General GitOps Secrets Generator Documentation. Please note there are much better, more secure and scalable, setups for Kubernetes secrets.

K8s-Kustomization-Secrets-Documentation.md

Secrets

Secrets Generation

Various secrets need to be "hydrated" prior to running any kustomizations.

Specifically, each cluster will contain a secrets directory that contains a secretGenerator directive. Various files will need to be established under a nested .secrets directory.

• Official Documentation: Managing Secrets Using Kustomize.

The .secrets directory should be explicitly ignored from version control:

# .gitignore example

### Secrets

.[Ss]ecrets

It's also suggested to specify a .editorconfig within the secrets directory to prevent newlines from getting added to the end of the secret file(s):

[*]
insert_final_newline = false

See each cluster's **/secrets/kustomization.yaml to identify which file(s) are required.

Example

.
└── clusters
    ├── example-cluster-1
    │   ├── ...
    │   └── secrets
    │       ├── kustomization.yaml
    │       └── .secrets *
    │           └── namespace-specific-secret.json *
    └── example-cluster-2
        ├── ...
        └── secrets
            ├── kustomization.yaml
            └── .secrets *
                └── namespace-specific-secret.json *

For additional help or questions on secret-related requirements, please reach out the maintainers, or speak with a systems administrator.

Example kustomization.yaml

# External Links & Reference(s)
#   - https://kubernetes.io/docs/concepts/configuration/secret
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
    -   name: "example-secret-name"
        type: Opaque
        options:
            disableNameSuffixHash: true
        files:
            -   .secret/namespace-specific-secret.json