npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

azure-k8s-config

v1.0.0

Published

Generate Kubernetes Secret files from Azure App Configuration and Azure Key Vault data.

Downloads

55

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jsaarijsaari

Keywords

azurekubernetessecretsconfigk8s

Readme

App Configuration + Key Vault Kubernetes Secrets

Node.js based tool for generating Kubernetes Secret Configurations from Azure App Configuration and Azure Key Vault data.

Compatible with environments that use environment variables (eg. Node.js).

Note: This package creates opaque Kubernetes secrets, which are base64 encoded and not securely encrypted.

Features

  • Version control your configurations without commiting sensitive data.
  • Kubernetes vendor agnostic.
  • Mix App Configuration keys with local variables.
  • Written in TypeScript, typings included.

Services used:

How it works

Instead of directly entering the data values in your Secrets, you enter the key of your wanted App Configuration key-value pair. The application then fetches the value associated with the key, base64 encodes it and returns the ready to use configuration.

Example

An example secret configuration.

apiVersion: v1
kind: Secret
metadata:
  name: backend-secrets
  namespace: production
type: Opaque
data:
  JWT_SECRET: backend-service/production/jwt-secret
  BASE_URL: backend-service/production/base-url

returns:

apiVersion: v1
kind: Secret
metadata:
  name: backend-secrets
  namespace: production
type: Opaque
data:
  JWT_SECRET: c2llbmkgZWkgb2xlIGthc3Zp
  BASE_URL: aHR0cHM6Ly9leGFtcGxlLmFwcA==

Usage

There are two ways to use this library, either the Command-Line or programmatically in a Node script.

Using the Command Line (npx)

npx azure-k8s-config input/ output/

Using in a node script

npm install azure-k8s-config
const generateSecrets = require("azure-k8s-config");

generateSecrets({
  input: "<input-dir>",
}).then((configs) => { /* ... */ });

API

azure-k8s-config <INPUT-DIRECTORY> <OUPUT-DIRECTORY> [FLAGS]

Flags

  • --force (alias -f, default: false) – allow usage of locally defined variables not defined in App Configuration.
  • --recursive (alias -r, default: false) – Recursively search through subdirectories for kubernetes configurations

Setting up Azure

This workflow requires you to setup a few Azure resources to get everything working correctly. This package only requires App Configuration and can be used without the Azure Key Vault service.

Create Service Principal

Create App Configuration Resource:

az appconfig create --name <app-configuration-resource-name> \
	--resource-group <resource-group-name> \
	--location eastus

Create Key Vault Resource: (optional)

az keyvault create --name <key-vault-resource-name> \
	--resource-group <resource-group-name> \
	--location eastus

Create Service Principal:

az ad sp create-for-rbac -n example-app --skip-assignment

which outputs:

{
  "appId": "xxxx-xxxx-xxxx",
  "displayName": "example-app",
  "name": "http://example-app",
  "password": "xxxx-xxxx-xxxx",
  "tenant": "xxxx-xxxx-xxxx"
}

Next create an .env file in the project root directory.

Your .env file should look like this:

AZURE_APP_CONFIG_NAME="<app-configuration-resource-name>"
AZURE_TENANT_ID="<tenant>"
AZURE_CLIENT_ID="<appId>"
AZURE_CLIENT_SECRET="<password>"
AZURE_KEYVAULT_NAME="<key-vault-resource-name>" # optional

Note

Make sure to save your service principal password, as you cannot retrieve it again after this step. If you've lost your password you need to generate a new password using the following command:

 az ad sp credential reset --name <service principal's appId>

If you're using Key Vault, you also need to add Key Vault permissions for the Service Principal account

az keyvault set-policy --name <key-vault-resource-name> \
	--spn <appId> \
	--secret-permissions get

Add Reader permissions for service principal

az role assignment create --role "App Configuration Data Reader" \
	--assignee <appId> \
	--resource-group <resource-group-name>

Setting up Azure Event Grid (optional)

This step is optional but recommended if you want to keep your Kubernetes Secret configurations synced with Azure App Configuration.

Azure Event Grid can be used to listen to App Configuration changes and trigger events based on that, eg. a webhook to trigger your Continuous Deployment (CD) tool.

Register Azure Event Grid if you haven't already

az provider register -n Microsoft.EventGrid

The registration might take a while, you can check the status with the following command

az provider show -n Microsoft.EventGrid --query "registrationState"

After the registration is finished you'll be able to create subscriptions to your Event Grid. The following example subscribes to the App Configuration resource and hits the given endpoint every time a key is added, updated or removed.

az eventgrid event-subscription create \
  --source-resource-id <app-configuration-resource-name> \
  --name <event-subscription-name> \
  --endpoint <webhook-endpoint>

Development

Add dev setup instructions

License

MIT 2021 - Jim Saari