secretGenerator

Generate Secret resources.

Each entry in the argument list results in the creation of one Secret resource (it’s a generator of N secrets).

This works like the configMapGenerator.

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

secretGenerator:
- name: app-tls
  files:
  - secret/tls.cert
  - secret/tls.key
  type: "kubernetes.io/tls"
- name: app-tls-namespaced
  # you can define a namespace to generate
  # a secret in, defaults to: "default"
  namespace: apps
  files:
  - tls.crt=catsecret/tls.cert
  - tls.key=secret/tls.key
  type: "kubernetes.io/tls"
- name: env_file_secret
  envs:
  - env.txt
  type: Opaque
- name: secret-with-annotation
  files:
  - app-config.yaml
  type: Opaque
  options:
    annotations:
      app_config: "true"
    labels:
      app.kubernetes.io/name: "app2"

Secret Resources may be generated much like ConfigMaps can. This includes generating them from literals, files or environment files.

Example

File Input

# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
- name: app-tls
  files:
    - "tls.cert"
    - "tls.key"
  type: "kubernetes.io/tls"
# tls.cert
LS0tLS1CRUd...tCg==
# tls.key
LS0tLS1CRUd...0tLQo=

Build Output

apiVersion: v1
data:
  tls.cert: TFMwdExTMUNSVWQuLi50Q2c9PQ==
  tls.key: TFMwdExTMUNSVWQuLi4wdExRbz0=
kind: Secret
metadata:
  name: app-tls-c888dfbhf8
type: kubernetes.io/tls


Last modified February 4, 2021: Provide kustomization file overview. (8e1ef9f)