mirror of
https://github.com/Infisical/infisical.git
synced 2026-01-10 07:58:15 -05:00
82 lines
3.0 KiB
Plaintext
82 lines
3.0 KiB
Plaintext
---
|
|
title: "Kubernetes"
|
|
---
|
|
|
|
The Infisical Secrets Operator fetches secrets from Infisical and saves them as Kubernetes secrets using the custom `InfisicalSecret` resource to define authentication and storage methods.
|
|
The operator updates secrets continuously and can reload dependent deployments automatically on secret changes.
|
|
|
|
Prerequisites:
|
|
|
|
- Connected to your cluster via kubectl
|
|
- Have a project with secrets ready in [Infisical Cloud](https://app.infisical.com).
|
|
- Create an [Infisical Token](/getting-started/dashboard/token) scoped to an environment in your project in Infisical.
|
|
|
|
## Installation
|
|
|
|
Follow the instructions for either [Helm](https://helm.sh/) or [kubectl](https://github.com/kubernetes/kubectl) to install the Infisical Secrets Operator.
|
|
|
|
<Tabs>
|
|
<Tab title="Helm">
|
|
Install the Infisical Helm repository
|
|
|
|
```console
|
|
helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/'
|
|
|
|
helm repo update
|
|
```
|
|
|
|
Install the Helm chart
|
|
```console
|
|
helm install --generate-name infisical-helm-charts/secrets-operator
|
|
```
|
|
|
|
</Tab>
|
|
<Tab title="Kubectl">
|
|
The operator will be installed in `infisical-operator-system` namespace
|
|
```
|
|
kubectl apply -f https://raw.githubusercontent.com/Infisical/infisical/main/k8-operator/kubectl-install/install-secrets-operator.yaml
|
|
```
|
|
</Tab>
|
|
</Tabs>
|
|
|
|
|
|
## Usage
|
|
|
|
**Step 1: Create Kubernetes secret containing service token**
|
|
|
|
Once you have generated the service token, create a Kubernetes secret containing the service token you generated by running the command below.
|
|
|
|
``` bash
|
|
kubectl create secret generic service-token --from-literal=infisicalToken=<your-service-token-here>
|
|
```
|
|
|
|
**Step 2: Fill out the InfisicalSecrets CRD and apply it to your cluster**
|
|
|
|
```yaml infisical-secrets-config.yaml
|
|
apiVersion: secrets.infisical.com/v1alpha1
|
|
kind: InfisicalSecret
|
|
metadata:
|
|
# Name of of this InfisicalSecret resource
|
|
name: infisicalsecret-sample
|
|
spec:
|
|
# The host that should be used to pull secrets from. If left empty, the value specified in Global configuration will be used
|
|
hostAPI: https://app.infisical.com/api
|
|
authentication:
|
|
serviceToken:
|
|
serviceTokenSecretReference: # <-- The secret's namespaced name that holds the project token for authentication in step 1
|
|
secretName: service-token
|
|
secretNamespace: option
|
|
managedSecretReference:
|
|
secretName: managed-secret # <-- the name of kubernetes secret that will be created
|
|
secretNamespace: default # <-- in what namespace it will be created in
|
|
```
|
|
|
|
```
|
|
kubectl apply -f infisical-secrets-config.yaml
|
|
```
|
|
|
|
You should now see a new kubernetes secret automatically created in the namespace you defined in the `managedSecretReference` property above.
|
|
|
|
For a comprehensive guide on managing secrets in Kubernetes with Infisical, including all available options of the operator, please refer to this [link](../../integrations/platforms/kubernetes).
|
|
|