demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for existing Secrets and External Secrets Operator
Some checks failed
Helm Chart Build / lint-only (push) Has been skipped
Details
Helm Chart Build / build-helm (push) Failing after 9s
Details
Build and Deploy / build-api (push) Successful in 51s
Details
Build and Deploy / build-web (push) Successful in 1m3s
Details

Browse Source 
Enhanced secret management for API7 Gateway credentials with support
for existing Secrets and External Secrets Operator integration.

Changes:

1. Secret Configuration:
   - Added api7.gateway.existingSecret parameter for using existing secrets
   - Added api7.gateway.existingSecretKeys for custom key names
   - Modified secret-api7.yaml to only create secret if existingSecret is empty
   - Updated job-adc-sync.yaml to reference configurable secret name

2. Values.yaml Documentation:
   - Added comprehensive documentation for secret configuration options
   - Documented two approaches: inline config (dev) vs existing secret (prod)
   - Added example kubectl command for creating secrets manually
   - Included instructions for obtaining admin key from API7 EE

3. External Secrets Support:
   - Created externalsecret-api7.yaml.example with complete examples
   - Included examples for AWS Secrets Manager and HashiCorp Vault
   - Documented SecretStore configuration patterns

4. Documentation:
   - Created SECRET-MANAGEMENT.md comprehensive guide
   - Covered all secret management options (inline, manual, external)
   - Added security best practices and troubleshooting guide
   - Included examples for External Secrets Operator setup

Benefits:
- Improved security: Secrets not stored in values.yaml
- Flexibility: Support for any secret management tool
- Production-ready: Works with External Secrets Operator
- Better practices: Clear separation of config vs secrets

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
d.viti
2025-10-09 15:53:38 +02:00
parent f5a4071b71
commit 694709ae9a
5 changed files with 370 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
helm/api7ee-demo-k8s/templates/job-adc-sync.yaml
View File

@@ -47,18 +47,18 @@ spec:
- name: API7_ADMIN_URL
valueFrom:
secretKeyRef:
name: {{ include "api7ee.fullname" . }}-api7-admin
key: admin-url
name: {{ .Values.api7.gateway.existingSecret | default (printf "%s-api7-admin" (include "api7ee.fullname" .)) }}
key: {{ .Values.api7.gateway.existingSecretKeys.adminUrl | default "admin-url" }}
- name: API7_ADMIN_KEY
valueFrom:
secretKeyRef:
name: {{ include "api7ee.fullname" . }}-api7-admin
key: admin-key
name: {{ .Values.api7.gateway.existingSecret | default (printf "%s-api7-admin" (include "api7ee.fullname" .)) }}
key: {{ .Values.api7.gateway.existingSecretKeys.adminKey | default "admin-key" }}
- name: API7_GATEWAY_GROUP
valueFrom:
secretKeyRef:
name: {{ include "api7ee.fullname" . }}-api7-admin
key: gateway-group
name: {{ .Values.api7.gateway.existingSecret | default (printf "%s-api7-admin" (include "api7ee.fullname" .)) }}
key: {{ .Values.api7.gateway.existingSecretKeys.group | default "gateway-group" }}
volumeMounts:
- name: adc-config
mountPath: /config