github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-08 23:18:05 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
af2f3017b7621c574f38fb186733e8b53392caa8
infisical/helm-charts/secrets-operator/README.md
Grraahaam a5278affe6 chore(docs): improved charts related documentation
2023-02-22 10:18:22 +01:00

3.0 KiB
Raw Blame History

Infisical Helm Chart

This is the Infisical Secrets Operator Helm chart. Find the integration documentation here

Installation

To install the chart, run the following :

# Add the Infisical repository
helm repo add infisical 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/' && helm repo update

# Install Infisical Secrets Operator (with default values)
helm upgrade --install --atomic \
  -n infisical-dev --create-namespace \
  infisical-secrets-operator infisical/secrets-operator

# Install Infisical Secrets Operator (with custom inline values, replace with your own values)
helm upgrade --install --atomic \
  -n infisical-dev --create-namespace \
  --set controllerManager.replicas=3 \
  infisical-secrets-operator infisical/secrets-operator

# Install Infisical Secrets Operator (with custom values file, replace with your own values file)
helm upgrade --install --atomic \
  -n infisical-dev --create-namespace \
  -f custom-values.yaml \
  infisical-secrets-operator infisical/secrets-operator

Synchronization

To sync your secrets from Infisical (or from your own instance), create the below resources :

# Create the tokenSecretReference (replace with your own token)
kubectl create secret generic infisical-example-service-token \
  --from-literal=infisicalToken="<infisical-token-here>"

# Create the InfisicalSecret
cat <<EOF | kubectl apply -f -
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
  # Name of of this InfisicalSecret resource
  name: infisicalsecret-example
spec:
  # The host that should be used to pull secrets from. The default value is https://app.infisical.com/api.
  hostAPI: https://app.infisical.com/api

  # The Kubernetes secret the stores the Infisical token
  tokenSecretReference:
    # Kubernetes secret name
    secretName: infisical-example-service-token
    # The secret namespace
    secretNamespace: default

  # The Kubernetes secret that Infisical Operator will create and populate with secrets from the above project
  managedSecretReference:
    # The name of managed Kubernetes secret that should be created
    secretName: infisical-managed-secret
    # The namespace the managed secret should be installed in
    secretNamespace: default
EOF

Managed secrets

Methods

To use the above created manage secrets, you can use the below methods :

  • env
  • envFrom
  • volumes

Check the docs to learn more about their implementation within your k8s resources

Auto-reload

And if you want to auto-reload your deployments, add this annotation where the managed secret is consumed :

annotations:
  secrets.infisical.com/auto-reload: "true"

Parameters

Coming soon

Local development

Coming soon

Upgrading

0.1.2

Latest stable version, no breaking changes

Reference in New Issue View Git Blame Copy Permalink