Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make secret values consumeable from Environment Variables #2796

Open
dcardellino opened this issue May 25, 2023 · 1 comment
Open

Make secret values consumeable from Environment Variables #2796

dcardellino opened this issue May 25, 2023 · 1 comment
Labels
kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. refinement-needed sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management.
Milestone
KubeOne 1.9

Comments

@dcardellino
Copy link

Description of the feature you would like to add / User story

As a cloud engineer I do not want to store my credentials as plain text in git. To have kind of more control over it, I want to consume secrets via Environment Variables in kubeone.yaml. As I use Hashicorp Vault I can "securely" export my secrets as env variables.

As a <user persona>
I would like to <functionality>
in order to <benefit>

Solution details

As described in the KubeOne documentation there are some fields enabled to get values from environment, in my specific case I want to put regestryAuth credentials to kubeone.yaml like this:

containerRuntime:
  containerd:
    registries:
      registry-1.docker.io:
        auth:
          username: "env:DOCKER_HUB_USER"
          password: "env:DOCKER_HUB_PASSWORD"

meaning that DOCKER_HUB_USER & DOCKER_HUB_PASSWORD are exported as environment variables.

Use cases

  • Retrieving credentials for registry authentication or similar.

Additional information

  • See #kubermatic slack for discussions about it.
@dcardellino dcardellino added kind/feature Categorizes issue or PR as related to a new feature. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. labels May 25, 2023
@xmudrii xmudrii added the kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API label Jun 24, 2024
@xmudrii xmudrii added this to the KubeOne 1.9 milestone Jun 24, 2024
@xmudrii
Copy link
Member

xmudrii commented Jun 27, 2024
edited

High priority is to discover:

  • How this feature should look like?
  • What API fields should be covered?
  • Do we need to make backwards incompatible changes to the API?

If we need to make the backwards incompatible changes to the API, then this remains a high priority issue for 1.9. Otherwise, we can reduce it to the normal priority.

@kron4eg kron4eg self-assigned this Jun 27, 2024
@kron4eg kron4eg removed their assignment Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. refinement-needed sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management.
Projects
None yet
Milestone
KubeOne 1.9
Development

No branches or pull requests
3 participants
@kron4eg @xmudrii @dcardellino