How to use customSecret on Container Runner


You may wish to contain your auth_token for Container Runner in a Kubernetes Secret.

This is possible via the customSecret parameter in your values.yaml

Please note for the container-agent pod to access this secret, you will need to have the correct Role and Rolebinding permissions set. If you utilize the built-in Service Role in your values.yaml to deploy the runner, you will not need to do anything. If you are using a custom Service Account, you will need to make sure it has the correct permissions.


How to configure a customSecret on Container Runner

Step 1 - Base64 encode your auth_token

When utilizing a Kubernetes secret, the value needs to be base64 encoded like so:

$ echo <runner_token_goes_here> | base64 -o w 

This will output your token in base64 without new lines for the next step. 


Step 2 - Create the secret

We will need to create a Kubernetes secret file. 

# container-runner-secret.yaml

apiVersion: v1
kind: Secret
name: <name_of_your_secret>
namespace: <namespace_container_runner_is_deployed_to>
<namespace>.<runner_name>: <base64_encoded_token>

Due to Kubernetes' secret key character constraints, the / separating the namespace and resource class name is replaced with a . character. Other than this, the name must exactly match the resourceClasses config to match the token with the correct configuration.


Step 3 - Apply the secret

We can now apply the container-runner-secret.yaml

$ kubectl apply -f container-runner-secret.yaml


Step 4 - Update your values.yaml

Once this secret is available in the namespace, we can utilize it in our values.yaml

# values.yaml

customSecret: <Secret_Name_From_Step_2>


Step 5 - Upgrade you deployment

With the secret being present in Kubernetes and your values.yaml referencing it, it is time to deploy it to your namespace.

We can run the following command to redeploy using our new values.yaml

$ helm upgrade container-agent container-agent/container-agent -n <namespace> -f values.yaml


Additional Resources


Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.