Streamline Your Kubernetes Secrets with External Secrets Operator (CNCFMinutes25)
Вставка
- Опубліковано 26 лис 2024
- In this video, I will be explaining how to create and use Kubernetes secrets using external key management systems via the external secrets operator. The external secrets operator is a CNCF sandbox project that can help you manage secrets from many providers, including Hashicorp Vault, which is used in the demo for this video. During the tutorial, I will discuss key components such as secretstore and externalsecret, and demonstrate how to push a secret from Kubernetes to the secret store. If you're interested in learning more about managing secrets in Kubernetes, be sure to watch this video!
Git repository used in the demo - github.com/sai...
Thank you to all the members for supporting the channel:
Komodor(Org Member) - hubs.ly/Q018ptnS0
Instruqt(Org member) - bit.ly/3SlTrpC
Sysdig(Org Member) - sysdig.com/
SlimAI(PlatinumMember)- slim.ai/
►►►Connect with me ►►►
► Kubesimplify: kubesimplify.c...
► Newsletter: saiyampathak.c...
► Discord: saiyampathak.c...
► Twitch: saiyampathak.c...
► UA-cam: saiyampathak.c...
► GitHub: github.com/sai...
► LinkedIn: / saiyampathak
► Website: / saiyampathak
► Instagram: / saiyampathak
► / saiyampathak
Hi sir , I need a solution for the infra setup I'm using.
I'm using external secrets operator for secrets management
Consider I'm dynamically creating new envs for testing so that they are dynamically creating external secrets and kubernetes secrets for the service (frontend or backend)which will get provisioned .
Here in my AWS secrets manager I have templating in the values of keys.
Example:- db_name : tf-{{ ENV_NAME }}-{{ BASE_DOMAIN }}
So while creating kubernetes secret from external secrets I want to dynamically replace this {{ ENV_NAME }} and {{ BASE_DOMAIN }} with the namespace that I'm dynamically creating for the new env that I'm provisioning and xyz respectively.
How can I include templating logic in external secret file so that it will Directly create a templated kubernetes secret file .
Very well explained! Thank you.
Very good explanation
Thanks for the video! I'm seeing that you are having some failures with editing the vault-internal service that you cut from the video. I'm also having this error following along with the video. What did you do behind the scenes to make that work? Thanks
Did you try from the Repo ?
You see it in the video. I got the same error. You have to delete the lines with clusterIP and change the type to NodePort. Kubernetes does not let you and say it is saved to a file. Then like in the video kubectl delete -f file and kubectl apply -f file. And then you will have the NodePort.
HI, Thanks for this video, is this the same as csi -secret store provider driver in one of your other videos ?
No this is different, if you see the demo portion, it shows how this one works.
I have a query. with this method, still the secrets can be decoded at the kubernetes end right? So is this secure enough?
This just an mechanism to fetch secrets from vault, / aws secret manager and then update it to kubernetes secrets. it will base64 encoded, as long as no one has access to your cluster and aws account, application is safe
Great video,
Nice 👍
gr888 session