Skip to content

external-secrets/external-secrets-helm-operator

 
 

Repository files navigation

External Secrets Operator

test build release license

A Kubernetes Operator based on the Operator SDK (Helm version) to configure official external-secrets operator helm chart, so it can be installed via OLM without having to do any change on current Helm Charts.

Before any other resources provided by this Operator can be deployed, it is essential to create an OperatorConfig resource.

The usual Helm Chart file values.yaml, like:

prometheus:
  enabled: true
  service:
    port: 8080
resources:
   requests:
     cpu: 10m
     memory: 96Mi
   limits:
     cpu: 100m
     memory: 256Mi

needs to be encapsulated into a new custom resource called OperatorConfig:

apiVersion: operator.external-secrets.io/v1alpha1
kind: OperatorConfig
metadata:
  name: cluster
spec:
  prometheus:
    enabled: true
    service:
      port: 8080
  resources:
   requests:
     cpu: 10m
     memory: 96Mi
   limits:
     cpu: 100m
     memory: 256Mi

Once the OperatorConfig resource is deployed, the operator will create all helm chart resources, using the custom resource name as a preffix for all resources names, like for example a Deployment called cluster-external-secrets.

Initial bootstrap

Initially, all operator files bootstraping have been created with operator-sdk:v1.15.0 (commit):

$ operator-sdk init --plugins helm --group operator --domain external-secrets.io --version v1alpha1 --kind OperatorConfig --helm-chart=external-secrets --helm-chart-repo=https://charts.external-secrets.io/ --helm-chart-version=0.3.8
Writing kustomize manifests for you to edit...
Creating the API:
$ operator-sdk create api --group operator --version v1alpha1 --kind OperatorConfig --helm-chart external-secrets --helm-chart-repo https://charts.external-secrets.io/ --helm-chart-version 0.3.8
Writing kustomize manifests for you to edit...
Created helm-charts/external-secrets
Generating RBAC rules
WARN[0006] Using default RBAC rules: failed to generate RBAC rules: failed to get server resources: Unauthorized

And then, the most important change done on predefined files was the operator ClusterRole, which needed extra permissions in order to be able to create all resources created by the Helm Chart (commit).

The rest of the changes are mostly cosmetic, a kind of k8s-operator-olm envelope for the real Helm Chart that will be downloaded dynamically using helm chart version on every operator image build at helm-charts/external-secrets.

Documentation

Contributing

You can contribute by:

  • Raising any issues you find using External Secrets Operator
  • Fixing issues by opening Pull Requests
  • Submitting a patch or opening a PR
  • Improving documentation
  • Talking about External Secrets Operator

All bugs, tasks or enhancements are tracked as GitHub issues.

License

External Secrets Operator is under Apache 2.0 license. See the LICENSE file for details.

Note: This Helm Operator will deploy ESO (when you create the OperatorConfig) without the CRDs. With OLM this is not a problem since OLM manages and deploys the CRDs. If for some reason you plan to use this helm operator without OLM, you need to apply the ESO CRDs to you cluster at some point.

About

External Secrets Operator that can be installed via OLM using original helm chart from https://github.com/external-secrets/external-secrets/

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Makefile 65.4%
  • Shell 28.8%
  • Dockerfile 5.8%