This Gist shows you how to make use of SealedSecrets in OpenFaaS Cloud. Your secrets can be encrypted with the public key of OpenFaaS Cloud meaning you can commit them to your public or private Git repo. Once deployed the cluster will decrypt them and attach them to your function(s).
- Before starting you must install the kubeseal binary using the OpenFaaS Cloud CLI extensions:
CLI documentation self-hosted configuration
Here is an example repo which is working end-to-end: https://github.com/alexellis/my-fn
- Create a new repo under your account
username - Create function
faas new --lang go <name-of-function> --prefix=username - Download
pub-cert.pemfrom here, you can commit the cert into your repo if you want because it is public. - Update your faas-cli to get the new
cloudsub-command - Create
secrets.ymlwithfaas-cli cloud seal- https://github.com/openfaas/faas-cli#openfaas-cloud-extensions - make sure you prefix the secret with your GitHub username i.e.alexellis-hallo- the suffix is the repo name (not the function name). Inside your function consume the secret passed in to--literal=key=valuefrom/var/openfaas/secrets/key. i.e.faas-cli cloud seal --name alexellis-poker-face --literal key=value - Reference the secret in
stack.ymlwithout your username this time i.e.- hallo- note this is the name of the repo without your username prefixed. The prefix will be added automatically. - Install the GitHub App if you haven't done this already.
- Do a Git push to trigger a build
- Await the success status on the commit then click it to follow through to the live link
View your overview page at: http://system.o6s.io/dashboard/username
If you get any of the instructions wrong, this will not work - so pay attention and look at the example again if you need to.
Few typo ..
pub-cert.ymlshould bepub-cert.pemand--from-literal=key=valueshould be--literal=key=value.