Integration with kustomize

[davinkevin]

After some (laborious) investigation, I conclude I can't use this very good plugin with a tool like kustomize because the standard generator doesn't allow to add some extra "comments" required by kubesec.

I can choose to not use the secret-generator from kustomize, but I lose auto rolling of deployment attached to a secret and the capacity to have immutable secrets in K8S.

Do you think an integration inside kustomize with an extension of the current secretGenerator (https://github.com/kubernetes-sigs/kustomize/tree/master/plugin/builtin/secretgenerator) or something else is possible? Would be great to have access to this 👍.

Thanks

/cc @Neonox31

[confiq]

I started to use kubesec before kustomize removed SecretGenerator.
So as a workaround today, on each deploy, I generate secrets using kubesec and then apply it.

This would be a real boost for kubesec if this could be part of kustomize !

[devstein]

I created a kustomize plugin for SOPS if anyone is searching for a solution with a kustomize integration or looking for a template for creating a kubesec kustomize plugin!

[nbendafi-yseop]

If anyone is interested in testing kubesec integration with kustomize: have a look at https://github.com/yseop/kustomize-plugins/pull/1. It only supports PGP decryption, but can serve as basic for deeper integration.
Reviews and comments are very welcome.

[marzelwidmer]

I search also a kustomize kubesec integration. this will be great. fit for our setup.