Skip to content

Commit 5aac9eb

Browse files
linglingye001linglingye001
committed
add secret example
1 parent cd3a6b6 commit 5aac9eb

File tree

1 file changed

+55
-0
lines changed

1 file changed

+55
-0
lines changed

articles/azure-app-configuration/reference-kubernetes-provider.md

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -445,6 +445,61 @@ Two Kubernetes built-in [types of Secrets](https://kubernetes.io/docs/concepts/c
445445
|---|---|
446446
|.kubernetes.secret.type|kubernetes.io/tls|
447447

448+
The following examples show how the data is populated in the generated Secrets with different types.
449+
450+
Assuming an App Configuration store has these Key Vault references:
451+
452+
|key|value|tags|
453+
|---|---|---|
454+
|app1-secret1|uri1|`{}`|
455+
|app1-secret2|uri2|`{}`|
456+
|app1-certificate|uri3|`{".kubernetes.secret.type": "kubernetes.io/tls"}`|
457+
458+
The following sample generates Secrets of both Opaque and TLS types.
459+
460+
``` yaml
461+
apiVersion: azconfig.io/v1
462+
kind: AzureAppConfigurationProvider
463+
metadata:
464+
name: appconfigurationprovider-sample
465+
spec:
466+
endpoint: <your-app-configuration-store-endpoint>
467+
target:
468+
configMapName: configmap-created-by-appconfig-provider
469+
configuration:
470+
selectors:
471+
- keyFilter: app1*
472+
secret:
473+
target:
474+
secretName: secret-created-by-appconfig-provider
475+
auth:
476+
managedIdentityClientId: <your-user-assigned-managed-identity-client-id>
477+
```
478+
479+
The generated Secrets are populated with the following data:
480+
481+
#### [Opaque](#tab/Opaque)
482+
483+
```yaml
484+
name: secret-created-by-appconfig-provider
485+
type: Opaque
486+
data:
487+
app1-secret1: value1
488+
app1-secret2: value2
489+
```
490+
491+
#### [TLS](#tab/TLS)
492+
493+
```yaml
494+
name: app1-certificate
495+
type: kubernetes.io/tls
496+
data:
497+
tls.crt: |
498+
crt data
499+
tls.key: |
500+
key data
501+
```
502+
448503
#### Refresh of secrets from Key Vault
449504

450505
Refreshing secrets from Key Vaults usually requires reloading the corresponding Key Vault references from Azure App Configuration. However, with the `spec.secret.refresh` property, you can refresh the secrets from Key Vault independently. This is especially useful for ensuring that your workload automatically picks up any updated secrets from Key Vault during secret rotation. Note that to load the latest version of a secret, the Key Vault reference must not be a versioned secret.

0 commit comments

Comments
 (0)