cmattoon/aws-ssm

Updates Kubernetes Secrets with values from AWS Parameter Store

For example usage, see example.yaml
Use the Helm chart to get up and running quickly

Build Options

Helm Chart (recommended): make {lint|install|purge}
Go: make test && make build
Docker: make container

Helm Chart

Install Helm Chart

First, export required variables, then run make install.

export AWS_REGION=<region>
export AWS_SECRET_KEY=<secret>
export AWS_ACCESS_KEY=<access-key-id>

AWS User/Role

The AWS credentials should be associated with an IAM user/role that has the following permissions:

@todo

Values

Value	Default	Example	Description
aws_region		us-west-2	The AWS region in which the Pod is deployed
kubeconfig64			The output of `$(cat $KUBE_CONFIG
metrics_port	9999		Serve metrics/healthchecks on this port
replicas	1		The number of Pods
image.name	cmattoon/aws-ssm	/	The Docker image to use for the Pod container
image.tag	latest		The Docker tag for the image
resources	{}		Kubernetes Resource Requests/Limits

Docker Container

Build

Run make container to build the Docker image

Configuration

The following app config values can be provided via environment variables or CLI flags. CLI flags take precdence over environment variables.

A KUBE_CONFIG and MASTER_URL are only necessary when running outside of the cluster (e.g., dev)

Environment	Flag	Default	Description
AWS_REGION	-region	us-west-2	The AWS Region
METRICS_URL	-metrics-url	0.0.0.0:9999	Address for healthchecks/metrics
KUBE_CONFIG	-kube-config		The path to the kube config file
MASTER_URL	-master-url		The Kubernetes master API URL

MVP Working (go binary)

Create Parameter in AWS Parameter Store

my_value = foobar

Create Kubernetes Secret with Annotations

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  annotations:
    "alpha.ssm.cmattoon.com/k8s-secret-name": my-secret
    "alpha.ssm.cmattoon.com/aws-param-name": my_value
    "alpha.ssm.cmattoon.com/aws-param-type": SecureString
    "alpha.ssm.cmattoon.com/aws-param-key": "alias/aws/ssm"
data: {}

Run Binary
A key with the name $ParameterType should have been added to your Secret

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  annotations:
    "alpha.ssm.cmattoon.com/k8s-secret-name": my-secret
    "alpha.ssm.cmattoon.com/aws-param-name": my_value
    "alpha.ssm.cmattoon.com/aws-param-type": SecureString
    "alpha.ssm.cmattoon.com/aws-param-key": "alias/aws/ssm"
data:
  SecureString: foobar

Build

make
make container

Name		Name	Last commit message	Last commit date
Latest commit History 85 Commits
aws-ssm		aws-ssm
pkg		pkg
scripts		scripts
.codecov.yml		.codecov.yml
.dockerignore		.dockerignore
.gitignore		.gitignore
.travis.yml		.travis.yml
CHANGELOG.md		CHANGELOG.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
docker-compose.yml		docker-compose.yml
environment.yaml		environment.yaml
example.yaml		example.yaml
glide.yaml		glide.yaml
main.go		main.go
version.txt		version.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

cmattoon/aws-ssm

Build Options

Helm Chart

Install Helm Chart

AWS User/Role

Values

Docker Container

Build

Configuration

MVP Working (go binary)

Build

About

Uh oh!

Releases

Packages

Languages

License

opsdev-ws/aws-ssm

Folders and files

Latest commit

History

Repository files navigation

cmattoon/aws-ssm

Build Options

Helm Chart

Install Helm Chart

AWS User/Role

Values

Docker Container

Build

Configuration

MVP Working (go binary)

Build

About

Resources

License

Code of conduct

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages