Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd29ab1b

Browse files
author
Luke Goodfellow
committed
spelling and grammer. add raw element tags
1 parent2482b81 commitd29ab1b

File tree

1 file changed

+39
-8
lines changed

1 file changed

+39
-8
lines changed

‎_docs/kb/articles/external-secrets-operators-aws-secrets-manager.md‎

Lines changed: 39 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,9 @@ This article explains how to install and use the [External Secrets Operator](htt
2626

2727
###Installation
2828

29-
First you need to install the External Secrets Operator. To do that, we are going to add an Application to your Git Source. Create a file in your Git Source called`external-secrets-operator.yaml` and use the below application to install. Once done, save, commit, and push to your repo.
29+
First, you need to install the External Secrets Operator. To do that, we are going to add an Application to your Git Source. Create a file in your Git Source called`external-secrets-operator.yaml` and use the below application to install. Once done, save, commit, and push to your repo
30+
31+
{% raw %}
3032

3133
```yaml
3234
apiVersion:argoproj.io/v1alpha1
@@ -60,13 +62,17 @@ spec:
6062
-RespectIgnoreDifferences=false
6163
```
6264
65+
{% endraw %}
66+
6367
You should now see this application when viewing the [application dashboard](https://g.codefresh.io/2.0/applications-dashboard/list)
6468
6569
### Usage
6670
6771
#### AWS Set Up
6872
69-
Now that we have the External Secrets Operator Installed, Now we can set up the Secret Store. First we need to create an IAM Role for Service Accounts (IRSA) that is going to be used to access the secrets. First you need to create a role based on the [EKS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). Below is the minium permissions needed to access the secrets that starts with`testing/`. You can edit the Resource section that suites your needs.
73+
Now that we have the External Secrets Operator Installed, we can set up the Secret Store. First, we need to create an IAM Role for Service Accounts (IRSA) that is going to be used to access the secrets. You will need to create a role based on the [EKS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). Below are the minimum permissions needed to access the secrets that start with`testing/`. You can edit the Resource section that suits your needs
74+
75+
{% raw %}
7076

7177
```json
7278
{
@@ -88,22 +94,29 @@ Now that we have the External Secrets Operator Installed, Now we can set up the
8894
}
8995
```
9096

91-
Once the IRSA is created, create a secret in AWS Secrets Manager (region us-east-1 in this example). Use the "Other type of Secret" when creating the secret. Add your key value pairs that you want. When naming, use the prefix of `testing/` for this example. The rest of the options, use the defaults.
97+
{% endraw %}
98+
99+
Once the IRSA is created, create a secret in AWS Secrets Manager (region us-east-1 in this example). Use the "Other type of Secret" when creating the secret. Add the key-value pairs that you want. When naming, use the prefix of `testing/` for this example. The rest of the options, use the defaults.
92100

93101
#### Adding Secrets to Git Source
94102

95-
Now that we have everything set up on AWS, time to create a Service Account, Secret Store, and External Secret. First create a Directory in your Git Source Repo thats outside of the path for the Git Source. In this example my Git Source path is `gitops/argocd` but my files will be located in `gitops/test-applications`.
103+
Now that we have everything set up on AWS, time to create a Service Account, Secret Store, and External Secret. First, create a Directory in your Git Source Repo that's outside of the path for the Git Source. In this example, my Git Source path is `gitops/argocd` but my files will be located in `gitops/test-applications`.
104+
105+
{% raw %}
96106

97107
```shell
98108
├── gitops
99109
│ ├── argocd
100110
│ │ └── external-secrets-operator.yaml
101111
│ ├── test-applications
102-
103112
```
104113

114+
{% endraw %}
115+
105116
Inside test-applications directory create a file called `secret-store.yaml`. Here we will create a Service Account and Secret Store config. The SecretStore will allow us to access AWS Secrets Manager and use the Service Account to make the API Calls to AWS.
106117

118+
{% raw %}
119+
107120
```yaml
108121
apiVersion: external-secrets.io/v1beta1
109122
kind: SecretStore
@@ -127,8 +140,12 @@ metadata:
127140
name: aws-secret-store
128141
```
129142

143+
{% endraw %}
144+
130145
Now create another file called `external-secret.yaml` in the testing-applications directory. This is where we are going to use to generate a kubernets secret. We will define a refresh interval so the screte is up to date in the cluster, how to access the secret via the Secret Store, the name of the scret in AWS Secret Manager, and what to name the k8s secret kind once retrieved.
131146

147+
{% raw %}
148+
132149
```yaml
133150
apiVersion: external-secrets.io/v1beta1
134151
kind: ExternalSecret
@@ -150,10 +167,14 @@ spec:
150167
metadataPolicy: None
151168
```
152169

170+
{% endraw %}
171+
153172
#### Adding Application for Example
154173

155174
Now we have the information, we are going to add another application under `gitops/argocd` to simulate an application that needs a secret. Create a file called `test-application.yaml` with the following values.
156175

176+
{% raw %}
177+
157178
```yaml
158179
apiVersion: argoproj.io/v1alpha1
159180
kind: Application
@@ -188,17 +209,25 @@ spec:
188209
- RespectIgnoreDifferences=false
189210
```
190211

191-
This application is going to deploy in the `testing` namespace. so all the items before are name spaced spacific and can be reused in different namespace. Now save, commit and push these items to your git repo.
212+
{% endraw %}
213+
214+
This application is going to be deployed in the `testing` namespace. All the items before are name-spaced specific and can be reused in different namespaces. Now save, commit, and push these items to your git repo.
192215

193216
#### Verification
194217

195-
Now you should see the Application in your the dashboard. You should see a k8s secret that has all the key value pairs that you created in AWS Secrets Manager. You can run the following command to verify its there.
218+
Now you should see the Application in your dashboard. You should see a k8s secret that has all the key-value pairs that you created in AWS Secrets Manager. You can run the following command to verify it's there.
219+
220+
{% raw %}
196221

197222
```shell
198223
kubectl get secrets -n testing my-secret -o yaml
199224
```
200225

201-
You should see something similiar below for your secret.
226+
{% endraw %}
227+
228+
You should see something similar below for your secret.
229+
230+
{% raw %}
202231

203232
```yaml
204233
apiVersion: v1
@@ -230,6 +259,8 @@ metadata:
230259
type: Opaque
231260
```
232261

262+
{% endraw %}
263+
233264
## Related Items
234265

235266
-[Hybrid GitOps Runtime installation]({{site.baseurl}}/docs/installation/gitops/hybrid-gitops-helm-installation/)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp