Skip to content

A Kubernetes mutating webhook that makes direct secret injection into Pods possible.

License

Notifications You must be signed in to change notification settings

94DanielBrown/secrets-webhook

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Secrets Webhook

GitHub Workflow Status OpenSSF Scorecard OpenSSF Best Practices Artifact Hub

A Kubernetes mutating webhook that makes direct secret injection into Pods possible.

Documentation

The official documentation for the webhook is available at https://bank-vaults.dev.

Development

For an optimal developer experience, it is recommended to install Nix and direnv.

Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.

Make sure Docker is installed with Compose and Buildx.

Fetch required tools:

make deps

Run project dependencies:

make up

Run the webhook:

make -j run forward

Run the test suite:

make test
make test-e2e-local

Run linters:

make lint # pass -j option to run them in parallel

Some linter violations can automatically be fixed:

make fmt

Build artifacts locally:

make artifacts

Once you are done, you can tear down project dependencies:

make down

Running e2e tests

The project comes with an e2e test suite that is mostly self-contained, but at the very least, you need Docker installed.

By default, the suite launches a KinD cluster, deploys all necessary components and runs the test suite. This is a good option if you want to run the test suite to make sure everything works. This is also how the CI runs the test suite (with a few minor differences).

You can run the test suite by running the following commands:

make test-e2e-local

Another way to run the test suite is using an existing cluster. This may be a better option if you want to debug tests or figure out why something isn't working.

Set up a Kubernetes cluster of your liking. For example, launch a KinD cluster:

kind create cluster

Deploy the necessary components (including the webhook itself):

garden deploy

Run the test suite:

make BOOTSTRAP=false test-e2e

License

The project is licensed under the Apache 2.0 License.

About

A Kubernetes mutating webhook that makes direct secret injection into Pods possible.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 95.7%
  • Makefile 1.5%
  • Smarty 1.2%
  • Nix 1.2%
  • Other 0.4%