How do I build a Kubernetes external-secrets.io externalsecret with Pulumi?
In this guide, we will create a Kubernetes ExternalSecret
using Pulumi. ExternalSecrets allow you to inject secrets from external secret management systems into Kubernetes secrets. We will define a Kubernetes SecretStore to connect to AWS Secrets Manager and create an ExternalSecret resource to fetch the secret value and store it in a Kubernetes Secret.
Steps:
- Define the SecretStore to connect to AWS Secrets Manager.
- Create an ExternalSecret resource to fetch the secret value and store it in a Kubernetes Secret.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
// Define the SecretStore to connect to AWS Secrets Manager
const secretStore = new k8s.apiextensions.CustomResource("secretstore", {
apiVersion: "external-secrets.io/v1alpha1",
kind: "SecretStore",
metadata: { name: "aws-secrets-manager" },
spec: {
provider: {
aws: {
service: "SecretsManager",
region: "us-west-2",
auth: {
secretRef: {
accessKeyIDSecretRef: {
name: "aws-credentials",
key: "accessKeyID",
},
secretAccessKeySecretRef: {
name: "aws-credentials",
key: "secretAccessKey",
},
},
},
},
},
},
});
// Create an ExternalSecret resource to fetch the secret value
const externalSecret = new k8s.apiextensions.CustomResource("externalsecret", {
apiVersion: "external-secrets.io/v1alpha1",
kind: "ExternalSecret",
metadata: { name: "my-external-secret" },
spec: {
secretStoreRef: {
name: "aws-secrets-manager",
kind: "SecretStore",
},
target: {
name: "my-k8s-secret",
creationPolicy: "Owner",
},
data: [
{
secretKey: "my-secret-key",
remoteRef: {
key: "my-secret",
property: "my-secret-property",
},
},
],
},
});
Key Points:
- We defined a
SecretStore
to connect to AWS Secrets Manager. - We created an
ExternalSecret
to fetch the secret value from AWS Secrets Manager and store it in a Kubernetes Secret.
Summary:
In this guide, we successfully created a Kubernetes ExternalSecret
using Pulumi. We defined a SecretStore
to connect to AWS Secrets Manager and created an ExternalSecret
resource to fetch the secret value and store it in a Kubernetes Secret. This setup allows you to manage secrets securely and inject them into your Kubernetes applications.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.