Hey dude, you really helped me with setting this up, even better than AWS's Containers from the Couch. You'll probably never see this, but I really appreciate it!
Another fantastic tutorial! You do such a great job at simplifying key concepts which makes the topic so much easier to understand. I currently don't work with K8s but I managed to follow every single minute of this video and learn something!
Yes. k8s secrets are best avoided, for the reason you state, among others. Encrypted volumes (e.g., ASCP) are preferred in terms of security. But currently ESO is easier to use with AWS parameter store and secret manager than ASCP, in many cases, so it's a tradeoff.
Hey there. You're not forced to use sealed secrets. It's just one approach I recommend as opposed to having an unecrypted secret in your cluster. Also, having a sealed secret means you can store it in a git repo (for gitops deployments) as opposed to manually creating the secret for every environment. Some teams still opt for the latter (the manual approach). You can also use mozilla SOPS or helm secrets as an alternative to sealed secrets. Another approach is to use an OIDC token with the secret that the ESO secret store references.
Hey dude, you really helped me with setting this up, even better than AWS's Containers from the Couch. You'll probably never see this, but I really appreciate it!
Another fantastic tutorial! You do such a great job at simplifying key concepts which makes the topic so much easier to understand. I currently don't work with K8s but I managed to follow every single minute of this video and learn something!
great tutorial! I think external secrets fits better when you have to manage many kubernetes clusters
and using LENS can I still see the secrets or could it no longer be done?
Yes. k8s secrets are best avoided, for the reason you state, among others. Encrypted volumes (e.g., ASCP) are preferred in terms of security. But currently ESO is easier to use with AWS parameter store and secret manager than ASCP, in many cases, so it's a tradeoff.
So if you want to use ESO you need to store the credentials in your cluster to retrieve them? Which forces you to use sealed secrets?
Hey there. You're not forced to use sealed secrets. It's just one approach I recommend as opposed to having an unecrypted secret in your cluster. Also, having a sealed secret means you can store it in a git repo (for gitops deployments) as opposed to manually creating the secret for every environment. Some teams still opt for the latter (the manual approach).
You can also use mozilla SOPS or helm secrets as an alternative to sealed secrets.
Another approach is to use an OIDC token with the secret that the ESO secret store references.
IRSA ftw?
awesome!