Skip to content

Instantly share code, notes, and snippets.

Michael Treacher treacher

Block or report user

Report or block treacher

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View kube2iam.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube2iam
namespace: kube-system
labels:
app: kube2iam
spec:
template:
metadata:
View deployment.yaml
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: kube-kms-example
namespace: default
labels:
app: kube-kms-example
spec:
replicas: 2
View node-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::{AccountId}:role/k8s/*"
}
View Dockerfile.kube-kms-example
FROM alpine:3.5
RUN apk add --update bash curl && rm -rf /var/cache/apk/*
# Install shush
RUN curl -sL -o /usr/local/bin/shush \
https://github.com/realestate-com-au/shush/releases/download/v1.3.0/shush_linux_amd64 \
&& chmod +x /usr/local/bin/shush
# Add a user so that we're not running our executables as root.
View secrets.yaml
KMS_ENCRYPTED_DB_PASSWORD: "AQICAHj5jPUgYWAnjEXVeSvtg98gusmUcncxTb1pg+/p9W6NOAHd4xDeWtNSGUWMyqOf7h6cAAAAZzBlBgkqhkiG9w0BBwagWDBWAgEAMFEGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM7tDQv7h73zQftY5tAgEQgCTlI1uXcgBrNdvsBoXb2ytkkya+VJRHl2zZWMW5qzheJ2YKeSg="
KMS_ENCRYPTED_DB_USER: "AQICAHj5jPUgYWAnjEXVeSvtg98gusmUcncxTb1pg+/p9W6NOAHrz68itBGQ6jgbmK6HgzDRAAAAYTBfBgkqhkiG9w0BBwagUjBQAgEAMEsGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMJj0q65b8KZo4sRY6AgEQgB7cksi/tq9lmyQtBh4uK6HfmyoMHIMm+a72gu4o8Qo="
KMS_ENCRYPTED_API_KEY: "AQICAHj5jPUgYWAnjEXVeSvtg98gusmUcncxTb1pg+/p9W6NOAFobUiYON7DRYoe3ZtSC5nNAAAAZzBlBgkqhkiG9w0BBwagWDBWAgEAMFEGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMSsYpPDJvAnRITyNsAgEQgCREj7SdmKYG7gX+JOMJfYG4ILnujd0ZLfXYrJcxrTy4XTCkTzU="
KMS_ENCRYPTED_SERVICE_PASSWORD: "AQICAHj5jPUgYWAnjEXVeSvtg98gusmUcncxTb1pg+/p9W6NOAElX/reSqpDqhuY1RgYaQ72AAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMy8al1te4FCu+pdEjAgEQgCNlNfdZamx7R5cHhX6uQSFRCsaIx58lN2bA97wQlhtRAQYPuw=="
View feed-secrets-to-shush.sh
#!/bin/bash
file_location=$1
kms_key=$2
display_usage() {
echo "Usage: $0 <file-with-secrets> <kms-key-alias>"
exit 1
}
View install-shush
curl -sL -o /usr/local/bin/shush \
https://github.com/realestate-com-au/shush/releases/download/v1.3.0/shush_linux_amd64 \
&& chmod +x /usr/local/bin/shush
View kms.yaml
AWSTemplateFormatVersion: 2010-09-09
Resources:
# KMS Key which we'll be using to encrypt our environment variables
Key:
Type: AWS::KMS::Key
Properties:
Description: kube-kms-example application secrets key
KeyPolicy:
Version: 2012-10-17
Id: allow-root-access-to-key
View secrets.txt
DB_PASSWORD=foobar123
DB_USER=foo
API_KEY=12345abcd
SERVICE_PASSWORD=bbaabb45
View pod-with-secrets.yaml
apiVersion: v1
kind: Pod
metadata:
  name: container-with-secrets
spec:
  containers:
  - name: container-with-secrets
  image: redis
  env:
  - name: SECRET_PASSWORD
You can’t perform that action at this time.