Giter Site home page Giter Site logo

berglas-aws-webhook's Introduction

Berglas AWS Webhook

This is a sample project for learning mutating webhook implementation, and implemented referencing Berglas

Berglas AWS is a tool inspired by GCP's Berglas and command line tool and library for storing and retrieving secrets from AWS Secrets Manager.

This repository is a webhook part of Berglas AWS. The CLI implementation is here.

How to deploy

You need to deploy cert-manager v0.12.0 before deploy this webhook.

$ kubectl apply -f ./deploy

Usage

When you try to deploy Pod from YAML with env var in format of berglas-aws://<ARN> as below,

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
    - name: server
      image: server:any-tag
      command: ["server"]
      env:
        - name: API_KEY 
          value: berglas-aws://arn:aws:secretsmanager:<REGION>:<ACCOUNT_ID>:secret:<SECRET_ID>

this webhook mutates to YAML as below.

apiVersion: v1
kind: Pod
metadata:
  name: server
spec:
  initContainers:
    - name: copy-berglas-aws-bin
      image: katainaka0503/berglas-aws:latest
      imagePullPolicy: IfNotPresent
      command: ["sh", "-c", "cp $(which berglas-aws) /berglas-aws/bin/"]
      volumeMounts:
        - name: berglas-aws-bin
          mountPath: /berglas-aws/bin/
  containers:
    - name: server
      image: katainaka0503/server
      imagePullPolicy: Always
      command: ["/berglas-aws/bin/berglas-aws"]
      args: ["exec", "--", "server"]
      env:
        - name: API_KEY 
          value: berglas-aws://arn:aws:secretsmanager:<REGION>:<ACCOUNT_ID>:secret:<SECRET_ID>
      volumeMounts:
        - name: berglas-aws-bin
          mountPath: /berglas-aws/bin/
  volumes:
    - name: berglas-aws-bin
      emptyDir:
        medium: Memory

berglas-aws-webhook's People

Contributors

katainaka0503 avatar

Watchers

James Cloos avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.