jx
jx copied to clipboard
jenkins-x
migrate from KES to ESO
KES is in maintaince mode, and we should move to ESO instead https://github.com/external-secrets/kubernetes-external-secrets/issues/864
Starting the work this weekend, will update this issue with any progress/roadblock.
Any progress on this? Is it possible to plug the new Secrets provider into JX or will it break the setup/not work at the moment?
Hey @lodotek, we can support you developing this feature if it's something that you'd like to do 👍
Any update on this? Not an expert in this, but if we can help, we would like to offer some time.
i see 2 existing PRs https://github.com/jenkins-x-plugins/jx-secret/pull/387 https://github.com/jenkins-x-plugins/jx-secret/pull/397 if i were to try and pick this up, which one looks better to start from?
Hey @joshuasimon-taulia, 397 is my pr, I was doing a full boot job conversion, changing jx secret so that we could essentially scream test and see what breaks.
Ankits pr seems to already approach what he knew would break. I started again originally because I found it hard to pickup where Ankit left off.
If you decide with 397, The main thing that I needed to do next was to update all of the tests. From KES to ESO, it seems that the structure of the secrets has changed very little, it's more about updating the tests, I think that you'll probably want to write a little go script to automatically go through and update the tests (because there is a lot of them) and I don't want you to waste your time doing it manually.
There's a couple of changes that I wanted to make, one of the big ones was making the secret generation generate a space in vault that meant that the secrets had the environment included within the path, otherwise all of the resources across the namespace share one secret (which isn't ideal)