• Name: Kubernetes Secrets
  • Category: Secret manager

Configuration

Configu needs to be authorized to access your Kubernetes Secret instance. By default, Configu attempts to load the default kubeconfig credentials via the KUBECONFIG environment variable. You can manually provide credentials via a kubeconfig file via the kubeconfig parameter. The namespace parameter must always be provided.

Usage

.configu store declaration

stores:
  my-store:
    type: kubernetes-secret
    configuration:
      namespace: default
      kubeconfig: ~/.kube/config

CLI examples

Upsert command

configu upsert --store "my-store" --set "test" --schema "./start.cfgu.json" \
    -c "GREETING=hey" \
    -c "SUBJECT=configu"

Eval and export commands

configu eval --store "my-k8s-secret-store" --set "test" --schema "./start.cfgu.json" \
 | configu export

Common errors and solutions

  1. Cluster Access Issues

    • Solution: Ensure that the kubeconfig path is correct and that your user or service account has access to the cluster. Test connectivity with:
      kubectl get nodes
      
  2. Insufficient Permissions

    • Solution: Make sure your account has GET, CREATE, and UPDATE permissions for secrets. Use the following command to grant access:
      kubectl create rolebinding configu-access --clusterrole=admin --serviceaccount=default:default
      
  3. Namespace Not Found

    • Solution: Verify that the specified namespace exists by listing all available namespaces:
      kubectl get namespaces
      
  4. Secret Access Errors

    • Solution: Check that the target secret exists and the user has proper access permissions. Use:
      kubectl get secrets -n <namespace>
      

References