cmattoon / Aws Ssm
Licence: apache-2.0
Populates Kubernetes Secrets from AWS Parameter Store
Stars: ✭ 150
Programming Languages
go
31211 projects - #10 most used programming language
Projects that are alternatives of or similar to Aws Ssm
Helm Secrets
Successor of zendesk/helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere
Stars: ✭ 165 (+10%)
Mutual labels: helm-charts, helm, kubernetes-secrets
Helm Secrets
DEPRECATED A helm plugin that help manage secrets with Git workflow and store them anywhere
Stars: ✭ 1,129 (+652.67%)
Mutual labels: helm-charts, helm, kubernetes-secrets
Video Transcode Queue
A sample video upload platform as a kubernetes cluster (WIP)
Stars: ✭ 66 (-56%)
Mutual labels: helm-charts, helm
Helm Charts
Kubernetes Helm Charts for the Center for Open Science
Stars: ✭ 88 (-41.33%)
Mutual labels: helm-charts, helm
Go Api Boilerplate
Go Server/API boilerplate using best practices DDD CQRS ES gRPC
Stars: ✭ 373 (+148.67%)
Mutual labels: helm-charts, helm
Quiz
Example real time quiz application with .NET Core, React, DDD, Event Sourcing, Docker and built-in infrastructure for CI/CD with k8s, jenkins and helm
Stars: ✭ 100 (-33.33%)
Mutual labels: helm-charts, helm
Microbean Helm
A Java API for Helm, the Kubernetes package manager.
Stars: ✭ 99 (-34%)
Mutual labels: helm-charts, helm
Unfork
Kubectl plugin to find forked Helm Charts and other K8s resources and unfork them with Kustomize
Stars: ✭ 106 (-29.33%)
Mutual labels: helm-charts, helm
Stock Analysis Engine
Backtest 1000s of minute-by-minute trading algorithms for training AI with automated pricing data from: IEX, Tradier and FinViz. Datasets and trading performance automatically published to S3 for building AI training datasets for teaching DNNs how to trade. Runs on Kubernetes and docker-compose. >150 million trading history rows generated from +5000 algorithms. Heads up: Yahoo's Finance API was disabled on 2019-01-03 https://developer.yahoo.com/yql/
Stars: ✭ 605 (+303.33%)
Mutual labels: helm-charts, helm
Awesome Helm
Collaborative list of awesome helm charts and resources. PRs are welcome!
Stars: ✭ 543 (+262%)
Mutual labels: helm-charts, helm
Cp Helm Charts
The Confluent Platform Helm charts enable you to deploy Confluent Platform services on Kubernetes for development, test, and proof of concept environments.
Stars: ✭ 539 (+259.33%)
Mutual labels: helm-charts, helm
Helm Elasticstack
Kubernetes Helm Charts and Tools to run Elastic Stack(ELK) on Azure Container Service(AKS)
Stars: ✭ 76 (-49.33%)
Mutual labels: helm-charts, helm
Helm Elasticsearch
An Elasticsearch cluster on top of Kubernetes, made easier, with Helm.
Stars: ✭ 124 (-17.33%)
Mutual labels: helm-charts, helm
Ingressmonitorcontroller
A Kubernetes controller to watch ingresses and create liveness alerts for your apps/microservices in UptimeRobot, StatusCake, Pingdom, etc. – [✩Star] if you're using it!
Stars: ✭ 306 (+104%)
Mutual labels: helm-charts, helm
Landscaper
Deprecated. Takes a set of Helm Chart references with values (a desired state), and realizes this in a Kubernetes cluster
Stars: ✭ 342 (+128%)
Mutual labels: helm, kubernetes-secrets
cmattoon/aws-ssm
Updates Kubernetes Secrets with values from AWS Parameter Store
Build Options
- Helm Chart (recommended):
make {lint|install|purge} - Go:
make test && make build - Docker:
make container
Helm Chart
Install Helm Chart
First, export required variables, then run make install.
export AWS_REGION=<region>
AWS Credentials
Uses the default credential provider chain
Values
The following chart values may be set. Only the required variables (AWS credentials) need provided by the user. Most of the time, the other defaults should work as-is.
| Req'd | Value | Default | Example | Description |
|---|---|---|---|---|
| YES | aws.region | "" | us-west-2 | The AWS region in which the Pod is deployed |
| NO | aws.access_key | "" | REQUIRED when no other auth method available (e.g., IAM role) | |
| NO | aws.secret_key | "" | REQUIRED when no other auth method available (e.g., IAM role) | |
| NO | kubeconfig64 | "" | The output of $(cat $KUBE_CONFIG | base64). Stored as a Secret |
|
| NO | metrics_port | 9999 | Serve metrics/healthchecks on this port | |
| NO | image.name | cmattoon/aws-ssm | / | The Docker image to use for the Pod container |
| NO | image.tag | latest | The Docker tag for the image | |
| NO | resources | {} | Kubernetes Resource Requests/Limits | |
| NO | rbac.enabled | true | Whether or not to add Kubernetes RBAC stuff | |
| NO | ssl.mount_host | false | Mounts {ssl.host_path} -> {ssl.mount_path} as hostVolume | |
| NO | ssl.host_path | /etc/ssl/certs | The SSL certs dir on the host | |
| NO | ssl.mount_path | /etc/ssl/certs | The SSL certs dir in the container (dev) |
Configuration
The following app config values can be provided via environment variables or CLI flags. CLI flags take precdence over environment variables.
A KUBE_CONFIG and MASTER_URL are only necessary when running outside of the cluster (e.g., dev)
| Environment | Flag | Default | Description |
|---|---|---|---|
| AWS_REGION | -region | us-west-2 | The AWS Region |
| METRICS_URL | -metrics-url | 0.0.0.0:9999 | Address for healthchecks/metrics |
| KUBE_CONFIG | -kube-config | The path to the kube config file | |
| MASTER_URL | -master-url | The Kubernetes master API URL | |
| LOG_LEVEL | -log-level | info | The Logrus log level |
Basic Usage
- Create Parameter in AWS Parameter Store
my-db-password = foobar
- Create Kubernetes Secret with Annotations
apiVersion: v1
kind: Secret
metadata:
name: my-secret
annotations:
aws-ssm/k8s-secret-name: my-secret
aws-ssm/aws-param-name: my-db-password
aws-ssm/aws-param-type: SecureString
data: {}
-
Run Binary
-
A key with the name
$ParameterTypeshould have been added to your Secret
apiVersion: v1
kind: Secret
metadata:
name: my-secret
annotations:
aws-ssm/k8s-secret-name: my-secret
aws-ssm/aws-param-name: my-db-password
aws-ssm/aws-param-type: SecureString
data:
SecureString: Zm9vYmFyCg==
Annotations
| Annotation | Description | Default |
|---|---|---|
aws-ssm/k8s-secret-name |
The name of the Kubernetes Secret to modify. | <none> |
aws-ssm/aws-param-name |
The name of the AWS SSM Parameter. May be a path. | <none> |
aws-ssm/aws-param-type |
Determines how values are parsed, if at all. | String |
aws-ssm/aws-param-key |
Required if aws-ssm/aws-param-type is SecureString
|
alias/aws/ssm |
AWS Parameter Types
Values for aws-ssm/aws-param-type are:
| Value | Behavior | AWS Value | K8S Value(s) |
|---|---|---|---|
String |
No parsing is performed |
foo = bar
|
foo: bar |
SecureString |
Requires aws-param-key
|
foo = bar
|
foo: bar |
StringList |
Splits CSV mapping | foo=bar,bar=baz,baz=bat |
foo: barbar: bazbaz: bat
|
Directory |
Get multiple values | /path/to/values |
<treats each subkey/value as a String> |
Build
make # Build binary
make container # Build Docker image
make push # Push Docker image
CA Certificates
For ease of use, the ca-certificates package is installed on the final library/alpine image. If you're having SSL/TLS
connection issues, export HOST_SSL_DIR=/etc/ssl/certs before running make install. This will mount the SSL cert directory
on the EC2 instance.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].