Feature Request: Load keys from Secret or ConfigMap resources #78
Description
What problem are you facing?
We manage our EnvironmentConfig resources using FluxCD which means they are committed to a git repository. Our use case for Crossplane involves creating compositions managing resources which require sensitive inputs. An easy example is that our compositions use the Kubernetes provider to create Secret resources in other clusters.
How could this Function help solve your problem?
There is not a general purpose way that I am aware of to provider secret values to Crossplane composition functions. The credentials field of the composition pipeline exists but the receiving function needs to be written to accept this. By allowing this function to read values from regular Kubernetes secrets it opens the door to use a different piece of k8s tooling to retrieve values for a Crossplane environment. The particular chain that I am interested in is:
Cloud secret store (AWS SM, GCP SM, Vault, etc.) -> External Secrets Operator -> K8s Secret -> function-environment-configs -> function-go-templating -> My composed resources
I have not fully thought through what the syntax might look like, but this pseudo-code represents the functionality I have in mind:
apiVersion: apiextensions.crossplane.io/v1beta1
kind: EnvironmentConfig
metadata:
name: environment
data:
environment: dev
myPassword:
secretRef:
name: foo
namespace: bar
key: baz