https://pulumi.com logo
Powered by
#kubernetes
Title
# kubernetes
s

square-car-84996

02/07/2022, 2:53 AM
i'd like to generate random passwords -> store in a kubernetes secret -> and read those in subsequent 
pulumi up
runs... i tried using 
k8s.core.v1.Secret.get
but its hard failing due to #3364. It seems that if I just have a normal Secret resource, everytime my code `up`s it just generates new random passwords... Has anyone successfully done something like this?
h

high-grass-3103

02/07/2022, 7:14 AM
I use @pulumi.random with keeper param
q

quiet-wolf-18467

02/07/2022, 8:07 AM
Can you share your code? Are you including the namespace in the resource name?
s

square-car-84996

02/07/2022, 1:56 PM
@quiet-wolf-18467 - the issue is the .get() fails on an initial run... my hope is to create the secret if it doesn't exist, or get it (and the contents as outputs) if it does, and reuse the contents. Essentially using kubernetes secrets as pulumi secrets, but with the added step of creating the random values if it doesn't
@high-grass-3103 - i will look into the random.RandomPassword w/ keepers, but i was hoping to not have the RNG seeded with anything so the only way to know the password is to have access to the k8s secret.
q

quiet-wolf-18467

02/07/2022, 1:59 PM
@square-car-84996 The query API might be better suited for that: https://www.pulumi.com/blog/query-kubernetes/
but IMO, that workflow seems dangerous. I'd probably use 
pulumi import
to bring the secret under Pulumi management
s

square-car-84996

02/07/2022, 3:50 PM
@quiet-wolf-18467 - it would ideally be initially created by pulumi... i just want the ability to pull existing values (if they exist) and create them if they don't.
i will look into the Query API
the query api looks pretty simple... much easier than the standard APIs i use for various k8s automations
47 Views
Powered by