From bb70ff96d298d9dfcd32acc46d40296eb8724ebe Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Wed, 8 Mar 2023 20:33:18 -0800 Subject: [PATCH] Add docs for k8 Global configuration --- docs/integrations/platforms/kubernetes.mdx | 39 ++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/docs/integrations/platforms/kubernetes.mdx b/docs/integrations/platforms/kubernetes.mdx index 07ce0aae3f..069fe1ed43 100644 --- a/docs/integrations/platforms/kubernetes.mdx +++ b/docs/integrations/platforms/kubernetes.mdx @@ -50,7 +50,7 @@ metadata: # Name of of this InfisicalSecret resource name: infisicalsecret-sample spec: - # The host that should be used to pull secrets from. The default value is https://app.infisical.com/api. + # The host that should be used to pull secrets from. If left empty, the value specified in Global configuration will be used hostAPI: https://app.infisical.com/api # The Kubernetes secret the stores the Infisical token @@ -288,8 +288,43 @@ spec: ``` +## Global configuration +To configure global settings that will apply to all instances of `InfisicalSecret`, you can define these configurations in a Kubernetes ConfigMap. +For example, you can configure all `InfisicalSecret` instances to fetch secrets from a single backend API without specifying the `hostAPI` parameter for each instance. -## Troubleshoot +### Available global properties +| Property | Description | Default value +| -------- | ------------------------------------- |------------------------ +| hostAPI | If `hostAPI` in `InfisicalSecret` instance is left empty, this value will be used | https://app.infisical.com/api + + +### Applying global configurations +All global configurations must reside in a Kubernetes ConfigMap named `infisical-config` in the namespace `infisical-operator-system`. +To apply global configuration to the operator, copy the following yaml into `infisical-config.yaml` file. + +```yaml infisical-config.yaml +apiVersion: v1 +kind: Namespace +metadata: + name: infisical-operator-system +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: infisical-config + namespace: infisical-operator-system +data: + hostAPI: https://example.com/api # <-- global hostAPI +``` + +Then apply this change via kubectl by running the following + +```bash +kubectl apply -f infisical-config.yaml +``` + + +## Troubleshoot operator If the operator is unable to fetch secrets from the API, it will not affect the managed Kubernetes secret. It will continue attempting to reconnect to the API indefinitely.