Thread
#kubernetes
    s

    square-car-84996

    7 months ago
    i'd like to generate random passwords -> store in a kubernetes secret -> and read those in subsequent
    pulumi up
    runs... i tried using
    k8s.core.v1.Secret.get
    but its hard failing due to #3364. It seems that if I just have a normal Secret resource, everytime my code ups it just generates new random passwords... Has anyone successfully done something like this?
    h

    high-grass-3103

    7 months ago
    I use @pulumi.random with keeper param
    q

    quiet-wolf-18467

    7 months ago
    Can you share your code? Are you including the namespace in the resource name?
    s

    square-car-84996

    7 months ago
    @quiet-wolf-18467 - the issue is the .get() fails on an initial run... my hope is to create the secret if it doesn't exist, or get it (and the contents as outputs) if it does, and reuse the contents. Essentially using kubernetes secrets as pulumi secrets, but with the added step of creating the random values if it doesn't
    @high-grass-3103 - i will look into the random.RandomPassword w/ keepers, but i was hoping to not have the RNG seeded with anything so the only way to know the password is to have access to the k8s secret.
    q

    quiet-wolf-18467

    7 months ago
    @square-car-84996 The query API might be better suited for that: https://www.pulumi.com/blog/query-kubernetes/
    but IMO, that workflow seems dangerous. I'd probably use
    pulumi import
    to bring the secret under Pulumi management
    s

    square-car-84996

    7 months ago
    @quiet-wolf-18467 - it would ideally be initially created by pulumi... i just want the ability to pull existing values (if they exist) and create them if they don't.
    i will look into the Query API
    the query api looks pretty simple... much easier than the standard APIs i use for various k8s automations