1. Answers
  2. Building Kubernetes ExternalSecret with Pulumi

How do I build a Kubernetes external-secrets.io externalsecret with Pulumi?

In this guide, we will create a Kubernetes ExternalSecret using Pulumi. ExternalSecrets allow you to inject secrets from external secret management systems into Kubernetes secrets. We will define a Kubernetes SecretStore to connect to AWS Secrets Manager and create an ExternalSecret resource to fetch the secret value and store it in a Kubernetes Secret.

Steps:

  1. Define the SecretStore to connect to AWS Secrets Manager.
  2. Create an ExternalSecret resource to fetch the secret value and store it in a Kubernetes Secret.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Define the SecretStore to connect to AWS Secrets Manager
const secretStore = new k8s.apiextensions.CustomResource("secretstore", {
    apiVersion: "external-secrets.io/v1alpha1",
    kind: "SecretStore",
    metadata: { name: "aws-secrets-manager" },
    spec: {
        provider: {
            aws: {
                service: "SecretsManager",
                region: "us-west-2",
                auth: {
                    secretRef: {
                        accessKeyIDSecretRef: {
                            name: "aws-credentials",
                            key: "accessKeyID",
                        },
                        secretAccessKeySecretRef: {
                            name: "aws-credentials",
                            key: "secretAccessKey",
                        },
                    },
                },
            },
        },
    },
});

// Create an ExternalSecret resource to fetch the secret value
const externalSecret = new k8s.apiextensions.CustomResource("externalsecret", {
    apiVersion: "external-secrets.io/v1alpha1",
    kind: "ExternalSecret",
    metadata: { name: "my-external-secret" },
    spec: {
        secretStoreRef: {
            name: "aws-secrets-manager",
            kind: "SecretStore",
        },
        target: {
            name: "my-k8s-secret",
            creationPolicy: "Owner",
        },
        data: [
            {
                secretKey: "my-secret-key",
                remoteRef: {
                    key: "my-secret",
                    property: "my-secret-property",
                },
            },
        ],
    },
});

Key Points:

  • We defined a SecretStore to connect to AWS Secrets Manager.
  • We created an ExternalSecret to fetch the secret value from AWS Secrets Manager and store it in a Kubernetes Secret.

Summary:

In this guide, we successfully created a Kubernetes ExternalSecret using Pulumi. We defined a SecretStore to connect to AWS Secrets Manager and created an ExternalSecret resource to fetch the secret value and store it in a Kubernetes Secret. This setup allows you to manage secrets securely and inject them into your Kubernetes applications.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up