Feat: Add a convenient way to mount preshared keys from secrets #175
Comments
|
Hello, Here is an example of your use-case authn:
method: preshared
extraEnvVars:
- name: OPENFGA_AUTHN_PRESHARED_KEYS
valueFrom:
secretKeyRef:
name: your-secret
key: your-keyMake sure you do not have anything in I also had more constraints regarding this injection as I had to use the Vault provider and the CSI driver, which requires the secret also to be loaded as in a volume. Here the configuration would be a bit more involved but still doable in the chart values : authn:
method: preshared
extraEnvVars:
- name: OPENFGA_AUTHN_PRESHARED_KEYS
valueFrom:
secretKeyRef:
name: your-secret
key: your-key
extraVolumes:
- name: your-secret-volume
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: your-secret-provider-class
extraVolumeMounts:
- name: your-secret-volume
mountPath: /your/mount/path
readOnly: true
extraObjects:
- apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: your-secret-provider-class
spec:
provider: vault
secretObjects:
- data:
- key: your-object-name
objectName: your-key
secretName: your-secret
type: Opaque
parameters:
vaultAddress: "https://vault"
objects: |
- objectName: your-object-name
secretPath: "your/secret/path/in/vault"
secretKey: your-vault-key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently preshared keys are hardcoded in values.yaml
The text was updated successfully, but these errors were encountered: