add kubernetes-external-secrets

c3b7c2ce · sean.melissari · f0fb105d · c3b7c2ce · c3b7c2ce · c3b7c2ce
Commit c3b7c2ce authored Jun 01, 2020 by sean.melissari
Hide whitespace changes
Inline Side-by-side

Showing with 71 additions and 1 deletion

Dockerfile Dockerfile +31 -0

Jenkinsfile Jenkinsfile +2 -0

LICENSE LICENSE +21 -0

README.md README.md +14 -1

download.yaml download.yaml +3 -0

No files found.
--- a/Dockerfile
+++ b/Dockerfile
+ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
+ARG BASE_IMAGE=opensource/nodejs/nodejs12
+ARG BASE_TAG=12.17.0
+FROM godaddy/kubernetes-external-secrets:3.3.0 as builder
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+LABEL name="kubernetes-external-secrets" \
+      description="Kubernetes External Secrets allows you to use external secret management systems to securely add secrets in Kubernetes" \
+      license="MIT" \
+      version="3.3.0" \
+      maintainer="cht@dsop.io"
+ENV NODE_ENV=production \
+    NPM_CONFIG_LOGLEVEL=info
+USER root
+RUN dnf -y update && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf    
+COPY --from=builder --chown=1001:0 /app ${HOME}
+USER 1001
+HEALTHCHECK --start-period=3s \
+  CMD curl -f http://localhost:3001 || exit 1
+CMD ["npm", "start"]
--- a/Jenkinsfile
+++ b/Jenkinsfile
+@Library('DCCSCR@master') _
+dccscrPipeline(version: "3.3.0")
--- a/LICENSE
+++ b/LICENSE
+The MIT License (MIT)
+Copyright (c) 2018 GoDaddy Operating Company, LLC.
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/README.md
+++ b/README.md
-# kubernetes-external-secrets
+# Kubernetes External Secrets
+Kubernetes External Secrets allows you to use external secret
+management systems, like [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) or
+[HashiCorp Vault](https://www.vaultproject.io/), to securely add secrets in
+Kubernetes. Read more about the design and motivation for Kubernetes
+External Secrets on the [GoDaddy Engineering
+Blog](https://godaddy.github.io/2019/04/16/kubernetes-external-secrets/).
+## How it works
+The project extends the Kubernetes API by adding a `ExternalSecrets` object using [Custom Resource Definition](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) and a controller to implement the behavior of the object itself.
+An `ExternalSecret` declares how to fetch the secret data, while the controller converts all `ExternalSecrets` to `Secrets`.
+The conversion is completely transparent to `Pods` that can access `Secrets` normally.
--- a/download.yaml
+++ b/download.yaml
+resources:
+  - url: "docker://docker.io/godaddy/kubernetes-external-secrets@sha256:994b24a72bf14f8682f799a4e2bc76dc8303a0d8594dacd7ace8ca104bf6b121"
+    tag: "godaddy/kubernetes-external-secrets:3.3.0"