A Kubernetes Operator based on the Operator SDK (Helm version) to configure official external-secrets operator helm chart, so it can be installed via OLM without having to do any change on current Helm Charts.
Before any other resources provided by this Operator can be deployed, it is essential to create an OperatorConfig resource.
The usual Helm Chart file values.yaml, like:
prometheus:
enabled: true
service:
port: 8080
resources:
requests:
cpu: 10m
memory: 96Mi
limits:
cpu: 100m
memory: 256Mineeds to be encapsulated into a new custom resource called OperatorConfig:
apiVersion: operator.external-secrets.io/v1alpha1
kind: OperatorConfig
metadata:
name: cluster
spec:
prometheus:
enabled: true
service:
port: 8080
resources:
requests:
cpu: 10m
memory: 96Mi
limits:
cpu: 100m
memory: 256MiOnce the OperatorConfig resource is deployed, the operator will create all helm chart resources, using the custom resource name as a preffix for all resources names, like for example a Deployment called cluster-external-secrets.
Initially, all operator files bootstraping have been created with operator-sdk:v1.15.0 (commit):
$ operator-sdk init --plugins helm --group operator --domain external-secrets.io --version v1alpha1 --kind OperatorConfig --helm-chart=external-secrets --helm-chart-repo=https://charts.external-secrets.io/ --helm-chart-version=0.3.8
Writing kustomize manifests for you to edit...
Creating the API:
$ operator-sdk create api --group operator --version v1alpha1 --kind OperatorConfig --helm-chart external-secrets --helm-chart-repo https://charts.external-secrets.io/ --helm-chart-version 0.3.8
Writing kustomize manifests for you to edit...
Created helm-charts/external-secrets
Generating RBAC rules
WARN[0006] Using default RBAC rules: failed to generate RBAC rules: failed to get server resources: UnauthorizedAnd then, the most important change done on predefined files was the operator ClusterRole, which needed extra permissions in order to be able to create all resources created by the Helm Chart (commit).
The rest of the changes are mostly cosmetic, a kind of k8s-operator-olm envelope for the real Helm Chart that will be downloaded dynamically using helm chart version on every operator image build at helm-charts/external-secrets.
You can contribute by:
- Raising any issues you find using External Secrets Operator
- Fixing issues by opening Pull Requests
- Submitting a patch or opening a PR
- Improving documentation
- Talking about External Secrets Operator
All bugs, tasks or enhancements are tracked as GitHub issues.
External Secrets Operator is under Apache 2.0 license. See the LICENSE file for details.
Note: This Helm Operator will deploy ESO (when you create the OperatorConfig) without the CRDs. With OLM this is not a problem since OLM manages and deploys the CRDs. If for some reason you plan to use this helm operator without OLM, you need to apply the ESO CRDs to you cluster at some point.