Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tool to declaratively, securely manage secrets #14049

Closed
fejta opened this issue Aug 23, 2019 · 24 comments
Closed

Tool to declaratively, securely manage secrets #14049

fejta opened this issue Aug 23, 2019 · 24 comments
Assignees
@spiffxp @ameukam @chaodaiG
Labels
kind/feature Categorizes issue or PR as related to a new feature. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Milestone
v1.22

Comments

@fejta
Copy link
Contributor

fejta commented Aug 23, 2019

We need to create a tool that allows us to, uh, securely store secret values (https://cloud.google.com/kms/ or equivalent) and then declare where we should inject these secrets into kubernetes clusters.
@fejta fejta added the kind/feature Categorizes issue or PR as related to a new feature. label Aug 23, 2019
@dims
Copy link
Member

dims commented Aug 26, 2019

/cc

@fejta fejta mentioned this issue Aug 26, 2019
Merged
@stevekuznetsov stevekuznetsov changed the title Tool to decoratively, securely manage secrets Tool to declaratively, securely manage secrets Aug 27, 2019
@stevekuznetsov
Copy link
Contributor

/cc

@stevekuznetsov
Copy link
Contributor

Just as an informational thing, I want to post our script to do this. Store the secrets in a secure locker, use its API to dump state to a local directory and kubectl create secret --dry-run --output yaml | kubectl apply -f - is really powerful and very simple.

@k8s-ci-robot k8s-ci-robot added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Nov 17, 2019
@clarketm clarketm removed their assignment Nov 17, 2019
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 15, 2020
@clarketm
Copy link
Contributor

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 27, 2020
@clarketm clarketm mentioned this issue Feb 27, 2020
Closed
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 27, 2020
@spiffxp
Copy link
Member

spiffxp commented Jun 3, 2020

/assign

@spiffxp
Copy link
Member

spiffxp commented Jun 3, 2020

/remove-help
@b01901143 will be working on this, holding issue for now

@k8s-ci-robot k8s-ci-robot removed the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Jun 3, 2020
@spiffxp
Copy link
Member

spiffxp commented Jun 3, 2020

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 3, 2020
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 1, 2020
@matthyx
Copy link
Contributor

matthyx commented Sep 27, 2020

@b01901143 what's the status?

@spiffxp
Copy link
Member

spiffxp commented Sep 28, 2020

/remove-lifecycle stale
We created https://github.com/kubernetes-sigs/k8s-gsm-tools but I personally have stalled out on deploying this live to k8s-infra build clusters. I've got a proof of concept running on my personal prow cluster https://github.com/bashfire/prow-config/blob/master/config/prow/cluster/k8sgsmtools-config.yaml

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 28, 2020
@matthyx
Copy link
Contributor

matthyx commented Oct 15, 2020

I think this goes beyond my current understanding of the whole infra...

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 13, 2021
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Feb 12, 2021
@spiffxp
Copy link
Member

spiffxp commented Mar 9, 2021
edited
Loading

/remove-lifecycle rotten
Would like to revisit this or close this out as part of (k8s.io issue kubernetes/k8s.io#1673)

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Mar 9, 2021
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 7, 2021
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 7, 2021
@spiffxp
Copy link
Member

spiffxp commented Jul 7, 2021

/remove-lifecycle rotten
We use kubernetes-external-secrets for this now, I'll link to relevant issues/PRs and docs, then close

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Jul 7, 2021
@spiffxp
Copy link
Member

spiffxp commented Jul 13, 2021

/milestone v1.21
/assign @chaodaiG
who got this done for k8s-prow via:

/assign @spiffxp @ameukam
we're also using Kubernetes-external-secrets for clusters managed by wg-k8s-infra:

/close

@k8s-ci-robot
Copy link
Contributor

@spiffxp: The provided milestone is not valid for this repository. Milestones in this repository: [someday, v1.22, v1.23]

Use /milestone clear to clear the milestone.

In response to this:

/milestone v1.21
/assign @chaodaiG
who got this done for k8s-prow via:

/assign @spiffxp @ameukam
we're also using Kubernetes-external-secrets for clusters managed by wg-k8s-infra:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot
Copy link
Contributor

@spiffxp: Closing this issue.

In response to this:

/milestone v1.21
/assign @chaodaiG
who got this done for k8s-prow via:

/assign @spiffxp @ameukam
we're also using Kubernetes-external-secrets for clusters managed by wg-k8s-infra:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@spiffxp
Copy link
Member

spiffxp commented Jul 13, 2021

/milestone v1.22

@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Jul 13, 2021
@spiffxp
Copy link
Member

spiffxp commented Aug 10, 2021

/sig testing

@spiffxp spiffxp added the sig/testing Categorizes an issue or PR as relevant to SIG Testing. label Aug 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spiffxp spiffxp

@ameukam ameukam

@chaodaiG chaodaiG

Labels
kind/feature Categorizes issue or PR as related to a new feature. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Projects
None yet
Milestone
v1.22
Development

No branches or pull requests
10 participants
@dims @spiffxp @fejta @ameukam @stevekuznetsov @clarketm @k8s-ci-robot @matthyx @fejta-bot @chaodaiG