How to use customSecret on Container Runner

Overview

You may wish to contain your auth_token for Container Runner in a Kubernetes Secret.

This is possible via the customSecret parameter in your values.yaml

Please note for the container-agent pod to access this secret, you will need to have the correct Role and Rolebinding permissions set. If you utilize the built-in Service Role in your values.yaml to deploy the runner, you will not need to do anything. If you are using a custom Service Account, you will need to make sure it has the correct permissions.

 

How to configure a customSecret on Container Runner

Step 1 - Base64 encode your auth_token

When utilizing a Kubernetes secret, the value needs to be base64 encoded like so:

$ echo <runner_token_goes_here> | base64 -o w 

This will output your token in base64 without new lines for the next step. 

 

Step 2 - Create the secret

We will need to create a Kubernetes secret file. 

# container-runner-secret.yaml

apiVersion: v1
kind: Secret
metadata:
name: <name_of_your_secret>
namespace: <namespace_container_runner_is_deployed_to>
data:
<namespace>.<runner_name>: <base64_encoded_token>

Due to Kubernetes' secret key character constraints, the / separating the namespace and resource class name is replaced with a . character. Other than this, the name must exactly match the resourceClasses config to match the token with the correct configuration.

 

Step 3 - Apply the secret

We can now apply the container-runner-secret.yaml

$ kubectl apply -f container-runner-secret.yaml

 

Step 4 - Update your values.yaml

Once this secret is available in the namespace, we can utilize it in our values.yaml

# values.yaml

agent:
resourceClasses:
<CircleCI_Namespace>/<Container_Runner_Name>:
customSecret: <Secret_Name_From_Step_2>

 

Step 5 - Upgrade you deployment

With the secret being present in Kubernetes and your values.yaml referencing it, it is time to deploy it to your namespace.

We can run the following command to redeploy using our new values.yaml

$ helm upgrade container-agent container-agent/container-agent -n <namespace> -f values.yaml

 

Additional Resources

 

 
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.