dvirlabs/infra
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Packages Projects Releases Wiki Activity
infra/charts/external-secrets/templates-examples/QUICKSTART.md
dvirlabs 733d0c1425 Add external secret for renovate
2026-06-09 19:22:46 +03:00

102 lines
2.1 KiB
Markdown
Raw Blame History

# Quick Start: Copy to your repository
#
# This file shows the minimal steps to get external-secrets working
# in your application repository.
## Step 1: Create the folder structure
```bash
mkdir -p k8s/secrets-<your-app-name>
cd k8s/secrets-<your-app-name>
```
## Step 2: Copy template files
Copy the following template files to your `secrets-<your-app-name>/` folder:
```bash
# Choose based on your secret backend:
# For Vault:
cp secretstore-vault.yaml ./
# For Kubernetes secrets:
cp secretstore-kubernetes.yaml ./
# Choose based on what you want to sync:
# For individual secret properties:
cp externalsecret-basic.yaml ./
# For entire secret objects:
cp externalsecret-extract.yaml ./
# For advanced templating:
cp externalsecret-advanced.yaml ./
```
## Step 3: Customize the files
Edit each file and replace the CHANGE markers:
```bash
# Edit secretstore
vim secretstore-vault.yaml
# Edit externalsecret
vim externalsecret-basic.yaml
```
Key things to customize:
- Namespace (where your app runs)
- Vault server URL
- Vault secret paths
- Secret property names
- Refresh interval
## Step 4: Apply to your cluster
```bash
kubectl apply -f k8s/secrets-<your-app-name>/
```
## Step 5: Verify
```bash
# Check if the ExternalSecret synced successfully
kubectl get externalsecret -n <your-namespace>
# Check if the secret was created
kubectl get secret app-secrets -n <your-namespace>
# View the secret contents (be careful with sensitive data!)
kubectl get secret app-secrets -n <your-namespace> -o jsonpath='{.data}' | jq .
```
## Step 6: Use in your Deployment
Reference the synced secret in your Deployment/StatefulSet/DaemonSet:
```yaml
envFrom:
- secretRef:
name: app-secrets
```
See `deployment-example.yaml` for more usage patterns.
## Troubleshooting
If the ExternalSecret doesn't sync:
```bash
# Check status
kubectl describe externalsecret app-secrets -n <your-namespace>
# Check operator logs
kubectl logs -n external-secrets deployment/external-secrets
# Verify SecretStore is reachable
kubectl describe secretstore vault-secretstore -n <your-namespace>
```
See `USAGE.md` in the external-secrets chart for detailed troubleshooting.
Reference in New Issue View Git Blame Copy Permalink