Kubernetes Secret Store
The kubernetes
store enables Spice to read Kubernetes secrets.
Example​
secrets:
store: kubernetes
Note: This method requires the Kubernetes service account, which is running the spiced
pod, to have extended roles for secrets API access. Make sure to configure this service account with the necessary permissions to read secrets from the Kubernetes API.
Example of Kubernetes role configuration for a custom service account:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: spiced-account-role
rules:
- apiGroups: ['']
resources: ['secrets']
verbs: ['get']