Managing SecretsΒΆ

Some configuration values are considered secrets and cannot be saved in plain text format.

We recommend using SealedSecrets or another secret management system for Kubernetes.

As an alternative, Robusta can pull secret values from Kubernetes secrets.

Pulling Values from Kubernetes SecretsΒΆ

Robusta can pull values from Kubernetes secrets for:

  • Sink Configuration

  • Global Config

  • Action Parameters

  • Robusta RSA keys

To do so, first define an environment variable based on a Kubernetes secret. Add to Robusta's Helm values:

runner:
  additional_env_vars:
  - name: GRAFANA_KEY
    valueFrom:
      secretKeyRef:
        name: my-robusta-secrets
        key: secret_grafana_key

Then reference that environment variable in other Helm values using the special {{ env.VARIABLE }} syntax:

globalConfig:
  grafana_api_key: "{{ env.GRAFANA_KEY }}"
  grafana_url: http://grafana.namespace.svc

Finally, make sure the Kubernetes secret actually exists. In this example, create a Secret named my-robusta-secrets with a secret_grafana_key value inside.

For Robusta RSA keys, you can define the existingSecret parameter. The secret must have the pub and prv keys.