Hi,
We’re using the Doppler Kubernetes operator to sync secrets from Doppler to our k8 cluster. This works well using the envFrom for example and passing all the env variables through to a pod for example.
I wanted to configure a K8 ingress route which is protected by basic auth. Essentially the secret for this is
apiVersion: v1
data:
username: encryptedkey=
kind: Secret
type: Opaque
Im trying to replicate creating this secret with dopplersecrets. The closest i’ve been able to come is
apiVersion: v1
data:
DOPPLER_CONFIG: ZXV5
DOPPLER_ENVIRONMENT: ZXV5
DOPPLER_PROJECT: DFJKSmcS
username: encryptedkey=
kind: Secret
type: Opaque
This is achieved with something like
apiVersion: secrets.doppler.com/v1alpha1
kind: DopplerSecret
metadata:
name: doppler-secrets-app # DopplerSecret Name
namespace: doppler-operator-system
spec:
tokenSecret: # Kubernetes service token secret (namespace defaults to doppler-operator-system)
name: doppler-token-secret
secrets:
- APP_PASSWORD
project: project
config: env
managedSecret: # Kubernetes managed secret (will be created if does not exist)
name: app-ingress-nginx-auth-test
namespace: observability # Should match the namespace of deployments that will use the secret
processors:
APP_PASSWORD:
type: plain
asName: username
Im not sure if i can exclude the DOPPLER_ENVIRONMENT / CONFIG / PROJECT. It would also be useful if there was a processor that could concatenate two value, as basic auth is some combination of username:password.
Is there a better way to do this to get a single secret and create a k8 opague secret?
Thanks!
