Support externalized secrets

[jvassev]

In pure Fluentd one can use #{ENV['LOGZIO_TOKEN']} to get a value from the environment.

This is not usable in a multi-tenant setup like kube-fluentd-operator.

Instead, kube-fluentd-operator would need to support a similar syntax, for example: #{SECRET['my-secret']['token']}. This would presumably get a token from a secret named my-secret in the same namespace.

The SECRET syntax would be expanded as early as possible in the processor chain.

[Ramneekkhurana]

Hey Jvassev, do you have any design in mind for this, may be I can help working on this enhancement ?

[tjorourke]

We havent taken this one on @Ramneekkhurana and certainly worth having - it is still an open issue of course. FYI @jvassev is no longer at vmware and doubtful of any further updates. The team that owns this within VMW will be looking at all issues on this project though and it is certainly alive.

If you want to take this one on that would be great!

[juan-monterroza]

Hello,

Is there an update for this request?

[Cryptophobia]

@juan-monterroza , @tjorourke is out this week. There are several feature requests for this one. We will prioritize soon. Need to stabilize next tag due to some issues with v1.15.1. Will ask him when he gets back.

[armensuri]

Is there a way of getting external secrets using kfo? Is there a way to load them from env: in daemonset.yaml?

[luisdavim]

I've opened #426 that will allow using go templating in the k8s config sources, it includes a k8slookup function that allows getting data from other k8s objects like this:

{{- $cm := k8sLookup "ConfigMap.v1" "default" "my-config-map" -}}
{{- $cfg := index $cm.data "conf.yaml" | fromYaml -}}
key1 is {{ $cm.data.key1 }}
foobar key is {{ $cfg.foobar.key }}

you can also use it with Secrets or any other resource type. the format is Kind.version.apiGroup

[Cryptophobia]

On a thread from 2018, this project is alive and kicking still I see! :)