Configuration secrets

Some of the configuration values are considered secrets, and cannot be saved in plain text format. We recommend using SealedSecrets or one of the other secret management system for Kubernetes, to encrypt the secret values.

As an alternative, we can pull secret values from Kubernetes secrets.

First, define an environment variable that is taken from a Kubernetes secret.

In your generated_values.yaml file add:

runner:
  additional_env_vars:
  - name: GRAFANA_KEY
    valueFrom:
      secretKeyRef:
        name: my-robusta-secrets
        key: secret_grafana_key

Next, define that the value should be pulled from an environment variable by using the special {{ env.VARIABLE }} syntax:

globalConfig:
  grafana_api_key: "{{ env.GRAFANA_KEY }}"
  grafana_url: http://grafana.namespace.svc

Finally, create a Kubernetes secret named my-robusta-secrets, and in it secret_grafana_key with your grafana api key.

Values can be taken from environment variables in:

• global config

• playbooks action parameters

• sinks configuration