Skip to content
This repository has been archived by the owner on Sep 9, 2022. It is now read-only.

Feature request - support multiple Secrets injection #41

Open
AmitBaranes opened this issue Feb 18, 2021 · 15 comments
Open

Feature request - support multiple Secrets injection #41

AmitBaranes opened this issue Feb 18, 2021 · 15 comments

Comments

@AmitBaranes
Copy link

As much as I can tell, Currently, We can inject one secret only using secrets.k8s.aws/secret-arn .
Would be nice to inject multiple secrets into a given pod.
@jicowan
Copy link
Contributor

jicowan commented Feb 19, 2021

That's right. There is a fork of this project that supports multiple secrets.

@AmitBaranes
Copy link
Author

Thanks for the fast response!

Would you mind sharing it?
Any estimation time on when this change will be merged?

@jicowan
Copy link
Contributor

jicowan commented Mar 2, 2021

See the aws-samples:multi-secret branch. There are no plans to merge it at the moment.

@themattkeating
Copy link

It's quite a fundamental bit of functionality :"requesting more than one secret".
I've been testing the multi-secret branch. Bit of a faff trying to get things working, due to the gitpages.io repo not serving the updated charts.

@divyangjp
Copy link

How to get helm chart for multi-secret branch!

@devopsmash
Copy link

This Feature is really important in case of injecting my certificate and my key to my nginx pod

@adriantaut
Copy link

wonderful and easy to use tool, but indeed, a multi-secret feature would help a lot

@bjethwan
Copy link

See the aws-samples:multi-secret branch. There are no plans to merge it at the moment.

@jicowan
I am using this project in production. And it's often asked to support multiple secrets.
So I was wondering as to why wouldn't you support/merge the muti-secret fork?

@adriantaut
Copy link

@bjethwan I think it might be related with the recommendation to use the just release ASCP project, as describe in this project's README.

https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/

You can give it a try, it seems to work just fine within our EKS implementation

@bjethwan
Copy link

@adriantaut
CSI driver is cool (I was in loop with CSI driver pm team) but it doesn't fit the design of my k8s based platform.
Further, the cost ($) of the poll-based rotation-reconciler is bothering.

@adriantaut
Copy link

@bjethwan ah ok, wondering why it does not fit it. I think you can disable the reconciler

@jicowan
Copy link
Contributor

jicowan commented Apr 29, 2021

@bjethwan @adriantaut The cost of polling is pretty negligible ($0.05 per 10,000 API calls) and you can configure the polling interval or disable it all together. We are not supporting the multi-secret branch because it is a complete re-write of the sidecar/admission controller and we're not prepared to support it. We were hoping the contributor would maintain it, but that has not come to pass.

@AmitBaranes
Copy link
Author

We ended up writing our own service to support this request, I can share the source code if interested.

@adriantaut
Copy link

We ended up writing our own service to support this request, I can share the source code if interested.

sure @AmitBaranes I would be interested

@KyMidd
Copy link

KyMidd commented Jul 25, 2022

We ended up writing our own service to support this request, I can share the source code if interested.

@AmitBaranes - Also interested, looking at keeping secrets out of k8s "secrets" objects, but still utilize k8s IRSA

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@themattkeating @divyangjp @bjethwan @jicowan @KyMidd @devopsmash @adriantaut @AmitBaranes