From 5eb505326bf6d48f1fedbefa945498249ece8688 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Thu, 7 Dec 2023 20:10:11 -0500 Subject: [PATCH] add docs for k8 secret type and label propagation --- docs/integrations/platforms/kubernetes.mdx | 59 ++++++++++++++++++++-- 1 file changed, 56 insertions(+), 3 deletions(-) diff --git a/docs/integrations/platforms/kubernetes.mdx b/docs/integrations/platforms/kubernetes.mdx index 942a60100f..7ddb616b27 100644 --- a/docs/integrations/platforms/kubernetes.mdx +++ b/docs/integrations/platforms/kubernetes.mdx @@ -161,12 +161,65 @@ Default re-sync interval is every 1 minute. -The `managedSecretReference` field in the InfisicalSecret resource is used to specify the location where secrets retrieved from an Infisical project should be stored. -You should specify the name and namespace of the Kubernetes secret that will hold these secrets. The operator will create the secret for you, you just need to provide its name and namespace. +The `managedSecretReference` field is used to define the target location for storing secrets retrieved from an Infisical project. +This field requires specifying both the name and namespace of the Kubernetes secret that will hold these secrets. +The Infisical operator will automatically create the Kubernetes secret with the specified name/namespace and keep it continuously updated. -The managed secret be should be created in the same namespace as the deployment that will use it. +Note: The managed secret be should be created in the same namespace as the deployment that will use it. + +The name of the managed Kubernetes secret to be created + + +The namespace of the managed Kubernetes secret to be created. + + +Override the default Opaque type for managed secrets with this field. Useful for creating kubernetes.io/dockerconfigjson secrets. + + +### Propagating labels & annotations + +The operator will transfer all labels & annotations present on the `InfisicalSecret` CRD to the managed Kubernetes secret to be created. +Thus, if a specific label is required on the resulting secret, it can be applied as demonstrated in the following example: + + +```yaml +apiVersion: secrets.infisical.com/v1alpha1 +kind: InfisicalSecret +metadata: + name: infisicalsecret-sample + labels: + label-to-be-passed-to-managed-secret: sample-value + annotations: + example.com/annotation-to-be-passed-to-managed-secret: "sample-value" +spec: + .. + authentication: + ... + managedSecretReference: + ... +``` + +This would result in the following managed secret to be created: + +```yaml +apiVersion: v1 +data: + ... +kind: Secret +metadata: + annotations: + example.com/annotation-to-be-passed-to-managed-secret: sample-value + secrets.infisical.com/version: W/"3f1-ZyOSsrCLGSkAhhCkY2USPu2ivRw" + labels: + label-to-be-passed-to-managed-secret: sample-value + name: managed-token + namespace: default +type: Opaque +``` + + ### Apply the Infisical CRD to your cluster Once you have configured the Infisical CRD with the required fields, you can apply it to your cluster.