aritraplaygroundtech

# Sample Deployment to fetch and echo the secret value
resource "kubernetes_deployment" "aritra_demo_app" {
  metadata {
    name      = "aritra-demo-app"
    namespace = kubernetes_namespace.external_secrets.metadata[0].name
  }
  spec {
    replicas = 1
    selector {
      match_labels = {

aritraplaygroundtech

# Kubernetes Namespace where the ExternalSecret will be created
resource "kubernetes_namespace" "external_secrets" {
  metadata {
    name = "external-secrets"
  }
}

# ExternalSecret in Kubernetes
resource "kubernetes_manifest" "aritra_demo_external_secret" {
  manifest = {

aritraplaygroundtech

resource "aws_secretsmanager_secret" "example_secret" {
  name        = "aritra-demo-secret"
  description = "This is a sample secret used by ExternalSecrets"
}

resource "aws_secretsmanager_secret_version" "example_secret_version" {
  secret_id     = aws_secretsmanager_secret.example_secret.id
  secret_string = jsonencode({
    token = "external-secrets-demo"  # Replace with the actual secret value

aritraplaygroundtech

resource "aws_secretsmanager_secret" "example_secret" {
  name        = "aritra-demo-token"
  description = "This is a sample secret used by ExternalSecrets"
}

resource "aws_secretsmanager_secret_version" "example_secret_version" {
  secret_id     = aws_secretsmanager_secret.example_secret.id
  secret_string = jsonencode({

aritraplaygroundtech

Step	Description
1	Create a secret in AWS Secrets Manager using Terraform.
2	Create a SecretStore in Kubernetes using Terraform.
3	Create an ExternalSecret resource that maps the AWS Secret to a Kubernetes Secret.
4	Deploy a sample application that echoes the value using this secret.

aritraplaygroundtech

# Define the Kubernetes Namespace
resource "kubernetes_namespace" "external_secrets" {
  metadata {
    name = "external-secrets"
  }
}

# Create the SecretStore for AWS Secrets Manager
resource "kubernetes_manifest" "aws_secret_store" {
  manifest = {

aritraplaygroundtech

apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: aws-secrets-manager
  namespace: external-secrets
spec:
  provider:
    aws:
      service: SecretsManager
      region: eu-west-1 # Replace with your AWS region

aritraplaygroundtech

resource "kubernetes_namespace" "external_secrets" {
  metadata {
    name = "external-secrets"
  }
}

resource "kubernetes_service_account" "external_secrets_sa" {
  metadata {

aritraplaygroundtech

Aspect	ConfigMap	ExternalSecret
Purpose	Store non-sensitive configuration data in key-value pairs.	Manage sensitive data stored in external secret management systems.
Use Case	Inject non-sensitive configuration information into pods.	Securely inject sensitive data (e.g., passwords, API keys) into pods.
Data Sensitivity	Not designed for sensitive data.	Designed for sensitive data.
Security Consideration	Not encrypted by default; stored in plain text in etcd.	Data is encrypted and securely managed by external systems.
**Storage Location

aritraplaygroundtech

    - name: Update deployment.yaml
      working-directory: argocd-demo
      run: |
        # Define variables
        IMAGE_REPO_NAME="aritra-argocd-demo-project"  # Update this with your ECR repo name
        IMAGE_TAG="${{ github.sha }}"
        ECR_REGISTRY="123456789.dkr.ecr.eu-west-1.amazonaws.com"  # Update this with your ECR registry

        # Update the image in the deployment.yaml file
        sed -i "s|image:.*$|image: $ECR_REGISTRY/$IMAGE_REPO_NAME:$IMAGE_TAG|" deployment.yaml