Initial public release v1.0.7

- Streamlined README focused on quick start - Complete examples for all major use cases - Decision tree for choosing right pattern - Comprehensive troubleshooting guide
2025-10-26 14:53:01 +01:00
commit 1bc8aadb85
9 changed files with 3485 additions and 0 deletions
--- a/examples/example-1-no-rotation.yaml
+++ b/examples/example-1-no-rotation.yaml
@@ -0,0 +1,122 @@
+# Example 1: Simple API Key (No Rotation)
+#
+# Use case: Long-lived API key that doesn't need rotation
+# 
+# Characteristics:
+# - Generated once
+# - No rotation schedule
+# - No Reloader needed (static secret)
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: api-service
+
+---
+apiVersion: secrets.c5ai.ch/v1alpha1
+kind: ManagedSecret
+metadata:
+  name: api-keys
+  namespace: api-service
+spec:
+  vault:
+    address: "http://openbao.openbao.svc.cluster.local:8200"
+    authMethod: kubernetes
+    role: managedsecret-operator
+    kvVersion: v2
+    mount: secret
+    path: api/service/keys
+  
+  fields:
+  # Static service identifier
+  - name: service-id
+    type: static
+    value: "api-service-prod"
+  
+  # Generated API key (long, alphanumeric)
+  - name: api-key
+    type: generated
+    generator:
+      type: password
+      length: 64
+      minDigits: 10
+      minSymbols: 0
+      minLowercase: 20
+      minUppercase: 20
+      symbolCharacters: ""  # No symbols, just alphanumeric
+      allowRepeat: false
+  
+  # Static API endpoint
+  - name: api-endpoint
+    type: static
+    value: "https://api.external-service.com/v1"
+  
+  destination:
+    name: api-secret
+    type: Opaque
+  
+  # No rotation - generate once and keep
+  rotation:
+    enabled: false
+
+---
+# Example Deployment using the API key
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-consumer
+  namespace: api-service
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: api-consumer
+  template:
+    metadata:
+      labels:
+        app: api-consumer
+      # No Reloader annotation needed - secret doesn't change
+    spec:
+      containers:
+      - name: app
+        image: your-app:latest
+        env:
+        - name: API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: api-secret
+              key: api-key
+        - name: API_ENDPOINT
+          valueFrom:
+            secretKeyRef:
+              name: api-secret
+              key: api-endpoint
+        - name: SERVICE_ID
+          valueFrom:
+            secretKeyRef:
+              name: api-secret
+              key: service-id
+
+---
+# Example: Using the secret in a ConfigMap template
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: api-config
+  namespace: api-service
+data:
+  config.yaml: |
+    service:
+      name: api-consumer
+      # API credentials loaded from secret via environment variables
+      # See deployment above for how to inject API_KEY
+    
+    endpoints:
+      external:
+        timeout: 30s
+        retry: 3
+
+---
+# How to retrieve the API key for external use
+# kubectl get secret api-secret -n api-service -o jsonpath='{.data.api-key}' | base64 -d