | ||
| versions: | ||
| - additionalPrinterColumns: | ||
| - name: Secret | ||
| type: string | ||
| jsonPath: .secretSpec.name | ||
| - name: Status | ||
| type: string | ||
| jsonPath: .status.state | ||
| - name: Age | ||
| type: date | ||
| jsonPath: .metadata.creationTimestamp | ||
| name: v1alpha2 | ||
| served: true | ||
| storage: true | ||
| schema: | ||
| openAPIV3Schema: | ||
| type: object | ||
| properties: | ||
| profile: | ||
| type: object | ||
| description: |- | ||
| Profile to use for this secret | ||
| properties: | ||
| name: | ||
| type: string | ||
| description: |- | ||
| Name of Profile | ||
| namespace: | ||
| type: string | ||
| description: |- | ||
| Namespace of profile (optional) defaults to same namespace | ||
| syncInterval: | ||
| type: string | ||
| default: 0s | ||
| format: duration | ||
| description: |- | ||
| Specifies the time interval for polling the secrets backend for changes. | ||
| The default value of 0 indicates that no polling will occur and is the | ||
| default behavior prior to 1.1.0 release, in this case the operator will only query | ||
| the backend when a field in the Dockhand Secret CRD has been modified. | ||
| Valid time units are ns, µs (or us), ms, s, m, h, but must exceed 5s (when not 0). | ||
| Also note that the operator will not poll the backend more frequently than | ||
| the cacheTTL of the profile referenced by the Secret | ||
| secretSpec: | ||
| type: object | ||
| description: |- | ||
| Specification to use for creating the Kubernetes Secret | ||
| properties: | ||
| name: | ||
| type: string | ||
| description: |- | ||
| Name of the secret that will be created or updated with the processed contents of the data field. | ||
| type: | ||
| type: string | ||
| description: |- | ||
| Type of k8s secret to create Opaque, kubernetes.io/service-account-token, kubernetes.io/dockercfg, | ||
| kubernetes.io/dockerconfigjson, kubernetes.io/basic-auth, kubernetes.io/ssh-auth, kubernetes.io/tls | ||
| or bootstrap.kubernetes.io/token | ||
| labels: | ||
| type: object | ||
| nullable: true | ||
| description: |- | ||
| Optional additional labels to add to the secret managed by this Dockhand Secret | ||
| additionalProperties: | ||
| type: string | ||
| annotations: | ||
| type: object | ||
| nullable: true | ||
| description: |- | ||
| Optional additional annotations to add to the secret managed by this Dockhand Secret | ||
| additionalProperties: | ||
| type: string | ||
| status: | ||
| type: object | ||
| description: |- | ||
| Provides basic status for a Dockhand Secret | ||
| properties: | ||
| state: | ||
| type: string | ||
| description: |- | ||
| Ready, Pending or ErrApplied | ||
| observedAnnotationChecksum: | ||
| type: string | ||
| description: |- | ||
| Checksum of observed annotations | ||
| observedGeneration: | ||
| type: integer | ||
| description: |- | ||
| The last generation processed by the controller | ||
| observedSecretResourceVersion: | ||
| type: string | ||
| description: |- | ||
| The managed secret resource version last observed by the controller | ||
| syncTimestamp: | ||
| type: string | ||
| format: datetime | ||
| description: |- | ||
| Last time the secret was synced from the backend | ||
| data: | ||
| type: object | ||
| description: |- | ||
| Store arbitrary templated secret data here just as you would in a kubernetes configmap. | ||
| The dockhand-secrets-operator will retrieve the secrets from the secrets backend and create normal | ||
| kubernetes secrets for use by your application. Secrets should be templated using go templating with | ||
| alternative delimiters << >> rather than \{\{ \}\}. | ||
| additionalProperties: | ||
| type: string | ||
| subresources: | ||
| status: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| apiVersion: v2 | ||
| name: dockhand-secrets-operator | ||
| description: A Helm chart to install the dockhand-secrets-operator | ||
| type: application | ||
| version: 0.5.4 | ||
| appVersion: v1.1.6 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # dockhand-secrets-operator | ||
| Installs the [dockhand-secrets-operator](https://github.com/boxboat/dockhand-secrets-operator) | ||
|
|
||
| Read the [docs](https://secrets-operator.dockhand.dev) | ||
|
|
||
|
|
||
| ## Install Instructions | ||
| ``` | ||
| helm repo add dockhand https://boxboat.github.io/dockhand-charts | ||
| helm repo update | ||
| helm install --namespace dockhand-secrets-operator dockhand/dockhand-secrets-operator-crd | ||
| helm install --namespace dockhand-secrets-operator dockhand/dockhand-secrets-operator | ||
| ``` |
Oops, something went wrong.