Git Product home page Git Product logo

doppler-k8s-controller's Introduction

ℹī¸ This project has been replaced with the Doppler Kubernetes Operator.

Doppler Kubernetes Controller (experimental)

Automatically sync secrets from Doppler to Kubernetes with auto-reload of Deployments when secrets change.

Doppler Kubernetes Controller Diagram

Step 1. Deploying the Doppler Controller

Deploy the controller by running:

kubectl apply -f doppler-crd-controller.yml
kubectl rollout status -w deployment/doppler-controller --namespace doppler-controller

Step 2. Creating a DopplerSecret

The first step is to create a custom DopplerSecret resource, consisting of a name and a Doppler Service Token.

Upon DopplerSecret creation, the controller creates an associated Kubernetes secret, populating it with the secrets fetched from the Doppler API in Key-Value format.

To follow along with an example, update the code below with a real Service Token and save as doppler-secret.yml:

apiVersion: doppler.com/v1
kind: DopplerSecret 
metadata:
  name: dopplersecret-test # DopplerSecret resource name
spec:
  serviceToken: dp.st.dev.XXXX # Change to your Doppler Service Token
  secretName: doppler-test-secret # Kubernetes Secret name

Then create the DopplerSecret:

kubectl apply -f doppler-secret.yml

Check that the associated Kubernetes secret has been created:

# List all Kubernetes secrets created by the Doppler controller
kubectl describe secrets --selector=dopplerSecret=true

# Or to view secret values
./bin/get-secret.sh doppler-test-secret

The controller continuously watches for secret updates from Doppler and when detected, automatically and instantly updates the associated secret.

Next, we'll cover how to configure a deployment to use the Kubernetes secret and enable auto-reloading for Deployments.

Step 3. Configuring a Deployment

To use the secret created by the Controller, we'll use the envFrom field to populate a container's environment variables using the secrets's Key-Value pairs:

envFrom:
  - secretRef:
    name: mysecret # Matches the DopplerSecret name

Adding automatic and instant reloading of a deployment requires just a single annotation on the Deployment:

annotations:
  dopplersecrets.doppler.com/reload: 'true'

Let's look at a complete example that uses previously created DopplerSecret. Save the below as doppler-deployment.yml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: doppler-test-deployment
  annotations:
    dopplersecrets.doppler.com/reload: 'true'
spec:
  replicas: 2
  selector:
    matchLabels:
      app: doppler-test
  template:
    metadata:
      labels:
        app: doppler-test
    spec:      
      containers:
        - name: doppler-test
          image: alpine
          command: ['/bin/sh', '-c', 'apk add --no-cache tini > /dev/null 2>&1 && printenv | grep -v KUBERNETES_ && tini -s tail -f /dev/null'] # Test by printing env var names          
          imagePullPolicy: Always
          envFrom:
            - secretRef:
                name: doppler-test-secret # Should match DopplerSecret.spec.secretName
          resources:
            requests:
              memory: '250Mi'
              cpu: '250m'
            limits:
              memory: '500Mi'
              cpu: '500m'

Create the deployment:

kubectl apply -f doppler-deployment.yml
kubectl rollout status -w deployment/doppler-test-deployment

Once the Deployment has completed, you can view the logs of the test container, which lists the environment variables (minus those with the KUBERNETES_ prefix):

kubectl logs -lapp=doppler-test

Debugging and Troubleshooting

NOTE: The watch binary is used by the below commands and can be installed on macOS using homebrew with brew install watch.

This repo contains a couple of handy scripts that give greater visibility into the secret and deployment updating process.

To watch a Doppler owned secret for updates:

# Replace `doppler-test-secret` with your secret name
./bin/get-secret.sh doppler-test-secret

To watch the logs of a running Pod:

# Replace `app=doppler-test` with your deployment label selector
watch ./bin/pod-logs.sh app=doppler-test

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤ī¸ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.