-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
External secrets operator #612
Conversation
cf3c304
to
0ab9979
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bobdoah thank for the PR. Its looking good. While deploying the helm-addon is a good first step, a couple of additional items need to be addressed.
- Need a non-trivial example preferably showing use of both AWS SSM Parameter Store and Secrets Manager.
- For these two external stores, we need to provide a way for the platform team persona to define authentication mechanism. This can be done by attaching an IRSA role to the pod. This method is described here. Configuring IRSA in the addon can be optional if customers are using AWS SSM or SM.
I do actually have an example, that I used to test this. I extended the |
Added an example @askulkarni2 |
@askulkarni2 any chance you could review this again? |
f576091
to
508d3e1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bobdoah apologies for the delay and thank you for your patience. A few minor changes based on the recent awscli
update and merge confict, otherwise this is looking good to go.
0ac79be
to
dc1d806
Compare
Thanks @askulkarni2. I've applied the requested fixes. I also noticed another example had the same |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The External Secrets Operator integrates external secrets management systems with Kubernetes. The operator reads secrets from these systems and injects them as values into Kubernetes Secrets.
Allow the external-secrets operator to be enabled from the main addon module.
Allow the external-secrets operator to be enabled from the main addon module.
Add an example, using IRSA for authentication with AWS.
dc1d806
to
99bc325
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for this awesome PR!
Amazing, thanks for merging! |
What does this PR do?
Adds the External Secrets operator as an addon
Motivation
The External Secrets operator integrates external secrets management services with a Kubernetes cluster. It's more flexible than the Secret Store CSI driver. It transparently handles secret rotation, as secrets are kept synchronised. By using Kubernetes secrets, it's easy to map secrets as environment variables.
More
pre-commit run -a
with this PRNote: Not all the PRs required examples and docs except a new pattern or add-on added.
For Moderators
Additional Notes