Skip to content

Commit

Permalink
secret: Improve documentation (#499)
Browse files Browse the repository at this point in the history 
* secret: docs: clean up secret_yaml_generic

Signed-off-by: Noelle Leigh <[email protected]>

* secret: docs: clean up secret_create_generic

Signed-off-by: Noelle Leigh <[email protected]>

* secret: docs: clean up secret_from_dict

Signed-off-by: Noelle Leigh <[email protected]>

* secret: docs: clean up secret_yaml_registry

Signed-off-by: Noelle Leigh <[email protected]>

* secret: docs: clean up secret_yaml_tls

Signed-off-by: Noelle Leigh <[email protected]>

* secret: docs: clean up secret_create_tls

Signed-off-by: Noelle Leigh <[email protected]>

* secret: docs: add link to Kubernetes secrets

Signed-off-by: Noelle Leigh <[email protected]>

---------

Signed-off-by: Noelle Leigh <[email protected]>
  • Loading branch information
@noelleleigh
noelleleigh authored May 22, 2023
1 parent befa9be commit 12384ee
Showing 1 changed file with 66 additions and 25 deletions.
91 changes: 66 additions & 25 deletions secret/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,82 +2,123 @@

Author: [Nick Santos](https://github.com/nicks)

Helper functions for creating Kubernetes secrets.
Helper functions for creating [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/).

## Functions

### secret_yaml_generic

```
secret_yaml_generic(name: str, namespace: str = "", from_file: Union[str, List] = None, secret_type: str = None): Blob
secret_yaml_generic(
name: str,
namespace: str = "",
from_file: str | list[str] = None,
secret_type: str = None,
from_env_file: str = None
) -> Blob
```

Returns YAML for a generic secret.

* `from_file` ( str ) – equivalent to `kubectl create secret --from-file`
* `secret_type` ( str ) - equivalent to `kubectl create secret --type`
Equivalent to [`kubectl create secret generic -o=yaml --dry-run=client`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-em-secret-generic-em-)

* `name` ( str ) - Secret name.
* `namespace` ( str ) - Secret namespace.
* `from_file` ( str | list[str] ) – Populate secret from a file path or multiple file paths.
* `secret_type` ( str ) - The type of secret to create.
* `from_env_file` ( str ) – Specify the path to a file to read lines of `key=val` pairs to create a secret.

### secret_create_generic

```
secret_create_generic(name: str, namespace: str = "", from_file: Union[str, List] = None, secret_type: str = None)
secret_create_generic(
name: str,
namespace: str = "",
from_file: str | list[str] = None,
secret_type: str = None,
from_env_file: str = None
) -> None
```

Deploys a secret to the cluster. Equivalent to
Deploys a secret to the cluster. Equivalent to:

```
load('ext://secret', 'secret_yaml_generic')
k8s_yaml(secret_yaml_generic('name', from_file=[...]))
k8s_yaml(secret_yaml_generic(...))
```

Arguments are the same as [`secret_yaml_generic`](#secret_yaml_generic).

### secret_from_dict

```
secret_from_dict(name: str, namespace: str = "", inputs = None): blob
secret_from_dict(
name: str,
namespace: str = "",
inputs: dict[str, Any] = {}
) -> Blob
```

Returns YAML for a secret from a dictionary.

* `inputs` ( dict) - A dict of keys and values to use. Nesting is not supported
Returns YAML for a secret from a dictionary. Equivalent to [`kubectl create secret generic --from-literal=key=value`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-em-secret-generic-em-)

* `name` ( str ) - Secret name.
* `namespace` ( str ) - Secret namespace.
* `inputs` ( dict ) - A dictionary of keys and values to use. Nesting is not supported.

### secret_yaml_registry

```
secret_yaml_registry(name: str, namespace: str = "", flags_dict: dict = None)
secret_yaml_registry(
name: str,
namespace: str = "",
flags_dict: dict = {}
) -> Blob
```

Returns YAML for a `docker-registry` type secret. Equivelent to:
Returns YAML for a `docker-registry` type secret. Equivelent to [`kubectl create secret docker-registry`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-em-secret-docker-registry-em-).

```
kubectl create secret docker-registry artifact-registry \
--docker-server=host.somedomain \
--docker-username=_json_key \
--docker-password="$(cat service-account.json)" \
[email protected]
```
* `name` ( str ) - Secret name.
* `namespace` ( str ) - Secret namespace.
* `flags_dict` ( dict ) - A dictionary of keys and values to be passed to the command as flags (`--key=value`).

### secret_yaml_tls

```
secret_yaml_tls(name: str, cert: str, key: str, namespace: str = ""): Blob
secret_yaml_tls(
name: str,
cert: str,
key: str,
namespace: str = ""
) -> Blob
```

Returns YAML for a TLS secret. Equivalent to `kubectl create secret tls --cert=... --key=...`.
Returns YAML for a TLS secret. Equivalent to [`kubectl create secret tls`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-em-secret-tls-em-).

* `name` ( str ) - Secret name.
* `cert` ( str ) - Path to PEM encoded public key certificate.
* `key` ( str ) - Path to private key associated with given certificate.
* `namespace` ( str ) - Secret namespace.

### secret_create_tls

```
secret_create_tls(name: str, cert: str, key: str, namespace: str = "")
secret_create_tls(
name: str,
cert: str,
key: str,
namespace: str = ""
) -> None
```

Deploys a secret to the cluster. Equivalent to
Deploys a TLS secret to the cluster. Equivalent to

```
load('ext://secret', 'secret_yaml_tls')
k8s_yaml(secret_yaml_tls('name', cert=..., key=...))
k8s_yaml(secret_yaml_tls(...))
```

Arguments are the same as [`secret_yaml_tls`](#secret_yaml_tls).

## Example Usage

### For a Postgres password:
Expand Down

0 comments on commit 12384ee

Please sign in to comment.