Skip to content
/ kubernetes-plugins Public

Kubernetes plug in for Porter, enables management of credentials as Kubernetes secrets

getporter.org/plugins/kubernetes/

License

Apache-2.0 license
3 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

getporter/kubernetes-plugins

BranchesTags

Repository files navigation

Kubernetes Plugins for Porter

This is a set of Kubernetes plugins for Porter.

Build Status

The plugin enables Porter to use Kubernetes secrets as source for CredentialSets.

Installation

The plugin is distributed as a single binary, kubernetes. The following snippet will clone this repository, build the binary and install it to ~/.porter/plugins/.

go get get.porter.sh/plugin/azure/cmd/kubernetes-plugins
cd $(go env GOPATH)/src/get.porter.sh/plugin/kubernetes-plugins
make build install

Usage

After installation, you must modify your porter configuration file. The plugin supports secret values (secrets).

The plugin can be used when porter is running inside a Kubernetes cluster - in which case it will connect automatically, it can also be used from outside a cluster in which case it will either use the kubeconfig file sourced from the KUBECONFIG environment variable or $HOME/.kube/config if this is not set.

When running outside a cluster the plugin requires configuration to specify which namespace it should store data in, when running inside a cluster it will use the namespace of the pod that porter is running in.

The plugin also requires that the user or service account that is being used with Kubernetes has "get","list","create","delete", and "patch" permissions on secrets in the namespace.

The Porter Operator is the primary use case for running in Kubernetes which configures the necessary service accounts via it's configureNamespace custom action.

porter invoke porterops --action configureNamespace --param namespace=quickstart -c porterops

Secrets

The kubernetes.secrets plugin enables resolution of credential or parameter values and storing sensitive data(parameter or output values) as secrets in Kubernetes via the Porter Operator.

  1. Create, ./porter-k8s-config.yaml

  2. Add the following lines1:

    default-secrets: "kubernetes-secrets"
secrets:
- name: "kubernetes-secrets"
  plugin: "kubernetes.secrets"

  3. Provide the Porter config to the configureNamespace operator bundle action

    porter invoke operator --action=configureNamespace --param namespace=<namespace name> --param porterConfig=porter-k8s-config.toml -c kind -n=operator

  • If the plugin is being used outside of a Kubernetes cluster then add the following lines to specify the namespace to be used to store data:

    default-secrets: "kubernetes-secrets"
secrets:
  - name: "kubernetes-secrets"
    plugin: "kubernetes.secrets"
    config:
      namespace: "<namespace name>"

In both cases the Kubernetes secret must be created with a credential key

kubectl --namespace "<namespace name>" create secret generic password --from-literal=credential=test

Porter credentials file test-credentials.yaml

---
schemaType: CredentialSet
schemaVersion: 1.0.1
namespace: ''
name: kubernetes-plugin-test
credentials:
- name: test-cred
  source:
    secret: password

porter credentials apply test-credentials.yaml

About

Kubernetes plug in for Porter, enables management of credentials as Kubernetes secrets

getporter.org/plugins/kubernetes/

Topics

kubernetes porter plugins

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

6 watching

Forks

7 forks
Report repository

Releases 15

v1.0.3 Latest
Apr 13, 2023
+ 14 releases

Packages

No packages published

Contributors 8

Languages