Skip to content

Commit 47aacbb

Browse files
committed
add K8s section into README
1 parent 16c978e commit 47aacbb

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,10 @@ In order to resolve Google secrets from Google Secret Manager, `secrets-init` sh
7979

8080
This can be achieved by assigning IAM Role to Kubernetes Pod with [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity). It's possible to assign IAM Role to GCE instance, where container is running, but this option is less secure.
8181

82+
## Kubernetes `secrets-init` admission webhook
83+
84+
The [kube-secrets-init](https://github.com/doitintl/kube-secrets-init) implements Kubernetes [admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks) that injects `secrets-init` [initContainer](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) into any Pod that references cloud secrets (AWS Secrets Manager, AWS SSM Parameter Store and Google Secrets Manager) implicitly or explicitly.
85+
8286
## Code Reference
8387

8488
Initial init system code was copied from [go-init](https://github.com/pablo-ruth/go-init) project.

0 commit comments

Comments
 (0)