i'd like to generate random passwords -> store ...
# kubernetes
i'd like to generate random passwords -> store in a kubernetes secret -> and read those in subsequent
pulumi up
runs... i tried using
but its hard failing due to #3364. It seems that if I just have a normal Secret resource, everytime my code `up`s it just generates new random passwords... Has anyone successfully done something like this?
I use @pulumi.random with keeper param
Can you share your code? Are you including the namespace in the resource name?
@quiet-wolf-18467 - the issue is the .get() fails on an initial run... my hope is to create the secret if it doesn't exist, or get it (and the contents as outputs) if it does, and reuse the contents. Essentially using kubernetes secrets as pulumi secrets, but with the added step of creating the random values if it doesn't
@high-grass-3103 - i will look into the random.RandomPassword w/ keepers, but i was hoping to not have the RNG seeded with anything so the only way to know the password is to have access to the k8s secret.
@square-car-84996 The query API might be better suited for that: https://www.pulumi.com/blog/query-kubernetes/
but IMO, that workflow seems dangerous. I'd probably use
pulumi import
to bring the secret under Pulumi management
@quiet-wolf-18467 - it would ideally be initially created by pulumi... i just want the ability to pull existing values (if they exist) and create them if they don't.
i will look into the Query API
the query api looks pretty simple... much easier than the standard APIs i use for various k8s automations