Automating Kubernetes secrets creation using AWS SSM and Terraform
AWS EKS: Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS and on-premises.
AWS Parameter store: Parameter Store is an AWS service that stores strings. It can store secret data and non-secret data alike. Secrets stored in Parameter Store are secure strings, encrypted with a customer-specific AWS KMS key.
Terraform: Terraform is an open-source infrastructure as code software tool that enables you to safely and predictably create, change, and improve infrastructure.
- Create a secret on AWS Parameter store from the AWS console.
or you can also create a secret using terraform random_password resource and store it in SSM parameter, and create a terraform datasource.
2. In terraform provider.tf file add entry to call Kubernetes provider and add the EKS context in config_context
3. Create secret using kubernetes_secret resource provided by terraform Kubernetes provider like here, and call the datasource which was created in step 1.
That’s it, in 3 easy steps one can automate the process of creating K8s secrets.