awesome-gitops
kubernetes-external-secrets
awesome-gitops | kubernetes-external-secrets | |
---|---|---|
4 | 26 | |
1,404 | 2,584 | |
1.4% | - | |
2.7 | 7.7 | |
6 months ago | almost 2 years ago | |
JavaScript | ||
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-gitops
-
Creators of Argo CD Release New OSS Project Kargo for Next Gen Gitops
https://github.com/weaveworks/awesome-gitops but also, like, a shell script?
-
How to apply security at the source using GitOps
There are books (The Path to GitOps, GitOps and Kubernetes or GitOps Cloud-native Continuous Deployment), whitepapers, and more blog posts than we can manage to count but let us elaborate on the GitOps purpose by taking a quick look on how things evolved in the last few years.
-
Automation assistants: GitOps tools in comparison
Websites such as awesome-gitops, which was launched by Weaveworks, or gitops.tech, which was put together by INNOQ employees, provide an introductory overview of the available tools. When you take a closer look, you will see that the listed tools can be used to perform a wide variety of tasks related to implementing GitOps, and of course they also differ from one another in terms of their adoption, maturity, and how actively they are maintained. This article identifies three categories from the various use cases: Tools for Kubernetes, supplementary tools, and tools close to infrastructure. In addition, we compiled a table that summarizes the tools and their properties. The tables also contain various Git and GitHub-based metrics (current as of February 2021) that allow you to better assess their adoption, maturity, and how actively they are maintained.
-
The Decline of Heroku
huge fan of k8s. drop what you're doing & use a cross-system object-storage/"apiserver" & control-loops to automate everything; embrace desired state management & thank me latter. but, Heroku &al have a lot of value left.
there's just not that many folk trying to tame deploys on k8s via gitops. flux2 is the rage, it's all over the alpha geek's efforts[1], but it's usually used by someone carefully authoring a fairly complex Helm file, then building out a significant Flux2 HelmRelease object (ex: [2]).
there's a bunch of other tools[3], & i'm frankly not familiar enough. but this idea of having a bunch of source that can deploy itself, simply, is still extremely rare even among the alpha-geek #gitops types. i'm sure some of these tools better match the simplicity of the Heroku model, corresponding branches to environments, which makes so so much sense, but so far i feel like such attempts are still basically unknown.
heroku's really simmered it down to something that made extremely natural sense. huge props to that. too too much of this effort had to go into creating buildpacks & supporting language environments very very carefully very actively, that ability to stealth-containerize an app & not even notice is so much of the special sauce that makes this a hard, hard & eternal problem (because langauges/envs keep changing). there's still a lot of ease of use to Heroku that's potentially will be underrated and/or lost by the oncoming generations. i have high respect for how operateable Heroku is.
[1] https://github.com/k8s-at-home/awesome-home-kubernetes
[2] https://github.com/onedr0p/home-cluster/blob/main/cluster/ap...
[3] https://github.com/weaveworks/awesome-gitops#tools
kubernetes-external-secrets
- aws secrets with eks ,Teffarorm & helm
-
Securing Kubernetes Secrets with HashiCorp Vault
$ helm repo add external-secrets https://external-secrets.github.io/kubernetes-external-secrets/ "external-secrets" has been added to your repositories $ helm install k8s-external-secrets external-secrets/kubernetes-external-secrets -f values.yaml NAME: k8s-external-secrets LAST DEPLOYED: Wed Mar 23 22:50:35 2022 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The kubernetes external secrets has been installed. Check its status by running: $ kubectl --namespace default get pods -l "app.kubernetes.io/name=kubernetes-external-secrets,app.kubernetes.io/instance=k8s-external-secrets" Visit https://github.com/external-secrets/kubernetes-external-secrets for instructions on how to use kubernetes external secrets
-
SimpleSecrets: A self-hosted K8S Secrets Manager Operator
I’m reading above that you weren’t aware of sealed-secrets. So I guess that you are not familiar with ExternalSecrets secrets neither. Very solid project
- Managing json config files for apps deployed to k8s at scale
-
1Password Has Raised $620M
They probably should merge with https://github.com/external-secrets/kubernetes-external-secr...
- Recommended way of securing AWS secret key and id in K8s secrets for pulling images from AWS ECR
-
Do you have a TODO checklist when creating clusters from scratch?
I do not recommend vault if you are not experienced. It is a heavy infra to manage. I suggest looking into https://github.com/external-secrets/kubernetes-external-secrets and selecting the tool offered by your cloud providers.
-
Secrets usage
This is where things like the vault agent sidecar or projects like external secrets come in and allow you to inject / sync your secrets backend and your Kubernetes workloads :)
-
Cloud password managements
Depending on what platform you are on, you could use the AWS SDK or a tool like external-secrets (for Kubernetes).
-
Kuberentes CI/CD
We don't keep anything sensitive inside of Helm charts. We use AWS Secrets Manager and external-secrets
What are some alternatives?
atlantis - Terraform Pull Request Automation
argocd-vault-plugin - An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
awesome-home-kubernetes - ⚠️ Deprecated: Awesome projects involving running Kubernetes at home
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
awx - AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
argocd-operator - A Kubernetes operator for managing Argo CD clusters.
Bitwarden - The core infrastructure backend (API, database, Docker, etc).
werf - A solution for implementing efficient and consistent software delivery to Kubernetes facilitating best practices.
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
home-ops - Wife approved HomeOps driven by Kubernetes and GitOps using Flux
Reloader - A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!