Last active
November 16, 2022 19:12
-
-
Save Kaezon/67ac9c9e6270c77d710289489e84a8f9 to your computer and use it in GitHub Desktop.
Ansible - Get k8s secrets from inside the cluster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# This task runs in a container inside the k8s's cluster | |
# Other required k8s objects: | |
# - ServiceAccount | |
# - Role (with read access to secrets) | |
# - RoleBinding | |
- name: Get Secret from K8s API | |
hosts: localhost | |
connection: local | |
tasks: | |
- name: Get Secret | |
kubernetes.core.k8s_info: | |
api_version: v1 | |
kind: Secret | |
name: my-cool-secret | |
namespace: default | |
register: my_secret | |
- name: Print secret | |
ansible.builtin.debug: | |
# Any matching objects are returned as a list of dictionaries | |
# Secret values are 64bit encoded as usual | |
msg: "{{ my_secret.resources[0].data.password | b64decode }}" | |
when: my_secret.api_found # This value will be true if the requested object was found | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# An example secret for reference | |
# Sourced from Lens' default templates | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: my-cool-secret | |
namespace: default | |
type: kubernetes.io/basic-auth | |
stringData: | |
username: admin | |
password: t0p-Secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment